Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 03 May 2024
Black Arrow Cyber Threat Intelligence Briefing 03 May 2024:
-Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities
-91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit
-BEC and Fund Transfer Fraud Top Insurance Claims
-Correlating Cyber Investments with Business Outcomes
-Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link
-MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer
-Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties
-Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats
-95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right
-Human Factor a Significant Risk for Small and Medium-Sized Businesses.
-Microsoft CEO Says it is Putting Security Above All Else in Major Refocus
-Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities
Attackers continue to aggressively target small and mid-size businesses using specific high-profile vulnerabilities dating back a decade or more, network telemetry shows. Findings have shown that this is due to these vulnerabilities featuring in a wide range of products. Due to their prevalence, they can often become missed by organisations conducting patch management and therefore leave the organisation open.
For this reason it is critical that all organisations, including smaller organisations, have internal as well as external vulnerability scanning. You might believe your systems are patched up to date but there is no way to confirm without scanning , or to know which patches might have been missed.
Sources: [Infosecurity Magazine]
91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit
Ransomware attacks saw a significant surge in 2023, following a dip in 2022. The number of victims increased by 66% from 2022 to 2023, with 91% of those affected paying at least one ransom. 58% of organisations have been targeted six times or more.
The Sophos State of Ransomware 2023 report highlighted ransom payments rose by 500%; nearly two-thirds exceeded $1m or more, with an average payment of $2m. Furthermore, 30% of the demands were for over $5m.
In the US, 18% of incidents led to litigation, with 123 lawsuits filed in 2023 and 355 over five years. Data breaches, affecting 283.3 million records, primarily triggered these lawsuits, especially in healthcare and finance sectors. The resolution rate is 59%, with the highest settlement at $8.7m. Regulatory fines added nearly $10m to the financial impact. These figures underscore the significant financial implications of ransomware attacks and the urgent need for robust cyber security measures.
Sources: [ZD Net] [Infosecurity Magazine] [Security Magazine] [PrNewsWire] [Infosecurity Magazine]
BEC and Fund Transfer Fraud Top Insurance Claims
Cyber Insurer Coalition's 2024 Cyber Claims Report highlights a significant trend in cyber security threats, identifying email-based fraud as the predominant cause of insurance claims in 2023, accounting for 53% of all claims. Business email compromise (BEC) and funds transfer fraud (FTF) topped the list, contributing to 28% of claims and increasing claim amounts by 24% to an average loss exceeding $278,000. In contrast, ransomware, while less frequent at 19% of claims, also saw a rise in both frequency and severity, with average losses climbing to over $263,000. The report also notes a 13% year-on-year surge in overall claims, with substantial losses tied to compromised network security devices and a notable vulnerability in organisations using exposed remote desktop protocols.
Source: [Infosecurity Magazine]
Correlating Cyber Investments with Business Outcomes
The US Securities and Exchange Commission (SEC) has implemented stringent new rules compelling organisations to report significant cyber incidents within four days and to annually disclose details concerning their cyber security risk management, strategy, and governance. These mandates are seen as giving “more teeth to the idea that cyber security is a business problem” and “bringing an element of cyber security to the boardroom” according to cyber security solutions provider SecurityGate. Highlighted in the "Cybersecurity Insights" podcast, experts argue for simplifying cyber security strategies, advocating sustained resource allocation over reactive measures, and emphasising the importance of training over expensive solutions. These steps are deemed crucial for enhancing organisational resilience and security in a landscape where cyber threats are increasingly sophisticated and pervasive.
Source: [InfoRisk Today]
Verizon: Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link
Verizon has released the findings of its 17th Annual Data Breach Investigations Report, which showed security incidents doubled year over year in 2023 to a record high 30,458 security events and 10,626 confirmed breaches. Some of the key takeaways from the 100-page report include zero-day attacks on unpatched systems and devices rising 180% in 2023, most breaches (68%) involving a non-malicious human element and the median time for users to fall for phishing emails falling just south of 60 seconds. In its first inclusion as a separate metric, supply chain attacks were found to contribute to 15% of all attacks.
Sources: [MSSP Alert] [Verizon]
MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer
Verisk’s Property Claim Services (PCS) has recently identified the MOVEit and Change Healthcare cyber attacks as significant Cyber Catastrophe Loss Events. These designations are part of PCS’s Global Cyber solution, which tracks cyber incidents and their potential impact on the insurance market. The designation indicates that each attack is anticipated to result in insurance industry losses exceeding USD 250 million.
The MOVEit attack, linked to the Russian-affiliated group Cl0p, compromised over 2,700 organisations globally, affecting up to 90 million individuals. The Change Healthcare attack, attributed to the ALPHV/Blackcat gang, notably disrupted UnitedHealth Group’s operations, with projected costs and lost revenue totalling up to USD 1.6 billion. These designations highlight the escalating scale and financial impact of cyber incidents on global markets.
Source: [Reinsurance News]
Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties
Nearly every organisation is part of a supply chain, where a significant amount of data is transferred. When data leaves your infrastructure, its security depends on the third party. The risks of a cyber incident increases as the supply chain increases.
Organisations need to mitigate the risks that their third party brings. This requires an understanding of the supply chain actors, and performing cyber security assessments of the most critical ones. The objective is to ensure that your organisation is satisfied with the third party’s security controls, or to work together to remediate any gaps.
Source: [Help Net Security]
Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats
In the era of hybrid work, remote desktop tools have become crucial yet vulnerable points within corporate networks, attracting significant cyber criminal attention. A study by Barracuda Networks underscores the challenges of securing these tools. Virtual Network Computing (VNC) is particularly susceptible; it is targeted in 98% of these types of attacks due to its use of multiple, sometimes unsecured ports. VNC attacks predominantly exploit weak password practices, notably through brute force methods. Conversely, Remote Desktop Protocol (RDP) accounts for about 1.6% of these attacks but is favoured for more extensive network breaches, often involving ransomware or crypto mining. The study highlights a pressing need for robust endpoint management and heightened security measures to mitigate these threats.
Source: [ITPro]
95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right
A recent report found that 95% of companies have altered their cyber security strategies in the last twelve months. This was driven by keeping pace with the shifting regulatory landscape (98%), the need to meet customer expectations for data protection and privacy (89%), and the rise of AI-driven threats and solutions (65%). Almost half (44%) of non-security executives do not understand the regulatory requirements their organisation must adhere to.
When it came to reporting, the study found that security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact. It is evident that there is a disconnect between security and non-security professionals when it comes to the business strategy.
Sources: [Business Wire] [Security Magazine]
Human Factor a Significant Risk for Small and Medium-Sized Businesses.
A survey of business and IT security in small and medium-sized businesses (SMBs) conducted by LastPass found that roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. The survey found that password management is critically important to cyber security, with nearly half (47%) reporting recent breaches due to compromised passwords.
Sources: [Beta News] [Business Wire]
Microsoft CEO Says it is Putting Security Above All Else in Major Refocus
Following a series of high-profile attacks in recent months and a report by the US Cyber Safety Review Board (CSRB), Microsoft’s CEO has revealed it will now focus its efforts on an increase in the commitment to security. Investigating a summer 2023 attack, Microsoft was deemed to have made a series of “avoidable errors”, including the failure to detect several compromises, the CSRB said.
Sources: [TechRadar]
Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams
A recent discussion on workplace errors highlights the significant repercussions of cyber breaches compared to typical office mistakes. In the UK, nearly a third of businesses face cyber attacks weekly, with each breach costing approximately £4,000. However, a concerning trend is that 41% of these breaches are not reported to internal leadership, often due to fears among staff about the consequences of admitting faults. A three-pronged approach has been suggested to foster a blame-free culture: providing tailored and evolving cyber training, establishing safe zones for admitting mistakes, and implementing robust recovery plans. This approach not only prepares employees to handle potential breaches more effectively but also encourages them to report incidents promptly, reducing the overall impact and aiding quicker recovery. Such strategies are essential for maintaining resilience against increasingly sophisticated cyber threats.
Source: [Minute Hack]
Governance, Risk and Compliance
Verizon 2024 Data Breach Investigations Report: 5 Takeaways | MSSP Alert
Verizon DBIR: Vulnerability exploitation in breaches up 180% | TechTarget
Verizon DBIR: Basic Security Gaffes Cause Breach Surge (darkreading.com)
95% of Organisations Revamped Their Cyber Security Strategies in the Last Year | Business Wire
95% of organisations adjusted cyber security strategies this past year | Security Magazine
1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)
Are Enterprises Overconfident About Cyber Security Readiness? (govinfosecurity.com)
How CISOs Can Contend with Increasing Scrutiny from Regulators (informationweek.com)
Correlating Cyber Investments with Business Outcomes (inforisktoday.com)
Ending The Culture of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack
97% of security leaders have increased SaaS security budgets - Help Net Security
The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online
Should Cyber Security Leadership Finally be Professionalized? - SecurityWeek
What needs to change to overcome nonchalant security approaches | TechRadar
Agile by Design: Cyber Security at the Heart of Transformation (noeticcyber.com)
Threats
Ransomware, Extortion and Destructive Attacks
Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)
91% of ransomware victims paid at least one ransom in the past year, survey finds | ZDNET
1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)
There was an 81% year-over-year increase in ransomware attacks | Security Magazine
Ransom recovery costs reach $2.73 million - Help Net Security
Cactus Ransomware Group Targets Qlik Sense Servers | Decipher (duo.com)
How AI and data protection intersect in today's threat era - SiliconANGLE
Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly
Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)
How Businesses Should Grapple With Ransomware Threats (eetimes.eu)
Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)
Ransomware Victims
Change Healthcare breached via Citrix portal with no MFA | TechTarget
Almost all US hospitals took financial hit from Change hack, AHA says | Reuters
Another major pharmacy chain shuts following possible cyber attack | TechRadar
Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)
Cyber attack to cost Western Isles Council half a million pounds (holyrood.com)
LockBit publishes confidential data stolen from Cannes hospital in France (therecord.media)
French hospital CHC-SV refuses to pay LockBit extortion demand (bleepingcomputer.com)
'Cybersecurity incident' closes London Drugs' pharmacies • The Register
Phishing & Email Based Attacks
AI-driven phishing attacks deceive even the most aware users - Help Net Security
US Post Office phishing sites get as much traffic as the real one (bleepingcomputer.com)
If you receive a Shein mystery box, do not open it | TechRadar
Why the automotive sector is a target for email-based cyber attacks - Help Net Security
BEC
BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering
FBI warns of fake verification schemes targeting dating app users (bleepingcomputer.com)
A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts | PCMag
Artificial Intelligence
AI-driven phishing attacks deceive even the most aware users - Help Net Security
AI is creating a new generation of cyber attacks - Help Net Security
Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)
Businesses turn to generative AI but many don't have policies on it (betanews.com)
How AI and data protection intersect in today's threat era - SiliconANGLE
Understanding emerging AI and data privacy regulations - Help Net Security
To understand the risks posed by AI, follow the money – O’Reilly (oreilly.com)
From Risk to Resilience: Managing Data Security in AI-Driven Enterprises | Inc.com
Cyber security experts face AI risks, deepfakes, burnout | Fortune
US Government Releases New AI Security Guidelines for Critical Infrastructure (thehackernews.com)
Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues - SecurityWeek
2FA/MFA
Malware
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)
New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security
Guarding the Gates: The Growing Abundance of Linux Malware - VMRay
Bogus npm Packages Used to Trick Software Developers into Installing Malware (thehackernews.com)
Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (thehackernews.com)
ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (thehackernews.com)
New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)
Mobile
Powerful 'Brokewell' Android Trojan Allows Attackers to Takeover Devices - SecurityWeek
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (thehackernews.com)
New Wpeeper Android malware hides behind hacked WordPress sites (bleepingcomputer.com)
Microsoft warns of "Dirty Stream" attack impacting Android apps (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)
A glaring Android TV security flaw might put your Gmail at risk | Android Central
Data Breaches/Leaks
PSNI data breach: Almost 5,000 officers and staff in legal action - BBC News
Kaiser Permanente data breach may have impacted 13.4 million patients (securityaffairs.com)
FBCS data breach impacted 2M individuals (securityaffairs.com)
States shares health debt data of 5,000 in an email | Guernsey Press
Qantas app exposed sensitive traveller details to random users (bleepingcomputer.com)
Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach (bleepingcomputer.com)
Australian pubgoers' personal info posted to leak site • The Register
Monash Health data breach exposes sexual assault and family violence claims (smh.com.au)
Panda Restaurant Group disclosed a data breach (securityaffairs.com)
Organised Crime & Criminal Actors
AI is creating a new generation of cyber attacks - Help Net Security
Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)
Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)
Insider Risk and Insider Threats
How insider threats can cause serious security breaches - Help Net Security
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)
Insurance
Cyber facility in capacity raise as risk severity grows (emergingrisks.co.uk)
Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)
Supply Chain and Third Parties
Cloud/SaaS
New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security
97% of security leaders have increased SaaS security budgets - Help Net Security
Encryption
UK's Investigatory Powers Bill approved to become law • The Register
Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Change Healthcare breached via Citrix portal with no MFA | TechTarget
Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)
NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)
New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)
How to use a YubiKey to log into Windows and macOS (xda-developers.com)
Social Media
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek
Facebook at 20: Contemplating the Cost of Privacy (darkreading.com)
Training, Education and Awareness
Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack
Everyone's an Expert: How to Empower Your Employees for Cyber Security Success (thehackernews.com)
Regulations, Fines and Legislation
UK's Investigatory Powers Bill approved to become law • The Register
UK rolls out new consumer safeguards for smart devices (betanews.com)
FCC fines major wireless carriers over illegal location data sharing - Help Net Security
Understanding emerging AI and data privacy regulations - Help Net Security
CISA's incident reporting requirements go too far, trade groups and lawmakers say | CyberScoop
Data Protection
Careers, Working in Cyber and Information Security
Cyber security experts face AI risks, deepfakes, burnout | Fortune
The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online
Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says | CyberScoop
Cyber Security Degrees, Are They Really Worth It? | HackerNoon
Beyond the Buzz: Rethinking Alcohol as a Cyber Security Bonding Ritual - SecurityWeek
Law Enforcement Action and Take Downs
Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)
Police shuts down 12 fraud call centres, arrests 21 suspects (bleepingcomputer.com)
Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)
CEO who sold fake Cisco devices to US military gets 6 years in prison (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)
Philippines Pummelled by Cyber Attacks & Misinformation Tied to China (darkreading.com)
Germany grapples with wave of spying threats from Russia and China - BBC News
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek
Think tank: Tech companies spread China's propaganda • The Register
China's attacks on critical infrastructure ‘tip of the iceberg' | SC Media (scmagazine.com)
Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek
Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)
Chinese government website security has big problems • The Register
Espionage breaches account for 25% in APAC, report reveals (securitybrief.co.nz)
Russia
Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)
Russian Hackers Target Industrial Systems in North America, Europe - SecurityWeek
Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say | CyberScoop
Germany grapples with wave of spying threats from Russia and China - BBC News
Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)
Germany Warns Of Consequences For Alleged Russian Cyber Attack (rferl.org)
Hackers Claim to Have Infiltrated Belarus’ Main Security Service - SecurityWeek
Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyber Attack (darkreading.com)
Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)
Two British men charged with helping Russian intelligence - BBC News
Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)
Iran
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
When is One Vulnerability Scanner Not Enough? (thehackernews.com)
Vulnerability exploitation nearly tripled in 2023 (telecoms.com)
Vulnerabilities
Cisco devices again targeted by state-linked threat campaign - TechCentral.ie
Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)
1,200+ Vulnerabilities Detected In Microsoft Products In 2023 (gbhackers.com)
Most attacks affecting SMBs target five older vulnerabilities | CSO Online
Severe Flaws Disclosed in Brocade SANnav SAN Management Software (thehackernews.com)
UnitedHealth hackers took advantage of Citrix vulnerability to break in, CEO says (yahoo.com)
Palo Alto Updates Remediation for Max-Critical Firewall Bug (darkreading.com)
WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot
Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (thehackernews.com)
Grafana Tool Vulnerability Let Attackers Inject SQL Queries (gbhackers.com)
Microsoft says April Windows updates break VPN connections (bleepingcomputer.com)
NTLM auth traffic spikes after Windows Server patch • The Register
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)
Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (thehackernews.com)
Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)
1,400 GitLab Servers Impacted by Exploited Vulnerability - SecurityWeek
Tools and Controls
Why remote desktop tools are facing an onslaught of cyber threats | ITPro
Correlating Cyber Investments With Business Outcomes (inforisktoday.com)
When is One Vulnerability Scanner Not Enough? (thehackernews.com)
Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar
Can automating security relieve CISO pressure? (techinformed.com)
10 Critical Endpoint Security Tips You Should Know (thehackernews.com)
Businesses turn to generative AI but many don't have policies on it (betanews.com)
Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack
Organisations Struggle with Zero Trust: Gartner | MSSP Alert
Tech Tip: Why Haven't You Set Up DMARC Yet? (darkreading.com)
97% of security leaders have increased SaaS security budgets - Help Net Security
DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)
How to Red Team GenAI: Challenges, Best Practices, and Learnings (darkreading.com)
Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek
Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)
Why LLMs are predicting the future of compliance and risk management | VentureBeat
Other News
Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar
A Season Of Health Breaches, A Season Of Changes (forbes.com)
Bank of England tells payment firms to step up disruption mitigation plans (yahoo.com)
NCSC updates warning over hacktivist threat to CNI | Computer Weekly
The EU's Strategy for a Cyber Secure Digital Single Market | UpGuard
To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware (darkreading.com)
During National Small Business Week, Take Steps to Secure Your Business | CISA
At Microsoft, years of security debt come crashing down | Cybersecurity Dive
Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 26 April 2024
Black Arrow Cyber Threat Intelligence Briefing 26 April 2024:
-Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox
-Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery
-Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy
-Ransomware Double-Dip - Re-Victimisation in Cyber Extortion
-AI is a Major Threat and Many Financial Organisations Are Not Doing Enough to Fight the Threat
-6 out of 10 Businesses Struggle to Manage Cyber Risk
-'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs
-Penetration Testing Infrequency Leaves Security Gaps
-Bank Prohibited from Opening New Accounts After Regulators Lose Patience With Poor Cyber Security Governance
-The Psychological Impact of Phishing Attacks on Your Employees
-Where Hackers Find Your Weak Spots
-The Role of Threat Intelligence in Financial Data Protection
-Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox
The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.
Sources: [IT Security Guru] [Emerging Risks]
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery
The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.
According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.
Sources: [The Hacker News] [Huntress] [SC Media]
Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy
Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.
Source: [Forbes]
Ransomware Double-Dip: Re-Victimisation in Cyber Extortion
A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.
Sources: [Security Magazine] [The Hacker News] [SC Media]
AI is a Major Threat and Many Financial Organisations Are Not Doing Enough
Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.
Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.
Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]
6 out of 10 Businesses Struggle to Manage Cyber Risk
A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.
Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.
Sources: [PR Newswire] [Beta News]
'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs
Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.
Source: [Security Brief] [Tripwire]
Penetration Testing Infrequency Leaves Security Gaps
Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.
The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.
Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.
Source: [MSSP Alert]
Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance
A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.
Source: [The Register]
The Psychological Impact of Phishing Attacks on Your Employees
Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.
Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.
Source: [Beta News]
Where Hackers Find Your Weak Spots
A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.
Source: [Dark Reading]
The Role of Threat Intelligence in Financial Data Protection
The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.
Source: [Security Boulevard]
Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say
According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.
Source: [TechRadar] [Security Magazine]
Governance, Risk and Compliance
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Six out of 10 businesses struggle to manage cyber risk (betanews.com)
Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)
It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress
Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)
Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News
Cyber staff priority as threats continue – report (emergingrisks.co.uk)
UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar
Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur
Bank banned from opening new accounts over IT risks • The Register
Battening down the hatches: Navigating third-party cyber threats | SC Media (scmagazine.com)
Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com
73% of SME security pros missed or ignored critical alerts - Help Net Security
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)
4 steps CISOs can take to raise trust in their business | TechTarget
NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)
Uncertainty is the most common driver of noncompliance - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine
Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)
'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)
Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget
Behavioural patterns of ransomware groups are changing - Help Net Security
Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)
Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)
Hackers use developing countries as testing ground for new ransomware attacks (ft.com)
Ransomware Still On Rise Despite Better Defences, Firm Says - Law360
Hackers are using developing countries for ransomware practice | Ars Technica
Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)
Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)
Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)
CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra
Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)
Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities | CISA
Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)
Ransomware Victims
Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)
UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert
UnitedHealth admits breach could affect large chunk of US • The Register
Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)
UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert
UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)
Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week
Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)
Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)
Authentication failure blamed for Change Healthcare ransomware attack | CSO Online
Ransomware feared as Octapharma Plasma closes 150+ centers • The Register
Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week
Carpetright unable to trade after cyber attack - Retail Gazette
Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)
Phishing & Email Based Attacks
The psychological impact of phishing attacks on your employees (betanews.com)
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)
BEC
Other Social Engineering
LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)
Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert
Artificial Intelligence
AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update
Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)
Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra
AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)
CSOs say AI is 'biggest cyber threat' to organisations | TechRadar
Man arrested for 'framing colleague' with AI-generated voice • The Register
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)
People doubt their own ability to spot AI-generated deepfakes - Help Net Security
A National Security Insider Does the Math on the Dangers of AI | WIRED
40% of organisations have AI policies for critical infrastructure | Security Magazine
GPT-4 can exploit real vulnerabilities by reading advisories • The Register
25 cyber security AI stats you should know - Help Net Security
Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard
6 security items that should be in every AI acceptable use policy | CSO Online
'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence
The use of AI in war games could change military strategy (theconversation.com)
2FA/MFA
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
What is multi-factor authentication (MFA), and why is it important? - Help Net Security
Malware
ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)
Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena
New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)
GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)
Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)
Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)
Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)
Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week
Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)
Antivirus updates hijacked to drop dangerous malware | TechRadar
Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica
Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)
Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Mobile
Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)
iPhone password reset attacks are real – how to protect yourself | Mashable
New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)
Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)
Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET
Data Breaches/Leaks
5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)
Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News
AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)
App bug exposes 1M neighbourhood watchers to data harvesters • The Register
Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)
Organised Crime & Criminal Actors
Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)
Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)
Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)
Insider Risk and Insider Threats
Most people still rely on memory or pen and paper for password management - Help Net Security
CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch
Insurance
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)
Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget
Supply Chain and Third Parties
Battening down the hatches: Navigating third-party cyber threats | SC Media (scmagazine.com)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week
Cloud/SaaS
How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)
5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)
Identity and Access Management
How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)
Identity-based security threats are growing rapidly: report | CSO Online
Encryption
Europol asks tech firms, governments to get rid of E2EE • The Register
How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)
Australian authorities call for Big Tech help with decryption • The Register
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Most people still rely on memory or pen and paper for password management - Help Net Security
New Password Cracking Analysis Targets Bcrypt - Security Week
Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)
Social Media
Dutch govt body: Don't use Facebook if unsure about privacy • The Register
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard
NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra
Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)
Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)
A view from Brussels: To be sovereign, or not to be (iapp.org)
Cyber Security | UK Regulatory Outlook April 2024 - Lexology
Net neutrality has been restored in the US - Help Net Security
Models, Frameworks and Standards
Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)
Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard
Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard
Data Protection
Boost your data protection with insights from Dell's report - SiliconANGLE
A view from Brussels: To be sovereign, or not to be (iapp.org)
Careers, Working in Cyber and Information Security
Cyber staff priority as threats continue – report (emergingrisks.co.uk)
Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard
Addressing the cyber skills shortage: 5 key steps to take | CSO Online
Five Essential Steps To Land Your First Cyber Security Job (forbes.com)
Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru
Law Enforcement Action and Take Downs
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)
Man arrested for 'framing colleague' with AI-generated voice • The Register
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)
China
ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)
Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)
UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)
FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)
Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters
New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)
Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times
MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security
Ads on .gov.uk websites raise eyebrows over privacy • The Register
Russia
Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)
Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro
Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)
Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)
Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)
Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)
Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)
Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security
Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop
Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)
MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security
Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)
Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)
Iran
Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop
Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register
Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop
The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)
North Korea
Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)
Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert
Automated patch management: 9 best practices for success | TechTarget
Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack
GPT-4 can exploit real vulnerabilities by reading advisories • The Register
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Vulnerabilities
22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)
Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)
'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)
Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)
MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)
GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)
Google Patches Critical Chrome Vulnerability - Security Week
Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)
PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)
Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)
Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)
GitHub vulnerability leaks sensitive security reports | TechTarget
New Password Cracking Analysis Targets Bcrypt - Security Week
Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)
Tools and Controls
Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)
Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert
The Role of Threat Intelligence in Financial Data Protection - Security Boulevard
Automated patch management: 9 best practices for success | TechTarget
Rethinking How You Work with Detection and Response Metrics (darkreading.com)
Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard
Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek
What is multi-factor authentication (MFA), and why is it important? - Help Net Security
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)
5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)
Explore CASB use cases before you decide to buy | TechTarget
SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek
Identity-based security threats are growing rapidly: report | CSO Online
Microsoft criticized for charging for security add-ons • The Register
5 insights from new Microsoft CNAPP guide | Microsoft Security Blog
The Peril of Badly Secured Network Edge Devices (inforisktoday.com)
VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)
The first steps of establishing your cloud security strategy - Help Net Security
40% of organizations have AI policies for critical infrastructure | Security Magazine
Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)
World´s most advanced cyber defence exercise kicks off in Tallinn
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Reports Published in the Last Week
Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)
Boost your data protection with insights from Dell's report - SiliconANGLE
Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)
Cyber Security in the UK - House of Commons Library (parliament.uk)
Other News
Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)
Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)
UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)
Internet cable at Cali airport cut in apparent sabotage • The Register
EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)
Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)
AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga
Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly
World´s most advanced cyber defence exercise kicks off in Tallinn
Why Cyber Security Is Key To Solving Global Crises (forbes.com)
Colleges spending more than ever on cyber security efforts (insidehighered.com)
Foreign states targeting UK universities, MI5 warns - BBC News
Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)
Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 April 2024
Black Arrow Cyber Threat Intelligence Briefing 12 April 2024:
-UK Cyber Breaches Survey Finds Business Falling Short on Cyber, as Half Suffer Breach and Many Fail to Report
-The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realise
-UK Government Urged to Get on ‘Front Foot’ with Ransomware Instead of ‘Absorbing the Punches’
-74% of Employees Falling Victim to Phishing Attacks Hit with Disciplinary Actions; Egress Reveals
-Why Are Many Businesses Turning to Third-Party Security Partners?
-60% of SMBs and 74% of Businesses with up to 500 Employees are Concerned About Cyber Security as Attacks Rise
-Cyber Attacks Cost Financial Firms $12bn Says IMF
-LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call
-Most Cyber Criminal Threats are Concentrated in Just a Few Countries
-Why Incident Response is the Best Cyber Security ROI
-Ransomware Attacks are the Canaries in the Cyber Coal Mine
-Cyber Security is Crucial, but What is Risk and How do You Assess it?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Cyber Breaches Survey Finds Business Falling Short on Cyber, as Half Suffer Breach and Many Fail to Report
Half of UK businesses experienced a cyber breach last year, according to a survey by the UK Government. The figure could be much higher however, as the survey found only 34% report breaches externally.
It is said that a cyber incident is a matter of when, not if. Nonetheless, 78% of organisations lack a dedicated response plan outlining actions to be taken in the event of a cyber incident and only 11% review their immediate suppliers for risks. To improve cyber resilience, there needs to be a paradigm shift.
Sources: [Computer Weekly] [Computing] [Infosecurity Magazine] [Info Risk Today]
Cyber Attacks Cost Financial Firms $12bn Says IMF
A recent International Monetary Fund (IMF) report has highlighted significant financial losses in the financial services sector, totalling $12 billion over the last two decades due to cyber attacks, with losses accelerating post-pandemic. The number of incidents and the scale of extreme losses have sharply increased, prompting the IMF to urge enhanced cross-border cooperation to uphold the stability of the global financial system.
The report underscores the critical threat that cyber attacks pose to financial stability, particularly for banks in advanced economies which are more exposed to such risks. With major institutions like JP Morgan facing up to 45 billion cyber threats daily, the IMF emphasises the need for international collaboration to effectively manage and mitigate these risks.
Source: [Finextra]
The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realise
A critical security breach was narrowly avoided when a Microsoft developer detected suspicious activity in XZ Utils, an open-source library crucial to internet infrastructure. This discovery revealed that a new developer had implanted a sophisticated backdoor in the software, potentially giving unauthorised access to millions of servers worldwide. This incident has intensified scrutiny on the vulnerabilities of open-source software, which is largely maintained by unpaid or underfunded volunteers and serves as a backbone for the internet economy. The situation has prompted discussions among government officials and cyber security experts about enhancing the protection of open-source environments. This close call, described by some as a moment of "unreasonable luck," underscores the pressing need for sustainable support and rigorous security measures in the open-source community.
Source: [Inc.com]
UK Government Urged to Get on ‘Front Foot’ with Ransomware Instead of ‘Absorbing the Punches’
Amidst a rising tide of ransomware attacks affecting wide range of UK services, officials in Westminster are being pressured to enhance funding for operations aimed at disrupting ransomware gangs. The current strategy focuses on bolstering organisational cyber security and recovery preparedness, a stance under the second pillar of the UK's National Cyber Strategy known as resilience. However, this approach has not curbed the frequency of incidents, which have steadily increased over the past five years, impacting sectors including the NHS and local governments. In contrast to the proactive disruption efforts seen in the US, the UK has yet to allocate new funds for such measures, despite successful disruptions like the recent takedown of the LockBit gang by the US National Crime Agency, which underscored the potential benefits of increased resources for cyber crime disruption.
Source: [The Record Media]
74% of Employees Falling Victim to Phishing Attacks Hit with Disciplinary Actions
The Egress 'Email Threat Landscape 2024' report reveals a surge in phishing attacks, with 94% of companies falling victim to this type of crime in this past year alone, leading to increasingly complex cyber security challenges. According to the report, 96% of these companies suffered significant repercussions, including operational disruption and data breaches, with common attack vectors being malicious URLs, and malware or ransomware attachments.
The human cost is also notable, with 74 per cent of employees involved in attacks having faced disciplinary actions, dismissals, or voluntary departures, underscoring the severity of the issue and the heightened vigilance among companies in addressing the phishing threat. Financial losses primarily stem from customer churn, which accounts for nearly half of the total impact. Amidst rising attacks through compromised third-party accounts, Egress advocates for stronger monitoring and defence strategies to protect critical data and reduce organisational and individual hardships.
Source: [The Fintech Times]
Why Are Many Businesses Turning to Third-Party Security Partners?
In 2023, 71% of organisations reported being impacted by a cyber security skills shortage, leading many to scale back their cyber security initiatives amid escalating threats. To bridge the gap, businesses are increasingly turning to third-party security partnerships, reflecting a shift towards outsourcing crucial cyber security operations to handle complex challenges more efficiently. This approach is driven by the need to fill technical and resource gaps in the face of a severe workforce shortfall, with an estimated 600,000 unfilled security positions in the US alone. Moreover, these strategic partnerships allow organisations to leverage external expertise for scalable and effective security solutions, alleviating the burden of staying updated with the rapidly evolving threat landscape.
Source: [Help Net Security]
74% of Businesses with up to 500 Employees are Concerned About Cyber Security as Attacks Rise
According to a recent poll by the US Chamber of Commerce, 60% of small businesses expressed concerns about threats, with 58% concerned about a supply chain breakdown. The highest concern came from businesses with 20-500 employees (74%). Despite such concern, only 49% had trained staff on cyber security. When it came to the impact of a cyber event, 27% of respondents say they are one disaster or threat away from shutting down their business.
Sources: [Malwcv arebytes][Marketplace] [US Chamber]
LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call
LastPass recently reported a thwarted voice phishing attack targeting one of its employees using deepfake audio technology to impersonate CEO Karim Toubba. The attack, conducted via WhatsApp, was identified by the employee as suspicious due to the unusual communication channel and clear signs of social engineering, such as forced urgency. Despite the failure of this particular attempt, LastPass has shared the incident publicly to highlight the growing use of AI-generated deepfakes in executive impersonation schemes. This incident underscores a broader trend, as indicated by alerts from both the US Department of Health and Human Services and the FBI, pointing to an increase in sophisticated cyber attacks employing deepfake technology for fraud, social engineering, and potential influence operations.
Source: [Bleepingcomputer]
Most Cyber Criminal Threats are Concentrated in Just a Few Countries
Oxford researchers have developed the world's first cyber crime index to identify global hotspots of cyber criminal activity, ranking countries based on the prevalence and sophistication of cyber threats. The index reveals that a significant portion of cyber threats is concentrated in a few countries, with Russia and Ukraine positioned at the top, with the USA and the UK also ranking prominently. The results indicate that countries like China, Russia, Ukraine, the US, Romania, and Nigeria are among the top hubs for activities ranging from technical services to money laundering. This tool aims to refine the focus for cyber crime research and prevention efforts, although the study acknowledges the need for a broader and more representative sample of expert opinions to enhance the accuracy and applicability of the findings. The index underscores that while cyber crime may appear globally fluid, it has pronounced local concentrations.
Sources: [ThisisOxfordshire] [Phys Org]
Why Incident Response is the Best Cyber Security ROI
The Microsoft Incident Response Reference Guide predicts that most organisations will encounter one or more major security incidents where attackers gain administrative control over crucial IT systems and data. While complete prevention of cyber attacks may not be feasible, prompt and effective incident response is essential to mitigate damage and protect reputations. However, many organisations may not be adequately budgeting for incident response, and the recent UK Government report found that 78% of organisations do not have formalised incident response plans, risking prolonged recovery and increased costs. Cyber crime damages hit $23b in 2023, but the true costs of incidents includes non-financial damage such as reputational harm. If a cyber incident is a matter of when, not if, then a prepared incident response plan is the best cyber security ROI.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [CSO Online]
Ransomware Attacks are the Canaries in the Cyber Coal Mine
A recent report has found that ransomware attacks were up 110% compared to the prior month, stating that unreported attacks were up to 6 times higher. The report found that tactics are increasingly using data extortion, with 92% of attacks utilising this method.
Sources: [Silicon Republic] [The Hill]
Cyber Security is Crucial, but What is Risk and How do You Assess it?
Cyber security is an increasingly sophisticated game of cat and mouse, where the landscape is constantly shifting. Your cyber risk is the probability of negative impacts stemming from a cyber incident, but how do you assess risk?
One thing to understand is that there are a multitude of risks: risks from phishing, risks from insiders, risks from network attacks, risks of supply chain compromise, and of course, nation states. To understand risk, an organisation must first identify the information that it needs to protect, to avoid only learning of the information asset’s existence from a successful attacker. Once all assets are identified, then organisations should conduct risk assessments to identify threats and an evaluation the potential damage that can be done.
Sources: [Security Boulevard] [International Banker]
Governance, Risk and Compliance
Cyber attacks cost financial firms $12bn says IMF (finextra.com)
UK business falling short on cybersecurity warns government report (computing.co.uk)
60% of small businesses are concerned about cyber security threats | Malwarebytes
Cyber attacks on small businesses are on the rise - Marketplace
What is cyber security risk & how to assess - Security Boulevard
Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)
Why Cyber Security Is More Crucial Today Than Ever Before (internationalbanker.com)
Why are many businesses turning to third-party security partners? - Help Net Security
CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)
Why incident response is the best cyber security ROI | CSO Online
Privacy Versus Cyber – What is the Bigger Risk? | Jackson Lewis P.C. - JDSupra
Large businesses struggle to tackle cyber threats (betanews.com)
Resilience And Antifragility Are The Best Strategies For 2024 (forbes.com)
The state of secrets security: 7 action items for better managing risk - Security Boulevard
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online
Why cyberpsychology is such an important part of effective cyber security | CSO Online
Cyber Security in the Evolving Threat Landscape (securityaffairs.com)
How CISOs can make themselves ready to serve on the board | CSO Online
CISOs Need A Data-Driven Approach To Offensive Security (forbes.com)
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware surged 110pc last month, report claims (siliconrepublic.com)
Ransomware attacks are the canaries in the cyber coal mine | The Hill
Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch
Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware (darkreading.com)
Ransomware group maturity should influence ransom payment decision - Help Net Security
Proactive and Reactive Ransomware Protection Strategies - Security Boulevard
How can the energy sector bolster its resilience to ransomware attacks? - Help Net Security
CL0P's Ransomware Rampage - Security Measures for 2024 (thehackernews.com)
LockBit copycat DarkVault spurs rebranding rumour | SC Media (scmagazine.com)
Ransomware payouts hit all-time high, but that’s not the whole story (securityintelligence.com)
Ransomware Victims
Second ransomware gang says it’s extorting Change Healthcare • The Register
Targus says it is facing major cyber attack, global operations hit | TechRadar
Optics giant Hoya hit with $10 million ransomware demand (bleepingcomputer.com)
Panera Bread week-long IT outage caused by ransomware attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)
How malicious email campaigns continue to slip through the cracks - Help Net Security
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)
Cyber Criminals Invade Inboxes: What Small Businesses Can Do (pymnts.com)
Phishing Detection and Response: What You Need to Know - Security Boulevard
Other Social Engineering
Cyber Criminals Target Victims Using Social Engineering Techniques (ic3.gov)
Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)
LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)
Artificial Intelligence
China is using generative AI to carry out influence operations (securityaffairs.com)
What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru
AI risks under the auditor's lens more than ever - Help Net Security
Speed of AI development is outpacing risk assessment | Ars Technica
Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)
LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)
AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)
How Artificial Intelligence Is Fuelling Incel Communities (yahoo.com)
2FA/MFA
Malware
Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)
Sophisticated Latrodectus Malware Linked to 2017 Strain (inforisktoday.com)
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)
Bing ad posing as NordVPN aims to spread SecTopRAT malware | SC Media (scmagazine.com)
ScrubCrypt used to drop VenomRAT along with many malicious plugins (securityaffairs.com)
Unit 42: Malware-initiated scanning attacks on the rise | TechTarget
RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)
Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files (thehackernews.com)
Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)
Mobile
Denial of Service/DoS/DDOS
How Nation-State DDoS Attacks Impact Us All (darkreading.com)
DDoS Protection Needs Detective and Preventive Controls (darkreading.com)
French cities knocked offline by 'large-scale cyber attack' • The Register
Internet of Things – IoT
Amazon Removes a Feature From Fire TVs Over Security Concerns | Cord Cutters News
Over 90,000 LG Smart TVs may be exposed to remote attacks (bleepingcomputer.com)
EV Charging Stations Still Riddled With Cyber Security Vulnerabilities (darkreading.com)
UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO
Hotel check-in terminal leaks rafts of guests' room codes • The Register
Data Breaches/Leaks
Many of the world's biggest companies reported data breaches last year | TechRadar
US Data Breach Reports Surge 90% Annually in Q1 - Infosecurity Magazine (infosecurity-magazine.com)
37% of publicly shared files expose personal information - Help Net Security
Acuity confirms hackers stole non-sensitive govt data from GitHub repos (bleepingcomputer.com)
Home Depot confirms third-party data breach exposed employee info (bleepingcomputer.com)
AT&T now says data breach impacted 51 million customers (bleepingcomputer.com)
DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)
Taxi software vendor exposes personal details of nearly 300K • The Register
Employee credentials leaked in Microsoft security lapse (techmonitor.ai)
Organised Crime & Criminal Actors
Russia ranked biggest cyber crime threat to rest of the world | Tech News | Metro News
Oxford research uncovers world cyber crime hotspots | thisisoxfordshire
Cyber crooks poison GitHub search to fool developers | Computer Weekly
Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers deploy crypto drainers on thousands of WordPress sites (bleepingcomputer.com)
RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)
Insider Risk and Insider Threats
Microsoft employees exposed internal passwords in security lapse | TechCrunch
Insider Threats Surge Amid Growing Foreign Interference - Security Boulevard
Insurance
US insurers using drones to deny home insurance policies • The Register
Cyber Insurance: Sexy? No. Important? Critically yes. - Security Boulevard
Supply Chain and Third Parties
Why a near-miss cyber attack put US officials and the tech industry on edge - The Japan Times
DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)
Encryption
Linux and Open Source
The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realize | Inc.com
Supply chain attack sends shockwaves through open-source community | CyberScoop
German state ditches Microsoft for Linux and LibreOffice | ZDNET
Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch
Who’s the bigger cyber security risk – Microsoft or open source? (reason.com)
Passwords, Credential Stuffing & Brute Force Attacks
Reusing passwords: The hidden cost of convenience (bleepingcomputer.com)
Microsoft employees exposed internal passwords in security lapse | TechCrunch
CISA says Sisense hack impacts critical infrastructure orgs (bleepingcomputer.com)
Social Media
Regulations, Fines and Legislation
Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)
Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch
Spy Law Needs Fixing Now to Stop Overreach—Not a Backdoor Boost (bloomberglaw.com)
CISA: 300,000+ Small Entities Covered By Proposed Cyber Reporting Regs | MSSP Alert
CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)
Models, Frameworks and Standards
HIPAA Fundamentals for Providers | Tucker Arensberg, P.C. - JDSupra
Process and Control Today | NIS2 – cyber security directive from the EU. Get ready! (pandct.com)
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED
China is using generative AI to carry out influence operations (securityaffairs.com)
Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)
Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)
UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO
China flooding Britain with fake stamps in act of 'economic warfare' (telegraph.co.uk)
Russia
Germany to launch cyber military branch to combat Russian threats (therecord.media)
US says Russian hackers stole federal government emails during Microsoft cyber attack | TechCrunch
Macron: Russia will target Paris Olympics (insidethegames.biz)
Cyber attack on TV channel BabyTV: Toddlers suddenly exposed to Russian propaganda | NL Times
Cyber security in 2023: Estonia's year of advanced threats (e-estonia.com)
Oxford research uncovers world cyber crime hotspots | thisisoxfordshire
Most cyber criminal threats are concentrated in just a few countries, new index shows (phys.org)
Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Top Israeli spy chief exposes his true identity in online security lapse | Israel | The Guardian
Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)
Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (thehackernews.com)
Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)
Vulnerability Management
Zero-Day Attacks on the Rise: Google Reports 50% Increase in 2023 - Security Boulevard
How exposure management elevates cyber resilience - Help Net Security
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits - Security Week
Unit 42: Malware-initiated scanning attacks on the rise | TechTarget
Vulnerabilities
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (thehackernews.com)
Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products - Security Week
SAP's April 2024 Updates Patch High-Severity Vulnerabilities - Security Week
Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers - Security Week
Two new bugs can bypass detection and steal SharePoint data | SC Media (scmagazine.com)
New SharePoint flaws help hackers evade detection when stealing files (bleepingcomputer.com)
Hackers Claiming of Working Windows 0-Day LPE Exploit (cybersecuritynews.com)
Microsoft fixes five security vulnerabilities in Edge 123 - Neowin
Cisco Warns of Vulnerability in Discontinued Small Business Routers - Security Week
Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)
+16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 (securityaffairs.com)
Over 92,000 exposed D-Link NAS devices have a backdoor account (bleepingcomputer.com)
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits - Security Week
Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (thehackernews.com)
Intel and Lenovo servers impacted by 6-year-old BMC flaw (bleepingcomputer.com)
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)
Fortinet Patches Critical RCE Vulnerability in FortiClientLinux - Security Week
Researchers Resurrect Spectre v2 Attack Against Intel CPUs - Security Week
AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)
Severe Vulnerabilities Discovered in Software to Protect Internet Routing (prleap.com)
Tools and Controls
Seven ways to be sure you can restore from backup | Computer Weekly
Why incident response is the best cyber security ROI | CSO Online
Improving Dark Web Investigations with Threat Intelligence | Recorded Future
What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru
What is cyber security risk & how to assess - Security Boulevard
Your Guide to Threat Detection and Response - Security Boulevard
Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)
How exposure management elevates cyber resilience - Help Net Security
Phishing Detection and Response: What You Need to Know - Security Boulevard
The state of secrets security: 7 action items for better managing risk - Security Boulevard
How Red Team Exercises Increases Your Cyber Health | Trend Micro (US)
How Google’s 90-day TLS certificate validity proposal will affect enterprises - Help Net Security
Reports Published in the Last Week
Other News
Third of charities experienced a cyber breach last year, government reports (civilsociety.co.uk)
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (thehackernews.com)
OODA Loop - The Water Sector Is Being Threatened. That Should Worry Everyone
France Bracing for Cyber Attacks During Summer Olympics - The New York Times (nytimes.com)
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task | TechTarget
The Baltimore Bridge Collapse Is a Warning | Proceedings - April 2024 Vol. 150/4/1,454 (usni.org)
Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)
Financial sector cyber security at the helm of investor protection | Mint (livemint.com)
US Health Dept warns hospitals of hackers targeting IT help desks (bleepingcomputer.com)
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online
Software-Defined Vehicle Fleets Face a Twisty Road on Cyber Security (darkreading.com)
Independent Pharmacies Must Prioritize Cyber Security (drugtopics.com)
Devious 'man in the middle' hacks on the rise: How to stay safe | PCWorld
Top 10 Attacker Techniques: What do They Mean for MSSPs? | MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 January 2024
Black Arrow Cyber Threat Intelligence Briefing 19 January 2024:
-World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
-Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
-Researcher Uncovers One of The Biggest Password Dumps in Recent History
-Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
-75% of Organisations Hit by Ransomware in 2023
-The Dangers of Quadruple Blow Ransomware Attacks
-Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
-It’s a New Year and a Good Time for a Cyber Security Checkup
-Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
-Cyber Threats Top Global Business Risk Concern for 2024
-Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
-With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
-Digital Resilience – a Step Up from Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.
The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.
Sources: [ITPro] [The Debrief]
Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.
However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.
Sources: [ITPro] [Law Society] [Security Brief] [Financial Times] [Infosecurity Magazine]
Researcher Uncovers One of The Biggest Password Dumps in Recent History
Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.
Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.
Source: [Ars Technica]
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.
Source: [Infosecurity Magazine]
75% of Organisations Hit by Ransomware in 2023
A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.
Source: [Infosecurity Magazine]
The Dangers of Quadruple Blow Ransomware Attacks
With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.
This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.
Source: [TechRadar]
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.
Source: [Infosecurity Magazine]
It’s a New Year and a Good Time for a Cyber Security Checkup
2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.
Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.
Source: [JDSupra]
Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.
In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.
Source: [The Hacker News]
Cyber Threats Top Global Business Risk Concern for 2024
Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.
Source: [Insurance Journal]
Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company. When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.
Source: [Quartz]
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.
Source: [Dark Reading]
Digital Resilience: a Step Up from Cyber Security
In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [CSO Online] [Financial Times]
Governance, Risk and Compliance
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Improving Supply Chain Security, Resiliency (informationweek.com)
Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
How to Recover After Failing a Cyber Security Audit - Security Boulevard
Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Security considerations during layoffs: Advice from an MSSP - Help Net Security
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
How to improve cyber resilience across your workforce (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)
3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)
Ransomware causes mental, physical trauma to security pros • The Register
The dangers of quadruple blow ransomware attacks | TechRadar
Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security
TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)
Ransomware negotiation: When cyber security meets crisis management - Help Net Security
Ransomware Victims
Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
British Library to share learning from cyber attack - Museums Association
British Library starts restoring services online after hack - BBC News
British cosmetics firm Lush confirms cyber attack (therecord.media)
Delay to Manx Care dental services after cyber attack - BBC News
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)
A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar
Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)
Phishing & Email Based Attacks
Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar
US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard
Artificial Intelligence
AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)
How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)
Adversaries exploit trends, target popular GenAI apps - Help Net Security
The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
2FA/MFA
Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Malware
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)
Data-theft malware exploits Windows Defender SmartScreen • The Register
MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
5 malware mistakes most people make while traveling and trying to charge (nypost.com)
Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)
Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar
JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard
$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Modernising print security for today’s working world | TechRadar
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Data Breaches/Leaks
Insufficient cyber security caused PSNI data breach (iapp.org)
Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Organised Crime & Criminal Actors
Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard
Illegal online casinos spread crypto-crime across Asia • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)
Illegal online casinos spread crypto-crime across Asia • The Register
Insider Risk and Insider Threats
Insurance
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)
Supply Chain and Third Parties
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
Improving Supply Chain Security, Resiliency (informationweek.com)
Cloud/SaaS
Insurance website's buggy API leaked Office 365 password • The Register
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
3 ways to combat rising OAuth SaaS attacks - Help Net Security
FBI: Beware of cloud-credential thieves building botnets • The Register
Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Researcher uncovers one of the biggest password dumps in recent history | Ars Technica
Insurance website's buggy API leaked Office 365 password • The Register
FBI: Beware of cloud-credential thieves building botnets • The Register
Social Media
Malvertising
Training, Education and Awareness
The right strategy for effective cyber security awareness - Help Net Security
Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard
How to improve cyber resilience across your workforce (ft.com)
Regulations, Fines and Legislation
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
IT consultant in Germany fined for exposing shoddy security • The Register
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK
Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard
Home improvement marketers dial up trouble from regulator • The Register
Models, Frameworks and Standards
10 cyber security frameworks you need to know about - Help Net Security
NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST
Backup and Recovery
Data Protection
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
Careers, Working in Cyber and Information Security
Ransomware causes mental, physical trauma to security pros • The Register
Protecting the protectors: combating stress in the cyber security industry | The Independent
Best practices to mitigate alert fatigue - Help Net Security
Universities not delivering the right skills for cyber security (betanews.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
Nation State Actors
China
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)
Russia
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)
Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)
Russia finds way around sanctions on battlefield tech: report – POLITICO
Moscow imports a third of battlefield tech from western companies (ft.com)
Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
CISA: Critical SharePoint vuln is under active exploitation • The Register
Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)
Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)
VMware Urges Customers to Patch Critical Aria Automation Vulnerability - SecurityWeek
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)
Two more Citrix NetScaler bugs exploited in the wild • The Register
Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Windows 10 security update requires some major changes - experts only need apply | TechRadar
GitLab Patches Critical Password Reset Vulnerability - SecurityWeek
Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek
Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)
New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)
Tools and Controls
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
Key elements for a successful cyber risk management strategy - Help Net Security
Preventing insider access from leaking to malicious actors - Help Net Security
Over 90 percent of organisations set to increase data protection spending (betanews.com)
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
Best practices to mitigate alert fatigue - Help Net Security
Modernising print security for today’s working world | TechRadar
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
Digital nomads amplify identity fraud risks - Help Net Security
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
The right strategy for effective cyber security awareness - Help Net Security
SOC-as-a-Service: The Five Must-Have Features - Security Boulevard
Other News
What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)
How news organisations became a prime target for cyber attacks (pressgazette.co.uk)
UK doubles spending on overseas cyber security projects (ft.com)
Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 October 2023
Black Arrow Cyber Threat Intelligence Briefing 27 October 2023:
-More Companies Adopt Board-Level Cyber Security Committees
-Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High
-Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year
-More Than 46 Million Potential Cyber Attacks Logged Every Day
-Fighting Cyber Attacks Requires Top-Down Approach
-Email Security Threats are More Dangerous This Year as Over 200 Million Malicious Emails Detected in Q3 2023
-98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending
-48% of Organisations Predict Cyber Attack Recovery Could Take Weeks
-Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour
-How Cyber Security Has Evolved in The Past 20 Years
-Rising Global Tensions Could Portend Destructive Hacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
More Companies Adopt Board-Level Cyber Security Committees
In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.
Source: [Decipher]
Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High
A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.
Sources: [Dark Reading] [SC Magazine] [Reinsurance News]
Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year
Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.
Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]
More Than 46 Million Potential Cyber Attacks Logged Every Day
New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.
Sources: [Evening Standard] [Proactive] [The Independent]
Fighting Cyber Attacks Requires Top-Down Approach
Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.
Source: [Chief Investment Officer]
Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023
The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.
Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [Security Magazine] [MSSP Alert] [TechRadar]
98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending
Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.
Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]
48% of Organisations Predict Cyber Attack Recovery Could Take Weeks
A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Security Magazine]
Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour
The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.
We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.
Source: [Dark Reading]
How Cyber Security Has Evolved in The Past 20 Years
Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.
The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.
Source: [Forbes]
Rising Global Tensions Could Portend Destructive Hacks
Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.
Source: [Info Risk Today]
Governance, Risk and Compliance
Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
How to establish a great security awareness culture (att.com)
More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)
Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)
SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)
48% of organisations predict cyber attack recovery to take weeks | Security Magazine
Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra
Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)
Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)
AI-related security fears drive 2024 IT spending - Help Net Security
Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)
The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week
Threats
Ransomware, Extortion and Destructive Attacks
SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)
Ransomware is threatening more businesses than ever before | TechRadar
Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)
Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)
The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)
Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)
Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist
Five things organisations don’t consider before a ransomware attack | TechRadar
Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot
MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)
Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR
Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)
BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)
Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg
Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)
Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News
Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)
Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Ransomware Victims
MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)
Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News
Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week
US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)
Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)
American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)
Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)
Cyber crims leak patient pics in low blow bid to win ransom • The Register
Phishing & Email Based Attacks
Over 200 million malicious emails were detected in Q3 2023 | Security Magazine
Watch out - that QR code could just be a phishing scam | TechRadar
Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian
New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates
Email security threats are more dangerous than ever - here's what you need to know | TechRadar
What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert
The US released popular phishing techniques | Inquirer Technology
Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE
Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
AI-related security fears drive 2024 IT spending - Help Net Security
Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly
Governments, firms should spend more on AI safety, top researchers say | Reuters
Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)
Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine
Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)
Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)
Businesses ignorant to gen AI security threats suggests research (ship-technology.com)
Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra
Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound
Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security
Oops! When tech innovations create new security threats | CSO Online
2FA/MFA
Malware
Hackers are using an incredibly sneaky trick to hide malware | Digital Trends
Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)
Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)
Dangerous new malware can crack encrypted USB drives | TechRadar
'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)
The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog
Mobile
Android trojan spotted in the wild can record audio and phone calls | ZDNET
Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)
iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)
Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News
Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)
Android adware apps on Google Play amass two million installs (bleepingcomputer.com)
Denial of Service/DoS/DDOS
This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)
Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)
Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Okta says hackers breached its support system and viewed customer files | Ars Technica
Okta support system breach highlights need for strong MFA policies | CSO Online
1Password suffers cyber security incident after latest Okta breach - Tech Monitor
Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)
Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)
City of Philadelphia discloses data breach after five months (bleepingcomputer.com)
500k Irish National Police records exposed by third party • The Register
The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)
iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)
DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)
Organised Crime & Criminal Actors
More than 500 potential cyber attacks logged every second, BT says | The Independent
Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)
Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Insider Risk and Insider Threats
Forget the outside hacker, the bigger threat is inside • The Register
Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)
How to establish a great security awareness culture (att.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
Fraud, Scams & Financial Crime
New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates
Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian
Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)
Online scammers target desperate loan seekers using online fraud | TechRadar
Christmas scams to watch out for this festive season (nationalworld.com)
Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Deepfakes
Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Insurance
Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)
Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra
Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Passwords, Credential Stuffing & Brute Force Attacks
Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)
'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)
Social Media
Malvertising
Training, Education and Awareness
Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)
This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)
How to establish a great security awareness culture (att.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)
From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)
Regulations, Fines and Legislation
Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament
Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine
UK government finalises IoT cyber security requirements - Lexology
Models, Frameworks and Standards
Backup and Recovery
Law Enforcement Action and Take Downs
Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)
Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)
Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)
Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
‘I’m looking for fewer ways to be traceable, not more’ | Financial Times
Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)
ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)
International Criminal Court attack was targeted and sophisticated (securityaffairs.com)
Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)
It's Time to Establish the NATO of Cyber Security (darkreading.com)
War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360
International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)
Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly
Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)
Geopolitical Threats/Activity
Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)
Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop
Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)
China
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)
Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live
Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)
Russia
Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg
European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)
Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International
Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)
Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)
Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica
Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert
France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)
Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly
Ex-NSA techie admits to selling state secrets to Russia • The Register
Iran
North Korea
Vulnerability Management
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)
Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Vulnerabilities
Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)
Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly
Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs
Cisco hackers likely taking steps to avoid identification | Computer Weekly
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)
European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week
Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)
Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week
The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica
Apple Ships Major iOS, macOS Security Updates - Security Week
Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica
ServiceNow quietly fixes 8-year-old data exposure flaw • The Register
Tools and Controls
48% of organisations predict cyber attack recovery to take weeks | Security Magazine
Cyber attack response plans need to be in place to avoid chaos - FreightWaves
NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online
What is Network Segmentation? Virtual & Physical Segmentation | UpGuard
AI-related security fears drive 2024 IT spending - Help Net Security
Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)
Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)
Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)
Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)
Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)
Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)
Cyber security concerns grow among physical security professionals | Security Magazine
The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week
Other News
MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online
Strategies to overcome cyber security misconceptions - Help Net Security
UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online
5 important cyber security takeaways for law firms - Lawyers Weekly
How Cyber Security Has Evolved In The Past 20 Years (forbes.com)
Oops! When tech innovations create new security threats | CSO Online
Spooky Cyber Statistics And Trends You Need To Know (forbes.com)
The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog
Proactively preventing your company from becoming the next cyber attack headline (betanews.com)
Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon
Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review
OT cyber attacks proliferating despite growing cyber security spend - Help Net Security
Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)
What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)
Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week
Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 4th August 2023
Black Arrow Cyber Threat Intelligence Briefing 04 August 2023:
-Top 12 Exploited Vulnerabilities List Highlights Troubling Reality: Many Organisations Still Are Not Patching
-67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
-Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
-The Generative AI War Between Companies and Hackers is Starting
-Spend to Save: The CFO’s Guide to Cyber Security Investment
-Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
-How the Talent Shortage Impacts Cyber Security Leadership
-Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
-Cyber Insurance and the Ransomware Challenge
-Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
-66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
-Startups Should Move Fast and Remember Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching
A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.
This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.
Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]
67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.
A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.
The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Source: [Security Intelligence]
Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.
Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.
Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]
The Generative AI War Between Companies and Hackers is Starting
To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.
A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.
Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.
Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]
Spend to Save: The CFO’s Guide to Cyber Security Investment
As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.
The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.
It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.
Source: [Security Intelligence]
Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.
There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.
Source [CSO Online]
How the Talent Shortage Impacts Cyber Security Leadership
The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.
Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.
The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.
Source: [Security Intelligence]
Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.
Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.
Source: [Security Brief]
Cyber Insurance and the Ransomware Challenge
The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.
While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.
Sources: [RUSI] [Dark Reading]
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.
"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."
Source: [TheHackerNews]
66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.
In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.
Source: [ITSecurityWire]
UK legal Sector at Risk, National Cyber Security Centre Warns
Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.
The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.
Sources: [Todays Conveyancer] [Infosecurity Magazine]
Startups Should Move Fast and Remember Cyber Security
The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.
The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.
Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]
Governance, Risk and Compliance
Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
CISOs Need Backing to Take Charge of Security (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Threats
Ransomware, Extortion and Destructive Attacks
67% of data breaches start with a single click - Help Net Security
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
The race against time in ransomware attacks - Help Net Security
As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)
Ransomware gang increases attacks on insecure MSSQL servers | CSO Online
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber criminals pivot away from ransomware encryption | Computer Weekly
Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Ransomware Victims
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)
Scottish university UWS targeted by cyber attackers - BBC News
Tempur Sealy isolated tech system to contain cyber burglary • The Register
US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)
Phishing & Email Based Attacks
67% of data breaches start with a single click - Help Net Security
Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
UK calls artificial intelligence a “chronic risk” to its national security | CSO Online
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)
Intersection of generative AI, cyber security and digital trust | TechTarget
Hackers are using AI to create vicious malware, says FBI | Digital Trends
The generative A.I. war between companies and hackers is starting (cnbc.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
OWASP Top 10 for LLM applications is out! - Security Affairs
Think tank wants monitoring of China's AI-enabled products • The Register
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica
Organisations want stronger AI regulation amid growing concerns - Help Net Security
Malware
Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)
Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)
Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)
New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security
MacOS malware discovered on Russian dark web forum | Security Magazine
Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)
Mobile
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)
New smartphone vulnerability could allow hackers to track user location (techxplore.com)
Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
Botnets
Denial of Service/DoS/DDOS
Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)
Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)
Russian hackers crash Italian bank websites, cyber agency says | Reuters
"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Cyber security breaches exposed 146 million records - ITSecurityWire
Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)
Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)
Organised Crime & Criminal Actors
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
How Hackers Trick You With Basic Sales Techniques (makeuseof.com)
Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register
Insider Risk and Insider Threats
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
US military battling cyber threats from within and without • The Register
Deepfakes
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
AML/CFT/Sanctions
Insurance
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Dark Web
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Supply Chain and Third Parties
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Software Supply Chain
Cloud/SaaS
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek
Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop
Identity and Access Management
Encryption
Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)
SCARF cipher sets new standards in protecting sensitive data - Help Net Security
Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post
Open Source
Open-source security challenges and complexities - Help Net Security
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
Social media giants on notice over foreign cyber threat (themandarin.com.au)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Travel
Regulations, Fines and Legislation
Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)
CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch
What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget
Organizations want stronger AI regulation amid growing concerns - Help Net Security
Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)
Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra
Models, Frameworks and Standards
OWASP Top 10 for LLM applications is out! - Security Affairs
Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru
What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget
Careers, Working in Cyber and Information Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek
Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru
White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)
Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW
Law Enforcement Action and Take Downs
Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update
FBI: Without Section 702, we can't ID cyber criminals • The Register
Privacy, Surveillance and Mass Monitoring
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica
Tor’s shadowy reputation will only end if we all use it | Engadget
After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)
Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)
Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent
Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times
Russian hackers crash Italian bank websites, cyber agency says | Reuters
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
China
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica
US senator victim-blames Microsoft for Chinese hack • The Register
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)
US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)
Think tank wants monitoring of China's AI-enabled products • The Register
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
US military battling cyber threats from within and without • The Register
Iran
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Relying on CVSS alone is risky for vulnerability management - Help Net Security
40% of Log4j Downloads Still Vulnerable (securityintelligence.com)
What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)
Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)
Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica
Vulnerabilities
Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek
Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)
New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek
Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK
US fears attacks will continue against Ivanti MDM installs • The Register
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)
Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)
Firefox 116: improved upload performance and security fixes - gHacks Tech News
Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop
Tools and Controls
Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek
Data stolen from millions via missing web app access checks • The Register
Keeping the cloud secure with a mindset shift - Help Net Security
Strengthening security in a multi-SaaS cloud environment | TechCrunch
5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)
AI has a place in cyber, but needs effective evaluation | Computer Weekly
Top 5 benefits of SASE to enhance network security | TechTarget
MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert
What is Data Security Posture Management (DSPM)? (thehackernews.com)
Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)
What is an ISMS (Information Security Management System)? | UpGuard
VPNs remain a risky gamble for remote access - Help Net Security
Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Reports Published in the Last Week
Other News
UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)
Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)
How local governments can combat cyber crime - Help Net Security
Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)
Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)
Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek
80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 07 July 2023
Black Arrow Cyber Threat Briefing 07 July 2023:
-Cyber Attacks Against Mobile Devices Growing Fast
-One Third of Security Breaches Go Unnoticed by Security Professionals
-Cyber Security Experts Have Become Targets for Board Seats
-Phishing Attack Prevention as Email Attacks Surge Over 450%
-Outsmarting Business Email Compromise Scammers
-Small Organisations Face Security Threats on a Limited Budget
-Cloud Security: Sometimes the Risks May Outweigh the Rewards
-Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks
-75% of Consumers Prepared to Ditch Brands Hit by Ransomware
-Scammers Using AI Voice Technology to Commit Crimes
-What are the Causes of Data Loss and What it the Impact on Your Organisation?
-Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Against Mobile Devices Growing Fast
A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year. The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.
It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.
https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users
One Third of Security Breaches Go Unnoticed by Security Professionals
While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.
The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.
https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/
Cyber Security Experts Have Become Targets for Board Seats
The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.
The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.
CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.
https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html
Phishing Attack Prevention as Email Attacks Surge Over 450%
A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.
In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.
https://cybersecuritynews.com/phishing-attack-prevention-checklist/
Outsmarting Business Email Compromise (BEC) Scammers
Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.
There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.
https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers
Small Organisations Face Security Threats on a Limited Budget
Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.
The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.
https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/
Cloud Security: Sometimes the Risks May Outweigh the Rewards
Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.
Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.
https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/
https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/
Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks
A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.
From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.
https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks
75% of Consumers Prepared to Ditch Brands Hit by Ransomware
As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.
While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.
https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/
Scammers Using AI Voice Technology to Commit Crimes
The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.
The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.
https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/
What are the Causes of Data Loss and What it the Impact on Your Organisation?
In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.
It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.
https://securityaffairs.com/148086/security/impacts-of-data-loss.html
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.
One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.
Governance, Risk and Compliance
Cyber Security experts have become targets for board seats (cnbc.com)
The Impacts of Data Loss on Your Organisation -Security Affairs
One third of security breaches go unnoticed by security professionals - Help Net Security
Small organisations face security threats on a limited budget - Help Net Security
How to cultivate a culture of continuous cyber Security improvement - Help Net Security
CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (darkreading.com)
Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)
Cyber Security's Future Hinges on Stronger Public-Private Partnerships (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of consumers prepared to ditch brands hit by ransomware - Help Net Security
More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)
Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks (darkreading.com)
Encryption-less ransomware: Warning issued over emerging attack method for threat actors | ITPro
Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)
8Base ransomware group leaks data of 67 victim organisations - Help Net Security
Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)
Seven ways to prepare for double extortion ransomware | SC Media (scmagazine.com)
The rise in cyber extortion attacks and its impact on business security - Help Net Security
University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online
Ransomware Criminals Are Dumping Kids' Private Files Online After School Hacks - SecurityWeek
Ransomware accounts for 54% of cyber threats in the health sector- Security Affairs
Avast released a free decryptor for Windows version of Akira ransomware- Security Affairs
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
How ransomware impacts the healthcare industry - Help Net Security
June saw flurry of ransomware attacks on education sector | TechTarget
Decryption tool for Akira ransomware available for free | Tripwire
Japanese Port of Nagoya Resumes Operations After 2-Day Russian Ransomware Attack - MSSP Alert
Ransomware Victims
Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data - SecurityWeek
Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)
Japan’s largest port stops operations after ransomware attack (bleepingcomputer.com)
Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)
8Base ransomware group leaks data of 67 victim organisations - Help Net Security
Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
MOVEit Hacks Ensnare US Department of Health and Human Services - Bloomberg
UCLA among victims of worldwide cyber attack – NBC Los Angeles
BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg
Chipmaker TSMC says supplier targeted in cyber Attack | Reuters
MOVEit hack impacts US financial services provider for academics | SC Media (scmagazine.com)
Phishing & Email Based Attacks
Email Cyber Attacks Spiked Nearly 500% in First Half of 2023, Acronis Reports - MSSP Alert
Phishing Attack Prevention Checklist - A Detailed Guide (cybersecuritynews.com)
African Nations Face Escalating Phishing & Compromised Password Cyber Attacks (darkreading.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Quishing on the rise: How to prevent QR code phishing | TechTarget
Why cyberpsychology is such an important part of effective cyber Security | CSO Online
Artificial Intelligence
Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register
Cyber Criminals can break voice authentication with 99% success rate - Help Net Security
Dutch counterterrorism agency says Generative AI is posing new cyber threats | NL Times
AI-generated attack vectors cyber Security should watch for (fastcompany.com)
OpenAI Pauses ChatGPT's 'Browse With Bing' as Users Bypass Paywalls (gizmodo.com)
Promoting responsible AI: Balancing innovation and regulation - Help Net Security
GPT-4 is great at infuriating telemarketing scammers • The Register
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)
Malware
Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)
Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)
CISA: Truebot malware infecting networks in US, Canada | TechTarget
Mockingjay - A New Injection Technique to Bypass EDR (cybersecuritynews.com)
Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)
Mobile
Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek
Mobile Cyber Attacks Soar, Especially Against Android Users (darkreading.com)
Android users at risk as banking trojan targets more apps | Fox News
Cyber Attacks Against Mobile Devices Growing Fast - MSSP Alert
We can’t trust the Government to protect your privacy, says boss of Signal (telegraph.co.uk)
Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)
Botnets
Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)
Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)
Denial of Service/DoS/DDOS
CISA issues DDoS warning after attacks hit multiple US orgs (bleepingcomputer.com)
Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)
Data Breaches/Leaks
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
Microsoft denies data breach, theft of 30 million customer accounts (bleepingcomputer.com)
Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En
The Impacts of Data Loss on Your Organisation- Security Affairs
Nickelodeon investigates breach after leak of 'decades old’ data (bleepingcomputer.com)
OpenAI lawsuit reignites privacy debate over data scraping | CyberScoop
28,000 Impacted by Data Breach at Pepsi Bottling Ventures - SecurityWeek
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Meduza Stealer targets tens of crypto wallers and pwd managers- Security Affairs
$7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Google Searches for 'USPS Package Tracking' Leads to Banking Theft (darkreading.com)
Support from British businesses crucial in removing over... - NCSC.GOV.UK
GPT-4 is great at infuriating telemarketing scammers • The Register
Ex-Amazon manager who stole $9m+ gets 16 years in prison • The Register
$7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)
Deepfakes
Scammers using AI voice technology to commit crimes - Help Net Security
Cyber Criminals can break voice authentication with 99% success rate - Help Net Security
AML/CFT/Sanctions
Insurance
University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online
Find A Cyber Insurance Policy That Fits Your Small Business Budget (forbes.com)
Cyber insurance rates drop 10% in June, report says | Reuters
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)
How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)
Dark Web
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)
Deep Web vs Dark Web: What’s the Difference? - Keeper (keepersecurity.com)
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)
Japan rebukes Fujitsu for cloud security fails • The Register
IT leaders believe hybrid cloud solutions are the future of IT - Help Net Security
Microsoft investigates Outlook.com bug breaking email search (bleepingcomputer.com)
11 best practices for securing data in the cloud | Microsoft Security Blog
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)
Attack Surface Management
Encryption
Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)
Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
High school changes every student’s password to ‘Ch@ngeme!’ | TechCrunch
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets (thehackernews.com)
Social Media
Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)
EU Court Deals Blow to Meta in German Data Case - SecurityWeek
Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek
EU Court Deals Blow to Meta in German Data Case - SecurityWeek
Promoting responsible AI: Balancing innovation and regulation - Help Net Security
European companies slam the EU’s incoming AI regulations in open letter - The Verge
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Crack the Code: How to Secure Your Dream Cyber Security Career - IT Security Guru
3 Ways to Build a More Skilled Cyber Security Workforce (darkreading.com)
Make Diversity the 'How,' Not the 'What,' of Cyber Security Success (darkreading.com)
CISO Speaks: Resilience and Avoiding Burnout - IT Security Guru
Top 5 Free Online Cyber Security Courses in 2023 (analyticsinsight.net)
ISACA joins ECSO to strengthen cyber Security and digital skills in Europe - Help Net Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
Satellite system used by Russian military is hacked - The Washington Post
Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)
Russian railway site allegedly taken down by Ukrainian hackers (therecord.media)
China
US authorities warn on China’s new counter-espionage la' • The Register
Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research
Chinese threat actor attacks diplomats across Europe • The Register
Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)
Iran
Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools (darkreading.com)
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)
North Korea
Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs
North Korean satellite had no military utility for spying • The Register
Misc/Other/Unknown
Vulnerability Management
Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)
Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)
Vulnerabilities
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug (bleepingcomputer.com)
Microsoft puts out Outlook fire, downplays Teams flaw • The Register
WordPress plugin lets users become admins – Patch early, patch often! – Naked Security (sophos.com)
Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)
Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities - SecurityWeek
Microsoft fixes bug behind Windows LSA protection warnings, again (bleepingcomputer.com)
Cisco warns of bug that lets attackers break traffic encryption (bleepingcomputer.com)
StackRot Linux Kernel Bug Has Exploit Code on the Way (darkreading.com)
Tools and Controls
Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)
Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online
VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek
Small organisations face security threats on a limited budget - Help Net Security
11 best practices for securing data in the cloud | Microsoft Security Blog
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)
How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)
Reports Published in the Last Week
Other News
Foreign spies hacked government 20 years ago (thetimes.co.uk)
GCHQ Reveals Details of State-Backed Breach - Infosecurity Magazine (infosecurity-magazine.com)
Police investigate stolen exam papers after cyber attack (schoolsweek.co.uk)
VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek
Why Schools are Low-Hanging Fruit for Cyber Criminals - IT Security Guru
Hacks targeting British exam boards raise fears of students cheating (therecord.media)
Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En
Is your browser betraying you? Emerging threats in 2023 - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 April 2023
Black Arrow Cyber Threat Briefing 21 April 2023:
-March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month
-Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces
-One in Three Businesses Faced Cyber Attacks Last Year
-Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged
-Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security
-Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes
-83% of Organizations Paid Up in Ransomware Attacks
-Security is a Revenue Booster, Not a Cost Centre
-EX-CEO Gets Prison Sentence for Bad Security
-Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers
-KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend
-Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber-Attack
-Outdated Cyber Security Practices Leave Door Open for Criminals
-Quantifying cyber risk vital for business survival
-Recycled Network Devices Exposing Corporate Secrets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month
March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.
Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.
The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.
Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces
Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.
The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:
Keeping up with threat intelligence (70%)
Allocating cyber security resources and budget (47%)
Visibility into all assets connected to the network (44%)
Compliance and regulation (39%)
Convergence of IT and OT (32%)
The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.
One in Three Businesses Faced Cyber Attacks Last Year
Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.
Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.
https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html
Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged
Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.
The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.
Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security
With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.
Cobalt’s recent report found:
Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.
Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.
Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.
https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/
Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes
Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.
Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.
https://www.hivesystems.io/blog/are-your-passwords-in-the-green
83% of Organisations Paid Up in Ransomware Attacks
A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.
Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.
https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/
Security is a Revenue Booster, Not a Cost Centre
Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.
For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.
In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.
https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center
Ex-CEO Gets Prison Sentence for Bad Security
A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.
Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.
The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.
Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers
There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.
https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/
KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend
KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.
The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.
71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.
Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.
Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack
Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.
While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.
Outdated Cyber Security Practices Leave Door Open for Criminals
A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.
https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/
Quantifying Cyber Risk Vital for Business Survival
Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.
https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/
Recycled Network Devices Exposing Corporate Secrets
Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.
Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.
In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.
The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.
https://www.infosecurity-magazine.com/news/recycled-network-exposing/
Threats
Ransomware, Extortion and Destructive Attacks
83% of organisations paid up in ransomware attacks | VentureBeat
March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)
Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)
Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)
RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)
Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)
NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs
Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek
LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)
Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch
Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs
Black Basta claims it's selling off stolen Capita data • The Register
Ransomware reinfection and its impact on businesses - Help Net Security
Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)
Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)
Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)
Medusa ransomware crew boasts of Microsoft code leak • The Register
New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)
Phishing & Email Based Attacks
New Qbot campaign delivers malware by hijacking business emails | CSO Online
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET
UK government employees receive average of 2,246 malicious emails per year - IT Security Guru
BEC – Business Email Compromise
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
US charges three men with six million dollar business email compromise plot | Tripwire
2FA/MFA
Malware
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)
US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)
New QBot campaign delivered hijacking business correspondenceSecurity Affairs
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)
Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)
'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)
What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)
Mobile
Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)
Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)
Botnets
Internet of Things – IoT
Military helicopter crash blamed on missing software patch • The Register
Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)
Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News
The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)
Five Eye nations release new guidance on smart city cyber security | CSO Online
Data Breaches/Leaks
Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)
Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters
Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News
Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek
Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek
Organised Crime & Criminal Actors
Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)
Standardized data collection methods can help fight cyber crime | TechTarget
Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
On the hunt for the businessmen behind a billion-dollar scam - BBC News
Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)
Insider Risk and Insider Threats
Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert
HR Magazine - UK government plans to make businesses liable for employee fraud
Top risks and best practices for securely offboarding employees | CSO Online
How to Strengthen your Insider Threat Security - IT Security Guru
Fraud, Scams & Financial Crime
Pre-pandemic techniques are fueling record fraud rates - Help Net Security
HR Magazine - UK government plans to make businesses liable for employee fraud
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)
US extradites Nigerian charged in $6m email fraud scam • The Register
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
Three charged over banking fraud for hire website | Computer Weekly
On the hunt for the businessmen behind a billion-dollar scam - BBC News
Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)
Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur
FTC orders payments firm to pay $650k over tech support scam • The Register
Scammers using social media to dupe people into becoming money mules - Help Net Security
AML/CFT/Sanctions
Insurance
Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)
Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek
Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online
Dark Web
Supply Chain and Third Parties
Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)
Lazarus APT group employed Linux Malware in recent attacks-Security Affairs
Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)
Software Supply Chain
Cloud/SaaS
Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)
Linux kernel logic allowed Spectre attack on major cloud • The Register
Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)
Is there really a march from the public cloud back on-prem? | TechCrunch
Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)
Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)
Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)
Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs
Attack Surface Management
Shadow IT
Identity and Access Management
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)
The biggest data security blind spot: Authorization - Help Net Security
Encryption
API
Open Source
Linux kernel logic allowed Spectre attack on major cloud • The Register
Security beyond software: The open source hardware security evolution - Help Net Security
Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian
Scammers using social media to dupe people into becoming money mules - Help Net Security
Regulations, Fines and Legislation
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
EU privacy regulators to create task force to investigate ChatGPT | Computerworld
What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)
Brit cops rapped over app that recorded 200k phone calls • The Register
Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)
US imposes $300m penalty over hard disk drive exports to Huawei - BBC News
Governance, Risk and Compliance
Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)
Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security
'One in three firms faced cyber attacks last year' (aol.co.uk)
Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com
Quantifying cyber risk vital for business survival - Help Net Security
Wargaming an effective data breach playbook - Help Net Security
Outdated cyber security practices leave door open for criminals - Help Net Security
CISOs struggling to protect sensitive data records - Help Net Security
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)
Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)
Ex-CIO must pay £81k over Total Shambles Bank migration • The Register
Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security
Top risks and best practices for securely offboarding employees | CSO Online
How companies are struggling to build and run effective cyber security programs - Help Net Security
Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)
Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)
Secure Disposal
Backup and Recovery
Data Protection
Government reprimanded for serious breaches of data protection law - Jersey Evening Post
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
Brit cops rapped over app that recorded 200k phone calls • The Register
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)
US extradites Nigerian charged in $6m email fraud scam • The Register
Three charged over banking fraud for hire website | Computer Weekly
US citizens charged with pushing pro-Kremlin disinformation • The Register
Privacy, Surveillance and Mass Monitoring
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
What the Recent Collapse of SVB Means for Privacy (darkreading.com)
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)
Artificial Intelligence
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online
Pen testing amid the rise of AI-powered threat actors | TechTarget
EU privacy regulators to create task force to investigate ChatGPT | Computerworld
Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register
AI-created malware sends shockwaves through cybersecurity world | Fox News
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)
ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russian hackers targeting UK more frequently (thetimes.co.uk)
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News
Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)
Meet the hacker armies on Ukraine's cyber front line - BBC News
Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)
Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews
NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)
UK, US sound the alarm on Russians exploiting Cisco flaws • The Register
Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)
US citizens charged with pushing pro-Kremlin disinformation • The Register
Heightened threat of state-aligned groups against western... - NCSC.GOV.UK
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
How cyber support to Ukraine can build its democratic future | CyberScoop
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)
Britain sounds alarm on spyware, mercenary hacking market | Reuters
Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)
The UK will need more than words in this cyber war | Financial Times (ft.com)
Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)
Nation State Actors
BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)
3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)
UK security chief’s alert over threat from China (thetimes.co.uk)
Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)
US charges 44 members of alleged Chinese troll army • The Register
Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)
Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)
Heightened threat of state-aligned groups against western... - NCSC.GOV.UK
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)
Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)
US imposes $300m penalty over hard disk drive exports to Huawei - BBC News
Vulnerability Management
Military helicopter crash blamed on missing software patch • The Register
Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)
Vulnerabilities
UK, US sound the alarm on Russians exploiting Cisco flaws • The Register
Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)
Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)
Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)
Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs
VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek
Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)
Tools and Controls
Pen testing amid the rise of AI-powered threat actors | TechTarget
7 countries unite to push for secure-by-design development | CSO Online
Wargaming an effective data breach playbook - Help Net Security
Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)
DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)
Microsoft opens up Defender with file hash, URL search • The Register
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)
Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek
CISOs struggling to protect sensitive data records - Help Net Security
AI defenders ready to foil AI-armed attackers • The Register
Newer Authentication Tech a Priority for 2023 (darkreading.com)
Other News
Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop
Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)
How to defend against TCP port 445 and other SMB exploits | TechTarget
Criminal Records Service still disrupted 4 weeks after hack - BBC News
Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)
EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 February 2023
Black Arrow Cyber Threat Briefing 03 February 2023:
-Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief
-Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks
-The Corporate World is Losing its Grip on Cyber Risk
-Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks
-Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023
-The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will come from the Inside
-98% of Organisations Have a Supply Chain Relationship That Has Been Breached
-New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
-Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation
-Financial Services Targeted in 28% of UK Cyber Attacks Last Year
-Phishing Attacks are Getting Scarily Sophisticated. Here’s what to Watch Out For
-City of London on High Alert After Ransomware Attack
-Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk
-JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief
Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC). Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.
Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject. When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks
Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.
"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.
BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.
The Corporate World is Losing its Grip on Cyber Risk
Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.
But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.
But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”
The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.
https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906
Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks
Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.
Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.
Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.
Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.
Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk
With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.
Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk. The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.
Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023
Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year.
In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.
The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside
A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training.
98% of Organisations Have a Supply Chain Relationship That Has Been Breached
A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.
In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.
Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation
The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.
The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable. It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.
Financial Services Targeted in 28% of UK Cyber Attacks Last Year
Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.
https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/
Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For
Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.
The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.
City of London on High Alert After Ransomware Attack
A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.
https://www.infosecurity-magazine.com/news/city-of-london-high-alert/
JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack
Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.
JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.
https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79
Threats
Ransomware, Extortion and Destructive Attacks
City Of London Traders Hit By Russia-Linked Cyber Attack (informationsecuritybuzz.com)
New Nevada Ransomware targets Windows and VMware ESXi systems (bleepingcomputer.com)
US puts a $10m bounty on Hive while Russia shuts down access • The Register
Copycat Criminals mimicking Lockbit gang in northern Europe security affairs
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
Cyber Attack Hits Derivatives Unit of Trading Software Firm ION - Bloomberg
Regulators weigh in on ION attack as LockBit takes credit • The Register
New Mimic Ransomware Abuses Windows Search Engine (cyber securitynews.com)
Stratford University discloses ransomware attack — but which ransomware attack? (databreaches.net)
Schools don't pay, but ransomware attacks still increasing | TechTarget
Poser Hackers Impersonate LockBit in SMB Cyber attacks (darkreading.com)
Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget
Nevada Ransomware Has Released Upgraded Locker security affairs
LockBit Green ransomware variant borrows code from Conti one security affairs
Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com)
Ransomware attacks on public sector persist in January | TechTarget
Ransomware attack on data firm ION could take days to fix -sources | Reuters
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online
Phishing & Email Based Attacks
Phishing attacks are getting scarily sophisticated. Here's what to watch out for | ZDNET
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status (darkreading.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
How Can Disrupting DNS Communications Thwart a Malware Attack? (darkreading.com)
Hackers use new IceBreaker malware to breach gaming companies (bleepingcomputer.com)
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)
PoS malware can block contactless payments to steal credit cards (bleepingcomputer.com)
HeadCrab malware targets Redis to mine cryptocurrency | TechTarget
Malvertising attacks are distributing .NET malware loaders • The Register
Hackers weaponize Microsoft Visual Studio add-ins to push malware (bleepingcomputer.com)
Mobile
Google Fi data breach let hackers carry out SIM swap attacks (bleepingcomputer.com)
Over 1,800 Android phishing forms for sale on cyber crime market (bleepingcomputer.com)
Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News
Botnets
Denial of Service/DoS/DDOS
Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)
New DDoS-as-a-Service platform used in recent attacks on hospitals (bleepingcomputer.com)
Internet of Things – IoT
IoT, connected devices biggest contributors to expanding application attack surface | CSO Online
European IoT Manufacturers Lag in Vulnerability Disclosure (databreachtoday.co.uk)
Anker finally comes clean about its Eufy security cameras - The Verge
Data Breaches/Leaks
JD Sports warns data of 10mn customers put at risk in cyber attack | Financial Times (ft.com)
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)
Planet Ice hacked! 240,000 skating fans' details stolen (bitdefender.com)
Organised Crime & Criminal Actors
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
Cyber crime Ecosystem Spawns Lucrative Underground Gig Economy (darkreading.com)
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert
Report on hackers' salaries shows poor wages for developers • The Register
6 Examples of the Evolution of a Scam Site (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
HeadCrab malware targets Redis to mine cryptocurrency | TechTarget
Insider Risk and Insider Threats
Insider attacks becoming more frequent, more difficult to detect - Help Net Security
Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)
The next cyber threat may come from within - Help Net Security
Insider threats: The cyber risks lurking in the dark (betanews.com)
Former Ubiquiti dev pleads guilty to data theft, extortion • The Register
Fraud, Scams & Financial Crime
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Russian Millionaire on Trial in Hack, Insider Trade Scheme - SecurityWeek
6 Examples of the Evolution of a Scam Site (darkreading.com)
Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank | Tripwire
Romance Fraudsters Have Stolen £65m From Brits Since 2020 (informationsecuritybuzz.com)
Impersonation Attacks
AML/CFT/Sanctions
Insurance
Dark Web
There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert
Report on hackers' salaries shows poor wages for developers • The Register
Supply Chain and Third Parties
98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis - SecurityWeek
Cyber attack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? - MSSP Alert
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs | CSO Online
CISA to Open Supply Chain Risk Management Office (darkreading.com)
Cloud/SaaS
Misconfiguration and vulnerabilities biggest risks in cloud security: Report | CSO Online
Hybrid cloud storage security challenges - Help Net Security
Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security
Containers
Encryption
Serious Security: The Samba logon bug caused by outdated crypto – Naked Security (sophos.com)
Encryption Explained: At Rest, In Transit & End-To-End Encryption | Splunk
Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse - SecurityWeek
API
The emergence of trinity attacks on APIs - Help Net Security
API management (APIM): What It Is and Where It’s Going security affairs
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Bitwarden Password Manager users are being targeted by phishing ads on Google- gHacks Tech News
KeePass disputes vulnerability allowing stealthy password theft (bleepingcomputer.com)
Social Media
Inside TikTok’s proposal to address US national security concerns | CyberScoop
Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Regulators weigh in on ION attack as LockBit takes credit • The Register
New UN cyber crime convention has a long way to go in a tight timeframe | CSO Online
Governance, Risk and Compliance
Business leaders need hands-on approach to stop cyber crime, says spy chief (telegraph.co.uk)
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)
70% of CIOs anticipate their involvement in cyber security to increase - Help Net Security
Cyber security Budgets Are Going Up. So Why Aren't Breaches Going Down? (thehackernews.com)
The corporate world is losing its grip on cyber risk | Financial Times (ft.com)
Careers, Working in Cyber and Information Security
The Effect of Cyber security Layoffs on Cyber security Recruitment - SecurityWeek
Economic headwinds could deepen the cyber security skills shortage | CSO Online
Law Enforcement Action and Take Downs
7 Ways Hive Ransomware Gang Caused Chaos Before FBI Hacked It (gizmodo.com)
US puts a $10m bounty on Hive while Russia shuts down access • The Register
Hacker accused of having stolen personal data of all Austrians security affairs
Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget
Privacy, Surveillance and Mass Monitoring
On Data Privacy Day, Organisations Fail Data Privacy Expectations (darkreading.com)
Hacker accused of having stolen personal data of all Austrians security affairs
Enterprises Need to Do More to Assure Consumers About Privacy (darkreading.com)
Artificial Intelligence
Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online
OpenAI releases tool to detect AI-written text (bleepingcomputer.com)
Reality check: Is ChatGPT really the next big cyber security threat? | CyberScoop
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek
Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)
Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)
Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert
Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online
Nation State Actors
Nation State Actors – Russia
Russian Nuisance Hacking Group KillNet Targets Germany (govinfosecurity.com)
Russian hackers launch cyber attack on Germany in Leopard retaliation | Euronews
Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)
A Link to News Site Meduza Can (Technically) Land You in Russian Prison | WIRED
Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)
Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert
Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)
Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)
IT Army of Ukraine gained access to 1.5GB archive from Gazprom security affairs
There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)
Nation State Actors – China
Google deletes 50,000 pro-China fake-news vids and blogs • The Register
TikTok CEO to testify before US. Congress over security concerns | Reuters
Nation State Actors – North Korea
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
The future of vulnerability management and patch compliance - Help Net Security
What is the CVSS (Common Vulnerability Scoring System)? (techtarget.com)
Vulnerabilities
Researchers to release VMware vRealize Log RCE exploit, patch now (bleepingcomputer.com)
Patch management is crucial to protect Exchange servers, Microsoft warns security affairs
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (thehackernews.com)
Over 29,000 QNAP devices unpatched against new critical flaw (bleepingcomputer.com)
Firmware Flaws Could Spell 'Lights Out' for Servers (darkreading.com)
Why you might not be done with your January Microsoft security patches | CSO Online
HPE, NetApp warn of critical open-source bug | SC Media (scmagazine.com)
High-severity bug in F5 BIG-IP can lead to code execution and DoS security affairs
Cisco fixes bug allowing backdoor persistence between reboots (bleepingcomputer.com)
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (thehackernews.com)
Threat activity increasing around Fortinet VPN vulnerability | TechTarget
Remote code execution exploit chain available for VMware vRealize Log Insight | CSO Online
Tools and Controls
Other News
We can't rely on goodwill to protect our critical infrastructure - Help Net Security
Playing Military Sim War Thunder May Get You Classed as a National Security Risk
Cyber attacks in space: How safe are our satellites? | Metro News
Massive Microsoft 365 outage caused by WAN router IP change (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 November 2022
Black Arrow Cyber Threat Briefing 25 November 2022:
-Hackers Hit One Third of Organisations Worldwide Multiple Times
-Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks
-90% of Organisations have Microsoft 365 Security Gaps
-Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
-The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
-34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware
-“Password” Continues to Be the Most Common Password in 2022
-Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers
-European Parliament Declares Russia to be a State Sponsor of Terrorism – then Gets Attacked
-The Changing Nature of Nation-State Cyber Warfare
-Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Hackers Hit One Third of Organisations Worldwide Multiple Times
Hackers have stolen customer records multiple times from nearly a third of organisations worldwide in the past 12 months, security provider Trend Micro said in its newly released, twice-yearly Cyber Risk Index (CRI) report.
The report features interviews with some 4,100 organisations across North America, Europe, Latin/South America and Asia-Pacific. Respondents stressed that customer records are at increased risk as organisations struggle to profile and defend an expanding attack surface.
Overall, respondents rated the following as the top cyber threats in 1H 2022:
Business Email Compromise (BEC)
Clickjacking
Fileless attacks
Ransomware
Login attacks (Credential Theft)
Here are some key findings from the study:
The CRI calculates the gap between organisational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.
This is a slight increase in risk from the second half of 2021, when it was -0.04. Organisations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison.
The number of global organisations experiencing a “successful” cyber-attack increased from 84% to 90% over the same period.
The number now expected to be compromised over the coming year has also increased from 76% to 85%.
From the business perspective, the biggest concern is the misalignment between CISOs and business executives, Trend Micro said. The answers given by respondents to the question: “My organisation’s IT security objectives are aligned with business objectives,” only made a score of 4.79 out of 10.0
By addressing the shortage of cyber security professionals and improving security processes and technology, organisations will significantly reduce their vulnerability to attacks.
You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organisations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform.
Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks
Companies pay an average of $1,197 per employee yearly to address successful cyber incidents against email services, cloud collaboration apps or services and browsers.
Security researchers at Perception Point shared the findings with Infosecurity before publishing them in a new white paper this month.
According to the new data, the above figures exclude compliance fines, ransomware mitigation costs and losses from non-operational processes, all of which can cause further spending.
The survey, conducted in conjunction with Osterman Research in June, considers the responses of 250 security and IT decision-makers at various enterprises and reveals additional discoveries regarding today’s enterprise threat landscape.
These findings demonstrate the urgent need for organisations to find the most accurate and efficient cyber security solutions which provide the necessary protection with streamlined processes and managed services.
Among the findings is that malicious incidents against new cloud-based apps and services occur at 60% of the frequency with which they take place on email-based services.
Additionally, some attacks, like those involving malware installed on an endpoint, happen on cloud collaboration apps at a much higher rate (87%) when compared to email-based services.
The Perception Point report also shows that a successful email-based cyber incident takes security staff an average of 86 hours to address.
In light of these figures, the security company added that one security professional with no additional support can only handle 23 email incidents annually, representing a direct cost of $6452 per incident alone.
Conversely, incidents detected on cloud collaboration apps or services take, on average, 71 hours to resolve. In these cases, one professional can handle just 28 incidents yearly at an average cost of $5305 per incident.
https://www.infosecurity-magazine.com/news/firms-dollar1197-per-employee/
90% of Organisations have Microsoft 365 Security Gaps
A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organisations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance?
Research from the study reveals that many common security procedures are not being followed 100% of the time. This leaves gaping holes in most organisations’ security defences. While most companies have strong documented security policies, the research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources:
90% of companies had gaps across all four key areas studied – multi-factor authentication (MFA), email security, password policies, and failed logins
87% of companies have MFA disabled for some or all their admins (which are the most critical accounts to protect, due to their higher access levels)
Only 17% of companies had strong password requirements that were being consistently followed.
Overall, nearly every organisation is leaving the door open for cyber security threats due to weak credentials, particularly for administrator accounts.
In addition to security challenges, the study identified key areas for improvement in managing Microsoft 365 licences as well, such as:
The average company had 21.6% of their licenses unassigned or “sitting on the shelf.” Another 10.2% of licenses were inactive, for an average of 31.9% unused licenses.
17% of companies had over 10,000 licenses unassigned or inactive. These cases represent big opportunities to optimise licence spend with better tools.
Overall, the study reveals that reporting challenges make security and licence management incredibly difficult, leading to unnecessary risks and costs.
https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/
Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
A callback phishing extortion campaign by Luna Moth (aka Silent Ransom Group) has targeted businesses in multiple sectors, including legal and retail.
The findings come from Palo Alto Network’s security team Unit 42, which described the campaign in a new advisory.
“This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope,” reads the technical write-up. At the same time, Unit 42 said that this type of social engineering attack leaves very few artifacts because it relies on legitimate technology tools to carry out attacks. In fact, callback phishing, also known as telephone-oriented attack delivery (TOAD), is a social engineering method that requires a threat actor to interact with the victim to accomplish their goals.
“This attack style is more resource intensive but less complex than script-based attacks, and it tends to have a much higher success rate,” reads the advisory. According to Unit 42, threat actors associated with the Conti group have extensively used this attack style in BazarCall campaigns. “Early iterations of this attack focused on tricking the victim into downloading the BazarLoader malware using documents with malicious macros,” explained the researchers.
As for the new campaign, which Sygnia security researchers first unveiled in July, it removes the malware portion of the attack. “In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data [...] As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” Unit 42 wrote.
The researchers also said that they expect callback phishing attacks to increase in popularity because of low per-target cost, low risk of detection and fast monetisation factors.
https://www.infosecurity-magazine.com/news/luna-moth-phishing-target-multiple/
The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber-attacks not only can affect customers’ data, but they can impact service delivery.
In one of the recent incidents, the UK’s discount retailer The Works has been forced to temporarily shut down some of its stores after a ransomware attack. While the tech team quickly shut down the company’s computers after being alerted to the security breach by the firewall system, the attack caused disruption to deliveries and store functionality including till operations.
A cyber security incident can greatly affect a business due to the consequences associated with cyber-attacks like potential lawsuits, hefty fines and damage payments, insurance rate hikes, criminal investigations and bad publicity. For example, shares of Okta, a major provider of authentication services, fell 9% after the company revealed it was a victim of a major supply chain incident via an attack on a third-party contractor’s laptop, which affected some of its customers.
Another glaring example is a 2021 cyber-attack launched by the Russian-speaking ransomware gang called DarkSide against the operator of one of the US’ largest fuel pipelines Colonial Pipeline, which crippled fuel delivery across the Southeastern United States impacting lives of millions due to supply shortages. Colonial paid the DarkSide hackers a $4.4 million ransom soon after the incident. The attackers also stole nearly 100GB of data from Colonial Pipeline and threatened to leak it if the ransom wasn’t paid. It’s also worth noting that the company is now facing a nearly $1 million penalty for failure “to plan and prepare for a manual restart and shutdown operation, which contributed to the national impacts after the cyber-attack.”
Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).
Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.
For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.
34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware
As many as 34 Russian-speaking gangs, distributing information-stealing malware under the stealer-as-a-service model, stole no fewer than 50 million passwords in the first seven months of 2022.
"The underground market value of stolen logs and compromised card details is estimated around $5.8 million" Singapore-headquartered Group-IB said in a report shared with The Hacker News.
Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.
A majority of the victims were located in the US, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, over 890,000 devices in 111 countries were infected during the time frame.
Group-IB said the members of several scam groups who are propagating the information stealers previously participated in the Classiscam operation. These groups, which are active on Telegram and have around 200 members on average, are hierarchical, consisting of administrators and workers (or traffers), the latter of whom are responsible for driving unsuspecting users to info-stealers like RedLine and Raccoon. This is achieved by setting up bait websites that impersonate well-known companies and luring victims into downloading malicious files. Links to such websites are, in turn, embedded into YouTube video reviews for popular games and lotteries on social media, or shared directly with non-fungible token (NFT) artists.
https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html
“Password” Continues to Be the Most Common Password in 2022
You would think the time spent working from home in the last two years or so helped netizens across the planet figure out how to master the world of WWW in a more efficient manner.
But new research from NordPass shows that despite so many people relying on an Internet connection for their daily activities, few actually care about the security of their data when they go online.
As a result, “password” continues to be the number one password out there, with the aforementioned company claiming that this particular keyword was detected close to 5 million times in a 3TB database. It takes less than one second to crack this password, the company says.
“123456” is currently the second most-used password worldwide, followed by its longer sibling known as “123456789” because, you know, hackers don’t know how to count to 10.
“There’s more than one way to get swindled on Tinder: using “tinder” as your password is more risky than swiping right on a billionaire. In total, this password was used 36,384 times” NordPass says. “The glitziest film industry event of the year – the Oscars ceremony – inspired many to use not-so-glitzy passwords: the password “Oscars” was used 62,983 times.”
Of course, it’s no surprise that Internet users out there turn to movies to get inspiration for their passwords, so unfortunately, “batman” is currently one of the most used keywords supposed to secure Internet accounts.
“Films and shows like Batman, Euphoria, and Encanto were among the most popular releases in 2021/2022. All are also popular passwords: “batman” was used 2,562,776 times, “euphoria” 53,993, and “encanto” 10,808 times,” the company says.
The most common password in the United States is “guest,” while in the United Kingdom, quite a lot of people go for “liverpool” (despite hackers needing just 1 second to crack it).
Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers
A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. The same security vulnerability appears to have been exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.
It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression. HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle. A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.
At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but said nothing about anyone exploiting it. Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts.
https://9to5mac.com/2022/11/25/massive-twitter-data-breach/
European Parliament Declares Russia to be a State Sponsor of Terrorism – Then Gets Attacked
On Wednesday, the European Parliament adopted a resolution on the latest developments in Russia’s brutal war of aggression against Ukraine. MEPs highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes. In light of this, they recognise Russia as a state sponsor of terrorism and as a state that “uses means of terrorism”.
As the EU currently cannot officially designate states as sponsors of terrorism, the European Parliament calls on the EU and its member states to put in place the proper legal framework and consider adding Russia to such a list. This would trigger a number of significant restrictive measures against Moscow and have profound restrictive implications for EU relations with Russia.
In the meantime, MEPs call on the Council to include the Russian paramilitary organisation ‘the Wagner Group’, the 141st Special Motorized Regiment, also known as the “Kadyrovites”, and other Russian-funded armed groups, militias and proxies, on the EU’s terrorist list.
Almost immediately after the vote the European Parliament suffered a sustained denial of service attack that shut down email services and disrupted internet access for more than an hour. A pro-Russian group called KILLNET then claimed responsibility in a Telegram post.
The Changing Nature of Nation-State Cyber Warfare
Military conflict is ever shifting from beyond the battlefield and into cyber space. Ever more sophisticated and ruthless groups of nation-state actors and their proxies continue to target critical systems and infrastructure for political and ideological leverage. These criminals’ far-reaching objectives include intelligence gathering, financial gain, destabilising other nations, hindering communications, and the theft of intellectual property.
The risks to individuals and society are clear. Due to its importance to daily life and the economy, the UK’s critical national infrastructure (CNI) is a natural target for malicious nation-state cyber-attacks. We only need look at the Colonial Pipeline ransomware attack in the US – at the hands of the Russia-affiliated DarkSide group – to appreciate the potential for one criminal act to escalate and cause large-scale societal impact: panic and disruption. Even though the pipeline was shut down for less than a week, the havoc caused by suspending fuel supplies gave CNI operators everywhere a worrying taste of things to come.
Closer to home, the recent cyber attack on South Staffordshire Water highlights the need for all utilities providers to take proactive measures and precautions to better secure essential human sustenance supplies. With the risk of coordinated attacks by criminals backed by nation states rising, the potential for human casualties if attacks against CNI go unchecked is becoming starkly clear.
The Russia-Ukraine war has heightened awareness of the cyber threats posed by all nation-state adversaries. Unsurprisingly, challenges and conflicts in the physical world tend to bleed through into the cyber domain. And with relations between Western nations and Russia, China, Iran, and North Korea more fraught than ever, UK organisations can expect to see further increases in cyber threats at the hands of hostile nation-state actors.
https://informationsecuritybuzz.com/the-changing-nature-of-nation-state-cyber-warfare/
Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question
Cyber crime continues to be a persistent and pressing issue for all sized businesses, particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyber attack shut their doors within six months.
Despite the continuing rise in risk, many small businesses remain vulnerable to cyber attacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.
Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyber attack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.
With the constant – and ever-increasing – threat of potential cyber attacks and the need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.
But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK government’s Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy in place.
Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. While all-sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, the time involved in finding a provider, and a lack of understanding of the importance of a cyber insurance policy.
Threats
Ransomware and Extortion
Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)
Fake subscription invoices lead to corporate data theft and extortion - Help Net Security
Ransomware gang targets Belgian municipality, hits police instead (bleepingcomputer.com)
New ransomware encrypts files, then steals your Discord account (bleepingcomputer.com)
Donut extortion group also targets victims with ransomware (bleepingcomputer.com)
Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (thehackernews.com)
Ransomware attacks: Making cyber ransom payments unlawful would help boards (afr.com)
An aggressive Black Basta Ransomware campaign targets US-based companies - Security Affairs
Luna Moth ransomware group invests in call centres to target individual victims - SiliconANGLE
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)
Cybereason warns of fast-moving Black Basta campaign (techtarget.com)
Enterprise healthcare providers warned of Lorenz ransomware threat | SC Media (scmagazine.com)
Montreal-area city hit by ransomware: Report | IT World Canada News
Phishing & Email Based Attacks
Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks (darkreading.com)
World Cup phishing emails spike in Middle Eastern countries • The Register
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs
SocGholish finds success through novel email techniques | SC Media (scmagazine.com)
BEC – Business Email Compromise
Malware
Cyber criminals are increasingly using info-stealing malware to target victims | CSO Online
A security firm hacked malware operators, locking them out of their own C&C servers | TechSpot
Emotet is back and delivers payloads like IcedID and Bumblebee - Security Affairs
All You Need to Know About Emotet in 2022 (thehackernews.com)
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
Multi-Purpose Botnet and Infostealer 'Aurora' Rising to Fame | SecurityWeek.Com
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Aurora infostealer malware increasingly adopted by cybergangs (bleepingcomputer.com)
This new malware is able to bypass all of Microsoft's security warnings | TechRadar
Backdoored Chrome extension installed by 200,000 Roblox players (bleepingcomputer.com)
Mobile
'Patch Lag' Leaves Millions of Android Devices Vulnerable (darkreading.com)
Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws (thehackernews.com)
Your iPhone may be collecting more personal data than you think | Digital Trends
Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity
WhatsApp data leak: 500 million user records for sale | Cybernews
Internet of Things – IoT
Data Breaches/Leaks
WhatsApp data leak: 500 million user records for sale - Security Affairs
California County Says Personal Information Compromised in Data Breach | SecurityWeek.Com
Organised Crime & Criminal Actors
Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)
How social media scammers buy time to steal your 2FA codes – Naked Security (sophos.com)
DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads | Cyware Alerts - Hacker News
Hackers are locking out Mars Stealer operators from their own servers | TechCrunch
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz
Two Estonians arrested for running $575M crypto Ponzi scheme (bleepingcomputer.com)
Cyber crooks to ditch BTC as regulation and tracking improves: Kaspersky (cointelegraph.com)
Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Bahamas SEC Or Hacker? Stolen Funds From FTX Keep On Moving (bitcoinist.com)
Fraud, Scams & Financial Crime
'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)
Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Beware - Black Friday online shopping scams are here now | TechRadar
Online retailers should prepare for a holiday season spike in bot-operated attacks | CSO Online
Pig butchering domains seized and slaughtered by the Feds • The Register
Insurance
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
Hybrid/Remote Working
Identity and Access Management
Encryption
API
5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs
Three security design principles for public REST APIs - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)
Guess the most common password. Hint: We just told you • The Register
World Cup Players Among Most Breached Passwords - IT Security Guru
Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Hackers steal $300,000 in DraftKings credential stuffing attack (bleepingcomputer.com)
Social Media
Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts (bleepingcomputer.com)
Cyber security Pros Put Mastodon Flaws Under the Microscope (darkreading.com)
Musk to abused Twitter users: Your tormentors will return • The Register
Facebook sued for collecting personal data to sell adverts | News | The Times
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz
How US cyber incident reporting law could finally fix the information sharing problem - CyberScoop
Law Enforcement Action and Take Downs
Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire
'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
iPhones are not as privacy-focused as Apple claims, researchers point out - India Today
Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine shows how space is now central to warfare | Financial Times (ft.com)
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)
EU Parliament Putin things back together after cyber attack • The Register
Opinion | Democracies flirting with spyware like Pegasus raises dangers - The Washington Post
Scotland's broadband builder linked to Israeli spyware | HeraldScotland
Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organisations (thehackernews.com)
Nation State Actors
Nation State Actors – Russia
Russian Tech Giant Wants Out of the Country As Ukraine War Rages on (insider.com)
Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors – China
Vulnerability Management
Vulnerabilities
73 Percent of Retail Applications Contain Security Flaws, but Only a Quarter Are Fixed (yahoo.com)
Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs
AWS fixes 'confused deputy' vulnerability in AppSync • The Register
How to hack an unpatched Exchange server with rogue PowerShell code – Naked Security (sophos.com)
Google pushes emergency Chrome update to fix 8th zero-day in 2022 (bleepingcomputer.com)
Upgrade to Apache Commons Text 1.10 to Avoid New Exploit (infoq.com)
Security experts are laying Mastodon's flaws bare | TechRadar
Devices from Dell, HP, and Lenovo used outdated OpenSSL versions - Security Affairs
PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability | SecurityWeek.Com
5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs
Reports Published in the Last Week
Other News
Know thy enemy: thinking like a hacker can boost cyber security strategy | CSO Online
Security Culture Matters when IT is Decentralized (trendmicro.com)
Legacy IT system modernization largely driven by security concerns - Help Net Security
Been Doing It The Same Way For Years? Think Again. (thehackernews.com)
Docker Hub repositories hide over 1,650 malicious containers (bleepingcomputer.com)
How Tech Companies Can Slow Down Spike in Breaches (darkreading.com)
Inventor of the Web Sir Tim Berners-Lee wants to save your data from Big Tech with Web3.0 | Euronews
Deloitte reveals 10 strategic cyber security predictions for 2023 | VentureBeat
The Biden administration has racked up a host of cyber security accomplishments | CSO Online
US Navy Forced to Pay Software Company for Licensing Breach (gizmodo.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28 October 2022
Black Arrow Cyber Threat Briefing 28 October 2022:
-‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million
-Ransomware Threat Shifts from US to EMEA and APAC
-Phishing Attacks Increase by Over 31% In Third Quarter
-UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis
-HR Departments Play a Key Role in Cyber Security
-The Long-Term Psychological Effects of Ransomware Attacks
-7 Hidden Social Media Cyber Risks for Enterprises
-54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
-Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before it’s Too Late
-Enterprise Ransomware Preparedness Improving but Still Lacking
-Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data
-How The "pizza123" Password Could Take Down an Organisation
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million
The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.
The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.
The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.
The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.
John Edwards, UK Information Commissioner, said:
“The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.
“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.
“Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”
Ransomware Threat Shifts from US to EMEA and APAC
The volume of ransomware detections in Q3 2022 was the lowest in two years, but certain geographical regions have become bigger targets as attacks on US organisations wane, according to SonicWall. The security vendor used its own threat detection network, including over one million security sensors in more than 200 countries, to reveal the current landscape.
The good news is that global malware volumes have remained flat for the past three quarters, amounting to a total of over four billion detections in the year to date. Of these, ransomware is also trending down after a record-breaking 2021. Even so, SonicWall detected 338 million compromise attempts in the first three quarters of the year.
Year-to-date ransomware attempts in 2022 have already exceeded the full-year totals from four of the past five years, the vendor claimed. While attacks on US organisations dipped by 51% year-on-year during the period, they increased significantly in the UK (20%), EMEA (38%) and APAC (56%).
The cyber-warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.
https://www.infosecurity-magazine.com/news/ransomware-threat-shifts-from-us/
Phishing Attacks Increase by Over 31% In Third Quarter
Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.
Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.
According to the report, email is the preferred attack vector for phishing and malware, as it gives hackers a direct channel to users, the weakest link in an organisation’s attack surface. The report analyses phishing and malware data captured by Vade, which does business internationally.
As attacks become more sophisticated, Vade said, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.
While the activity of threat actors fluctuates, Vade’s research found that impersonating trusted and established brands remains the most popular strategy for hackers. In the third quarter of 2022, Facebook was the most impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft.
The financial services sector remains the most impersonated industry, representing 32% of phishing emails detected by Vade, followed by cloud at 25%, social media at 22%, and internet/telco at 13%.
As phishing attacks increase, the techniques used by threat actors continue to evolve. While phishing campaigns were traditionally large scale and random, more recent campaigns seen by Vade suggest that hackers have pivoted to using more targeted campaigns.
UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis
Brits have been warned to “stay alert for fraud” as more people are out to make extra cash as the cost of living rises across the country.
UK Finance said that more than half (56%) of people admitted that they are likely to look for opportunities to make extra money in the coming months, which could leave some people more susceptible to fraud.
According to the trade association’s Take Five To Stop Fraud campaign, one in six, or 16%, of people said the rising cost of living means they are more likely to respond to an unprompted approach from someone offering an investment opportunity or a loan.
Young people were more likely to be at risk, the data suggested, which surveyed 2,000 people across the UK. More than a third (34%) of 18 to 34-year-olds said they are more likely to respond to an unprompted approach from someone, with three in 10 (30%) also more likely to provide their personal or financial details to secure the arrangement.
Overall, three in five people (60%) said they are concerned about falling victim to financial fraud or a scam. It comes as recent figures from UK Finance showed that £609.8m was lost due to fraud and scams in the first half of this year.
https://uk.news.yahoo.com/uk-watch-for-fraud-extra-cash-cost-of-living-crisis-230154352.html
HR Departments Play a Key Role in Cyber Security
A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the centre of how an organisation is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.
Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cyber security posture.
Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from bring-your-own-device (BYOD) and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.
Beyond malicious threats, even routine HR processes can introduce risk to the organisation when they're not adequately aligned with the IT processes in an organisation. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.
To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organisation, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.
https://www.darkreading.com/vulnerabilities-threats/hr-departments-play-a-key-role-in-cybersecurity
The Long-Term Psychological Effects of Ransomware Attacks
Northwave has conducted scientific research into the psychological effects of a ransomware crisis on both organisations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn in disarray long after the crisis itself has passed.
The research reveals how the psychological impact of ransomware attacks can persist on people in affected organisations for a very long time. It shows that crisis team members may develop serious symptoms far later. Top management and HR need to take measures against this, in fact right from the very beginning of the crisis. They are the ones bearing responsibility for the well-being of their staff.
They also discovered how teams have fallen apart some time after the crisis, with members leaving or staying home on sick-leave. The study reveals that effects can linger throughout the organisation. All in all the investigation shows that this invisible impact of a cyber crisis is an issue for the general business management, and certainly also for HR.
Northwave regards the response to a cyber attack as occurring in three phases. First comes the actual crisis situation, which evolves into an incident phase after about a week. A plan of action is then in place, and recovery measures are launched. The fire has been largely extinguished after a month or so, with the first (basic) functionalities available again.
Full recovery can take one to two years. Each phase has its specific effects on the minds and bodies of those involved, and by extension, on the organisation or parts of it. “On average a company is down for three weeks following a malware attack,” notes Van der Beijl. “But it surprised us that the impact persists for so long afterwards. Psychological issues are still surfacing a year after the actual crisis.”
One of every seven employees involved in the attack, either directly or indirectly, exhibits severe enough symptoms several months later, at a level considered to be above the clinical threshold at which professional trauma treatment help is needed. One in five employees say they would actually have needed more professional help subsequently in coming to terms with the attack. One in three liked to have more knowledge and concrete tools to deal with the psychological effects of the attack.
A ransomware attack has enduring psychological effects on the way employees view the world. Two-thirds of employees, including those not actually involved in the attack, now believe the world is less safe. As one IT manager pointed out, “I’ve become far more suspicious. The outside world is a dangerous place.”
https://www.helpnetsecurity.com/2022/10/25/psychological-effects-ransomware/
7 Hidden Social Media Cyber Risks for Enterprises
Whether they use it to amplify the brand, recruit new employees, advertise new products, or even sell directly to consumers, corporate brands love social media.
According to recent figures, brand advertising on social media is up by 53% in the last year, and that's not accounting for further investments that brands are making in developing and distributing content. They're pushing viral videos, funny memes, podcasts, written material, and more to increase engagement with their customers.
And brands are doing it across not only the old reliable social networks like Facebook and Twitter, but also emerging platforms like TikTok. In fact, according to another recent study, in 2022 marketers are expanding their horizons, with their increased content investments focused on areas like live streaming, long-form and short-form video content, virtual reality and augmented reality content, experimental content, and live audio chat rooms. The top platforms they're focused on most for increasing spending are now TikTok, Instagram, YouTube, and LinkedIn.
With the broadening of these social-media marketing strategies comes more risk. Whether an organisation uses social media to amplify its brand, or its executives and employees leverage social channels to bolster their professional and personal brands, these marketing platforms are a breeding ground for a wide range of cyber attacks and scams, including in the areas of artificial intelligence, deepfakes, and biometrics.
Cyber criminals, fraudsters, spies, and activists work around the clock to take advantage of emerging attack surfaces that arise from enterprise use of social media. The article below presents just a few avenues that organisations may overlook when they double-down on their social media investments.
https://www.darkreading.com/application-security/7-hidden-social-media-cyber-risks-enterprises
54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cyber security technology provider, Encore.
An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.
Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in. The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.
The immediate financial cost of a cyber-attack remains the number one concern for businesses, but security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers.
41% of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.
Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Encore believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.
Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before It’s Too Late
According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. Proofpoint's 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over it can take an extended period of time to restore data.
One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.
The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.
Enterprise Ransomware Preparedness Improving but Still Lacking
The majority of organisations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, "The Long Road Ahead to Ransomware Preparedness" by Enterprise Strategy Group, a division of TechTarget.
Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.
The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organisations plan to invest more in ransomware preparedness over the next 12 to 18 months.
With preparedness investments expected to grow, the survey asked how organisations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:
network security (43%)
backup infrastructure security (40%)
endpoint security (39%)
email security (36%)
data encryption (36%)
Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.
Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data
New details have emerged on the severity of the Australian Medibank hack, which has now affected all users. Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the Australian household names that have fallen victim to a data breach.
If it seems like barely a week goes by without news of another incident like this, you would be right. Cyber crime is on the rise – seven major Australian businesses were affected by data breaches in the past month alone.
But why now? And who is responsible for this latest wave of cyber attacks?
In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.
Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem. This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.
Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand. Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.
Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.
How The "pizza123" Password Could Take Down an Organisation
Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers, who described the attack in their own article on FastCompany.com before the publication took the site down.
The breach, the bitter taste of pizza123, and the plight of malicious push notifications, demand caution when selecting and managing passwords.
The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.
After decades of investment in sculpting the organisation's brand image, a business can watch its reputation flounder in the face of an obscene push notification. The sentiment of millions of faithful customers can turn sour in an instant. By the time organisations block the messages and make public apologies, the harm is done.
Customers can swap to a competitor, or even sue for the offence when they have entrusted a publisher to provide safe content. Regulatory bodies can fine organisations. The company can spend time and money defending itself in court and restoring its image. But malicious push notifications can do a lot worse than offend customers—criminal hackers can load messages with malware and infect consumer devices, leading to privacy violations and consumer financial fraud.
People often build passwords using the first word that comes to mind and a brief series of numbers. Pizza123 is a perfect example of an easy-to-guess password. Employees will create passwords already appearing on breached password lists. Criminal hackers use brute force attacks to confirm working passwords from the same lists.
Nearly two-thirds of employees reuse their passwords. The more they reuse them across business and personal accounts, the more likely criminal hackers will breach them and test them on the organisation. Hackers know to try the same passwords on different companies they hack because of password reuse.
Robust password management enables fine-grained password policies and policy customisation. With a custom password policy, organisations can increase complexity requirements, like length and previous-password change minimums. A custom password policy with increased complexity requirements will block 95% of weak and breached passwords.
Password length is a particularly critical component of strong passwords. Ninety-three percent of the passwords used in brute force attacks include eight or more characters. A custom password policy can require a minimum password length, decreasing password entropy.
Threats
Ransomware and Extortion
SonicWall: Ransomware down this year, but there’s a catch • The Register
Health insurer Medibank's infosec diagnosis is getting worse • The Register
Microsoft links Raspberry Robin worm to Clop ransomware attacks (bleepingcomputer.com)
How to detect Windows worm that now distributes ransomware • The Register
Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn (darkreading.com)
BlackByte ransomware affiliate also steals victims' data • The Register
Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs
OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)
CISA warns of ransomware attacks on healthcare providers (techtarget.com)
Ransom Cartel - REvil Rebrand? (informationsecuritybuzz.com)
Addressing Ransomware in Hospitals & Medical Devices (trendmicro.com)
Australian Clinical Labs says patient data stolen in ransomware attack (bleepingcomputer.com)
Vice Society Hackers Confess To Education Sector Ransomware Attacks (informationsecuritybuzz.com)
Why Ransomware in Education on the Rise and What That Means for 2023 (thehackernews.com)
Largest EU copper producer Aurubis suffers cyber attack, IT outage (bleepingcomputer.com)
Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (thehackernews.com)
Ransomware Gangs Ramp Up Industrial Attacks in US (darkreading.com)
Phishing & Email Based Attacks
Other Social Engineering; Smishing, Vishing, etc
Social engineering attacks anybody could fall victim to - Help Net Security
Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks | SecurityWeek.Com
Malware
Threat Groups Repurpose Banking Trojans into Backdoors (darkreading.com)
Types of cloud malware and how to defend against them (techtarget.com)
Chrome extensions with 1 million installs hijack targets’ browsers (bleepingcomputer.com)
Hackers use Microsoft IIS web server logs to control malware (bleepingcomputer.com)
Mobile
Internet of Things – IoT
IoT Fingerprinting Helps Authenticate and Secure All Those Devices (darkreading.com)
IoT security strategy from enterprises using connected devices | Network World
Your CCTV devices can be hacked and weaponized - Help Net Security
Data Breaches/Leaks
Thomson Reuters leaked at least 3TB of sensitive data | Cybernews
See Tickets discloses 2.5 years-long credit card theft breach (bleepingcomputer.com)
Twilio discloses another hack from June, blames voice phishing (bleepingcomputer.com)
Organised Crime & Criminal Actors
Ukrainian charged for operating Raccoon Stealer malware service (bleepingcomputer.com)
Interpol says metaverse opens up new world of cyber crime | Reuters
From Bounty to Exploit Observations About Cyber criminal Contests (trendmicro.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Purpleurchin: Cryptocurrency miners scour GitHub, Heroku • The Register
Cryptomining campaign abused free GitHub account trials (techtarget.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection (darkreading.com)
LinkedIn Releases New Security Features To Combat Fraud (informationsecuritybuzz.com)
Beware Of SCAMS As Cost Of Living Bites Finances, Expert Comments (informationsecuritybuzz.com)
Insurance
Health insurer Medibank's infosec diagnosis is getting worse • The Register
Cyber Insurance Market 2022: FAQs & Updates with iBynd (trendmicro.com)
Dark Web
Notorious ‘BestBuy’ hacker arraigned for running dark web market (bleepingcomputer.com)
Student arrested for running one of Germany’s largest dark web markets (bleepingcomputer.com)
British hacker arraigned for running The Real Deal dark web marketplace - Security Affairs
Software Supply Chain
How the Software Supply Chain Security is Threatened by Hackers (thehackernews.com)
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)
Consumer behaviours are the root of open source risk - Help Net Security
Denial of Service DoS/DDoS
Key observations on DDoS attacks in H1 2022 - Help Net Security
Meet the Windows servers that have been fuelling massive DDoSes for months | Ars Technica
Cloud/SaaS
Everything you Need to Know about Cloud Hacking and its Methodologies (analyticsinsight.net)
Top Cloud Security Challenges & How to Beat Them (trendmicro.com)
Atlassian Vulnerabilities Highlight Criticality of Cloud Services (darkreading.com)
Threat Actors Target AWS EC2 Workloads to Steal Credentials (trendmicro.com)
Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)
4 Reasons Open Source Matters for Cloud Security (darkreading.com)
Cloud Providers Throw Their Weight Behind Confidential Computing (darkreading.com)
Hybrid Working
Balancing remote work privacy vs. productivity monitoring (techtarget.com)
Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)
Attack Surface Management
Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)
Asset risk management: Getting the basics right - Help Net Security
Encryption
New Critical Vuln In Component That Allow Encryption Across Internet - (informationsecuritybuzz.com)
API
Open Source
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)
4 Reasons Open Source Matters for Cloud Security (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why it's time to expire mandatory password expiration policies (techtarget.com)
Feds say Ukrainian man running malware service amassed 50M unique credentials | Ars Technica
Biometrics
Social Media
LinkedIn Phishing Spoof Bypasses Google Workspace Security (darkreading.com)
LinkedIn's new security features combat fake profiles, threat actors (bleepingcomputer.com)
Cyber security event cancelled after scammers disrupt LinkedIn live chat (bitdefender.com)
Expert Opinion: What Does Musk's Takeover Mean For Cyber security? (informationsecuritybuzz.com)
Cyber attackers Target Instagram Users With Threats of Copyright Infringement (darkreading.com)
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Data Protection
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine: Russian cyber attacks aimless and opportunistic (techtarget.com)
Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (thehackernews.com)
Slovak, Polish Parliaments Hit by Cyber attacks | SecurityWeek.Com
Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs
Ukraine Warns of Cuba Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors
Nation State Actors – Russia
Russia says Starlink satellites could become military target • The Register
Calls for inquiry mount after reports that Truss’s phone was hacked | Financial Times
OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)
Nation State Actors – China
Chinese Connected Cyber Crew Unleashes Disinformation Campaign Ahead of US Elections - MSSP Alert
Federal bans don't stop US states from buying Chinese kit • The Register
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerabilities
OpenSSL to fix the second critical flaw ever - Security Affairs
Urgent: Google Issues Emergency Patch for Chrome Zero-Day (darkreading.com)
ConnectWise fixes RCE bug exposing thousands of servers to attacks (bleepingcomputer.com)
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! – Naked Security (sophos.com)
Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit (darkreading.com)
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (thehackernews.com)
Cisco warns admins to patch AnyConnect flaws exploited in attacks (bleepingcomputer.com)
Exploit released for critical VMware RCE vulnerability, patch now (bleepingcomputer.com)
Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities | SecurityWeek.Com
Incoming OpenSSL critical fix: Organisations, users, get ready! - Help Net Security
Cisco Users Informed of Vulnerabilities in Identity Services Engine | SecurityWeek.Com
VMware fixes critical RCE in VMware Cloud Foundation - Security Affairs
VMware Patches Critical Vulnerability in End-of-Life Product | SecurityWeek.Com
Multiple vulnerabilities affect the Juniper Junos OS - Security Affairs
Other News
Cyber Security Risks & Stats This Spooky Season (darkreading.com)
Cyber Certification Skills Are For Life, Not Just For Linkedin (informationsecuritybuzz.com)
Implementing Defence in Depth to Prevent and Mitigate Cyber Attacks (thehackernews.com)
Cyber security’s importance and impact reaches all levels of the tech workforce - Help Net Security
Stress Is Driving Cyber Security Professionals to Rethink Roles (darkreading.com)
Equifax's Lessons Are Still Relevant, 5 Years Later (darkreading.com)
Why dark data is a growing danger for corporations - Help Net Security
Know the dangers you're facing: 4 notable TTPs used by cyber criminals worldwide - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 16 September 2022
Black Arrow Cyber Threat Briefing 16 September 2022
-CFOs’ Overconfidence in Cyber Security Can Cost Millions
-Cyber Security Outflanks Inflation, Talent, Logistics in Business Worries
-Attackers Can Compromise Most Cloud Data in Just 3 Steps
-Cyber Insurance Premiums Soar 80% As Claims Surge
-One In 10 Employees Leaks Sensitive Company Data Every 6 Months
-Business Application Compromise & the Evolving Art of Social Engineering
-SMBs Are Hardest-Hit By Ransomware
-65% Say Legacy Backup Solutions Aren’t Up To Ransomware Challenges
-Four-Fifths of Firms Hit by Critical Cloud Security Incident
-Homeworkers Putting Home and Business Cyber Safety at Risk
-Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen
-IHG hack: 'Vindictive' couple deleted hotel chain data for fun
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
CFOs’ Overconfidence in Cyber Security Can Cost Millions
Kroll announced its report entitled ‘Cyber Risk and CFOs: Over-Confidence is Costly’ which found chief financial officers (CFOs) to be woefully in the dark regarding cyber security, despite confidence in their company’s ability to respond to an incident.
The report, conducted by StudioID of Industry Dive, exposed three key themes among the 180 senior finance executives surveyed worldwide:
Ignorance is bliss. Eighty-seven percent of CFOs are either very or extremely confident in their organisation’s cyber attack response. This is at odds with the level of visibility CFOs have into cyber risk issues, given only four out of 10 surveyed have regular briefings with their cyber teams.
Wide-ranging damages. 71% of the represented organisations suffered more than $5 million in financial losses stemming from cyber incidents in the previous 18 months, and 61% had suffered at least three significant cyber incidents in that time. Eighty-two percent of the executives in the survey said their companies suffered a loss of 5% or more in their valuations following their largest cyber security incident in the previous 18 months.
Increasing investment in cyber security. Forty-five percent of respondents plan to increase the percentage of their overall IT budget dedicated to information security by at least 10%.
According to Kroll: “We often see that CFOs are not aware enough of the financial risk presented by cyber threats until they face an incident. At that point, it’s clear that they need to be involved not only in the recovery, including permitting access to emergency funds and procuring third-party suppliers, but also in the strategy and investment around cyber both pre- and post-incident.”
“Ultimately, cyber attacks represent a financial risk to the business, and incidents can have a significant impact on value. It is, therefore, critical that this is included in wider business risk considerations. A CFO and CISO should work side-by-side, helping the business navigate the operational and financial risk of cyber.”
https://www.helpnetsecurity.com/2022/09/14/cfos-cybersecurity-confidence/
Cyber Security Outflanks Inflation, Talent, Logistics in Business Worries
Nearly six in 10 IT leaders in a new study view cyber security as their top business concern, ranking it higher than inflation, retaining talent and supply chain/logistics management.
Less than half of respondents (43%) believe their critical data and assets are protected from cyber threats despite increased cyber security investments by their organisations, greater board visibility and increased collaboration between the security team and the C-suite, Rackspace said in its new survey of 1,420 IT professionals worldwide.
The multi-cloud technology services specialist said that a “large majority” of the survey respondents report being either unprepared or only “somewhat prepared” to respond to major threats, such as identifying and mitigating threats and areas of concern (62%), recovering from cyber attacks (61%) or preventing lapses and breaches (63%).
Cloud native security is where organisations are most likely to rely on an outside partner, such as a managed security service provider, for expertise.
Here are more of the survey’s findings:
The top three cyber security challenges their organisation is facing: migrating and operating apps (45%); shortage of workers with cyber security skills (39%); lack of visibility of vulnerabilities across all infrastructure (38%).
70% of survey respondents report that their cyber security budgets have increased over the past three years.
The leading recipients of new investment are cloud native security (59%); data security (50%), consultative security services (44%); and application security (41%).
Investments align closely with the areas where organisations perceive their greatest concentration of threats, led by network security (58%), closely followed by web application attacks (53%) and cloud architecture attacks (50%).
70% of respondents said there has been an increase in board visibility for cyber security over the past five years, while 69% cite better collaboration between the security team and members of the C-suite.
Only 13% of respondents said there were significant communications gaps between the security team and C-suite, while 69% of IT executives view their counterparts in the C-suite as advocates for their concerns.
The authors stated “We are seeing a major shift in how organisations are allocating resources to address cyber threats, even as budgets increase. The cloud brings with it a new array of security challenges that require new expertise, and often reliance on external partners who can help implement cloud native security tools, automate security, provide cloud native application protection, offer container security solutions and other capabilities”.
Attackers Can Compromise Most Cloud Data in Just 3 Steps
An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.
Companies and their cloud providers often leave vulnerabilities open in their system and services, gifting attackers with an easy path to gain access to critical data.
According to an Orca Security analysis of data collected from major cloud services, attackers only need on average three steps to gain access to sensitive data, the so-called "crown jewels," starting most often — in 78% of cases — with the exploitation of a known vulnerability.
While much of the security discussion has focused on the misconfigurations of cloud resources by companies, cloud providers have often been slow to plug vulnerabilities.
The key is to fix the root causes, which is the initial vector, and to increase the number of steps that they attacker needs to take. Proper security controls can make sure that even if there is an initial attack vector, you are still not able to reach the crown jewels.
The report analysed data from Orca's security research team using data from a "billions of cloud assets on AWS, Azure, and Google Cloud," which the company's customers regularly scan. The data included cloud workload and configuration data, environment data, and information on assets collected in the first half of 2022.
https://www.darkreading.com/cloud/cyberattackers-compromise-most-cloud-data-3-steps
Cyber Insurance Premiums Soar 80% As Claims Surge
Cyber insurance premiums have soared in the past year as claims surged in response to a rise in damaging attacks by hackers.
The cost of taking out cyber cover had doubled on average every year for the past three years, said global insurance broker Marsh. Honan Group, another broker, pointed to an 80 per cent rise in premiums in the past 12 months, following a 20 per cent increase in the cost of cover in each of the previous two years.
Brokers are calling cyber “the new D&O”, referring to sharp rises in directors and officers insurance premiums since 2018. Brokers were hopeful premiums would ease, but have warned insurers would continue to demand companies prove they had strong security systems and policies in place before agreeing to sell them insurance.
There’ll be a number of insurance companies that won’t even look at a business that doesn’t have a bunch of security measures in place. They’ll just turn around and say, ‘we’re not going to insure you’. The chief reason for the price rises is the increase in the number and size of claims relating to ransomware, where criminals use malicious software to block access to an organisation’s computer system until a sum of money is paid. In addition, some insurers left the market, while remaining players attempted to recoup the cost of under-priced contracts written in previous years.
The rise in the premiums is mainly due to ransomware and cyber attacks across the board have risen sharply over the past few years.
One In 10 Employees Leaks Sensitive Company Data Every 6 Months
Departing employees are most likely to leak sensitive information to competitors, criminals or the media in exchange for cash.
Insider threats are an ongoing menace that enterprise security teams need to handle. It's a global problem but especially acute in the US, with 47 million Americans quitting their jobs in 2021. The threat of ex-employees taking sensitive information to competitors, selling it to criminals in exchange for cash, and leaking files to media is making data exfiltration a growing concern.
About 1.4 million people who handle sensitive information in their organisation globally were tracked over the period from January to June 30 this year by cyber security firm Cyberhaven to find out when, how and who is involved in data exfiltration.
On average, 2.5% of employees exfiltrate sensitive information in a month, but over a six-month period, nearly one in 10, or 9.4% of employees, do so, Cyberhaven noted in its report. Data exfiltration incidents occur when data is transferred outside the organisation in unapproved ways.
Among employees that exfiltrated data, the top 1% most prolific “super stealers” were responsible for 7.7% of incidents, and the top 10% were responsible for 34.9% of incidents.
North America accounted for the highest number of incidents at 44%, followed by the Asia Pacific region at 27%. Europe, the Middle East, and Africa accounted for 24% of incidents while 5% of incidents were recorded in South America.
Business Application Compromise and the Evolving Art of Social Engineering
Social engineering is hardly a new concept, even in the world of cyber security. Phishing scams alone have been around for nearly 30 years, with attackers consistently finding new ways to entice victims into clicking a link, downloading a file, or providing sensitive information.
Business email compromise (BEC) attacks iterated on this concept by having the attacker gain access to a legitimate email account and impersonate its owner. Attackers reason that victims won't question an email that comes from a trusted source — and all too often, they're right.
But email isn't the only effective means cyber criminals use to engage in social engineering attacks. Modern businesses rely on a range of digital applications, from cloud services and VPNs to communications tools and financial services. What's more, these applications are interconnected, so an attacker who can compromise one can compromise others, too. Organisations can't afford to focus exclusively on phishing and BEC attacks — not when business application compromise (BAC) is on the rise.
SMBs Are Hardest-Hit By Ransomware
Coalition announced the mid-year update to its 2022 Cyber Claims Report detailing the evolution of cyber trends, revealing that small businesses have become bigger targets, overall incidents are down, and ransomware attacks are declining as demands go unpaid.
During the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, which is 58% higher than levels during the first half of 2021.
“Across industries, we continue to see high-profile attacks targeting organisations with weak or exposed infrastructure — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors,” said Coalition’s Head of Claims.
“Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that Active Insurance is accessible.”
The good news: both Coalition and the broader insurance industry observed a decrease in ransomware attack frequency and the amount of ransom demanded between the second half of 2021 and the first half of 2022. Ransomware demands decreased from $1.37M in H2 2021 to $896,000 in H1 2022.
“Organisations are increasingly aware of the threat ransomware poses. They have started to implement controls such as offline data backups that allow them to refuse to pay the ransom and restore operations through other means,” said Coalition’s Head of Incident Response. “As ransomware is on the decline, attackers are turning to reliable methods. Phishing, for example, has skyrocketed – and only continues to grow.”
https://www.helpnetsecurity.com/2022/09/15/small-businesses-ransomware-targets/
65% Say Legacy Backup Solutions Aren’t Up To Ransomware Challenges
HYCU researchers are reporting 65% of respondents lack full confidence in their legacy backup solutions (HYCU is a multi-cloud backup-as-a-service provider).
According to the report, 65% of surveyed enterprise organisations are increasing spending on detection, prevention and recovery, and respondents are beginning to understand that air-gapped or immutable backups are the only ways to ensure that the backups themselves don’t fall prey to encryption worms when ransomware hits.
Key findings include:
52% of ransomware victims suffered data loss
63% of victims suffered an operational disruption
Just 41% air gap their backups
Just 47% routinely test their backups
Only 35% of respondents believe their current backup and recovery tools are sufficient.
Four-Fifths of Firms Hit by Critical Cloud Security Incident
Some 80% of organisations suffered a “severe” cloud security incident over the past year, while a quarter worry they’ve suffered a cloud data breach and aren’t aware of it, according to new research from Snyk.
The developer security specialist polled 400 cloud engineering and security practitioners from organisations of various sizes and sectors, to compile its State of Cloud Security Report.
Among the incidents flagged by respondents over the past 12 months were breaches, leaks, intrusions, crypto-mining, compliance violations, failed audits and system downtime in the cloud.
Startups (89%) and public sector organisations (88%) were the most likely to have suffered such an incident over the period.
The bad news is that 58% of respondents predict they will suffer another severe incident in the cloud over the coming year. Over three-quarters (77%) of those questioned cited poor training and collaboration as a major challenge in this regard.
“Many cloud security failures result from a lack of effective cross-team collaboration and team training. When different teams use different tools or policy frameworks, reconciling work across those teams and ensuring consistent enforcement can be challenging,” the report argued.
https://www.infosecurity-magazine.com/news/fourfifths-firms-critical-cloud/
Homeworkers Putting Home and Business Cyber Safety at Risk
BlackBerry published a European research report exposing the cyber security risk created by cost-conscious homeworkers who prioritise security behind price, usability and ease of set up in their purchase of domestic smart devices.
32% of European home workers who own a smart device surveyed said security was a top three factor when choosing a smart device, compared to 50% who prioritised price. 28% of businesses aren’t putting adequate security provisions in place to extend cyber protection as far as homes. This heightens the risk of cyber attacks for businesses and their employees, as hybrid and home working become the norm.
The survey of 4,000 home workers in the UK, France, Germany, and the Netherlands revealed that 28% of people say that their employer has not done or communicated anything about protecting their home network or smart devices, or they don’t know if they are protected.
Furthermore, 75% of Europeans say their employers have taken no steps to secure the home internet connection or provide software protection for home devices. This failure to extend network security to home devices increases risk of the vulnerabilities created by hybrid and home working being successfully exploited. These are particularly sobering findings for small and mid-sized businesses who face upwards of eleven cyber attacks per device, per day, according to the research.
Through even the most innocent of devices, bad actors can access home networks with connections to company devices – or company data on consumer devices – and seize the opportunity to steal data and intellectual property worth millions. It’s likely businesses will bear the brunt of cyber attacks caused by unsecured home devices, with knock-on effects to employees themselves.
https://www.helpnetsecurity.com/2022/09/12/homeworkers-smart-devices-security/
Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen
Uber suffered a cyber attack Thursday afternoon with an allegedly 18-year-old hacker downloading HackerOne vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.
The screenshots shared by the hacker and seen by BleepingComputer show what appears to be full access to many critical Uber IT systems, including the company's security software and Windows domain.
Other systems accessed by the hacker include the company's Amazon Web Services console, VMware vSphere/ESXi virtual machines, and the Google Workspace admin dashboard for managing the Uber email accounts.
The threat actor also breached the Uber Slack server, which he used to post messages to employees stating that the company was hacked. However, screenshots from Uber's slack indicate that these announcements were first met with memes and jokes as employees had not realised an actual cyber attack was taking place.
Uber has since confirmed the attack, tweeting that they are in touch with law enforcement and will post additional information as it becomes available. "We are currently responding to a cyber security incident. We are in touch with law enforcement and will post additional updates here as they become available," tweeted the Uber Communications account.
The New York Times, which first reported on the breach, said they spoke to the threat actor, who said they breached Uber after performing a social engineering attack on an employee and stealing their password. The threat actor then gained access to the company's internal systems using the stolen credentials.
IHG Hack: 'Vindictive' Couple Deleted Hotel Chain Data for Fun
Hackers have told the BBC they carried out a destructive cyber-attack against Holiday Inn owner Intercontinental Hotels Group (IHG) "for fun".
Describing themselves as a couple from Vietnam, they say they first tried a ransomware attack, then deleted large amounts of data when they were foiled. They accessed the FTSE 100 firm's databases thanks to an easily found and weak password, Qwerty1234. An expert says the case highlights the vindictive side of criminal hackers.
UK-based IHG operates 6,000 hotels around the world, including the Holiday Inn, Crowne Plaza and Regent brands. On Monday last week, customers reported widespread problems with booking and check-in. For 24 hours IHG responded to complaints on social media by saying that the company was "undergoing system maintenance".
Then on the Tuesday afternoon it told investors that it had been hacked.
Threats
Ransomware and Extortion
How prepared are organisations to tackle ransomware attacks? - Help Net Security
Lorenz ransomware breaches corporate network via phone systems (bleepingcomputer.com)
3 Iranian nationals are accused of ransomware attacks on US victims (cnbc.com)
Emotet botnet now pushes Quantum and BlackCat ransomware (bleepingcomputer.com)
Cisco confirms Yanluowang ransomware leaked stolen company data (bleepingcomputer.com)
DEV-0270 Hacker Group Uses Windows BitLocker Feature to Encrypt Systems (gbhackers.com)
New York ambulance service discloses data breach after ransomware attack (bleepingcomputer.com)
The ransomware problem won't get better until we change one thing | ZDNET
Iranian Hackers Used Victims’ Printers to Issue Ransom Demands, DOJ Says (vice.com)
Transparency, disclosure key to fighting ransomware (techtarget.com)
Cisco Data Breach Attributed to Lapsus$ Ransomware Group (darkreading.com)
Ransomware Group Leaks Files Stolen From Cisco | SecurityWeek.Com
Phishing & Email Based Attacks
Revolut hit by ‘phishing’ cyber attack | Business | The Times
Phishing page embeds keylogger to steal passwords as you type (bleepingcomputer.com)
Hackers now use ‘sock puppets’ for more realistic phishing attacks (bleepingcomputer.com)
Phishers take aim at Facebook page owners - Help Net Security
Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials (darkreading.com)
Death of Queen Elizabeth II exploited to steal Microsoft credentials (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
Hackers Are Using WeTransfer Links To Spread Malware (informationsecuritybuzz.com)
New malware bundle self-spreads through YouTube gaming videos (bleepingcomputer.com)
Linux variant of the SideWalk backdoor discovered - Help Net Security
Malware on Pirated Content Sites a Major WFH Risk for Enterprises (darkreading.com)
How to spot and avoid scams and malware in search results - The Washington Post
Gay hookup site typosquatted to push dodgy Chrome extensions, scams (bleepingcomputer.com)
Mobile
Google Patches Critical Vulnerabilities in Pixel Phones | SecurityWeek.Com
Apple patches iPhone and macOS flaws under active attack • The Register
Internet of Things – IoT
Securing your IoT devices against cyber attacks in 5 steps (bleepingcomputer.com)
EU Wants to Toughen Cyber Security Rules for Smart Devices | SecurityWeek.Com
Data Breaches/Leaks
Uber hacked, internal systems breached and vulnerability reports stolen (bleepingcomputer.com)
LastPass says hackers had internal access for four days (bleepingcomputer.com)
Hacker sells stolen Starbucks data of 219,000 Singapore customers (bleepingcomputer.com)
U-Haul discloses data breach exposing customer driver licenses (bleepingcomputer.com)
Organised Crime & Criminal Actors
Chinese-linked cyber crims nab $529 million from India • The Register
Cyber Crime Forum Admins Steal from Site Users - Infosecurity Magazine (infosecurity-magazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Police arrest man for laundering tens of millions in stolen crypto (bleepingcomputer.com)
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies (thehackernews.com)
Fake cryptocurrency giveaway sites have tripled this year (bleepingcomputer.com)
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities (trendmicro.com)
DOJ drops report on cryptocurrency crime efforts (techtarget.com)
76% Of Financial Institutions Plan On Using Crypto In The Next 3 Years (informationsecuritybuzz.com)
How Can You Tell if a Cryptocurrency is Legitimate? Read Our Guide To Find Out - IT Security Guru
Insider Risk and Insider Threats
5 Ways to Mitigate Your New Insider Threats in the Great Resignation (thehackernews.com)
Ex-Broadcom engineer asks for no prison in trade secret case • The Register
Fraud, Scams & Financial Crime
Microsoft Edge’s News Feed ads abused for tech support scams (bleepingcomputer.com)
Cops Raid Suspected Fraudster Penthouses - Infosecurity Magazine (infosecurity-magazine.com)
How to spot and avoid scams and malware in search results - The Washington Post
Tax fraud ring leader jailed for selling children’s stolen identities (bleepingcomputer.com)
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
Hackers breach software vendor for Magento supply-chain attacks (bleepingcomputer.com)
WordPress sites backdoored after FishPig supply chain attack • The Register
Denial of Service DoS/DDoS
Cloud/SaaS
5 ways to improve your cloud security posture (techtarget.com)
Excess privilege in the cloud is a universal security problem, IBM says | CSO Online
Organisations lack visibility into unauthorised public cloud data access - Help Net Security
One-third of enterprises don’t encrypt sensitive data in the cloud | CSO Online
Attack Surface Management
Cyber attack trends vs. growing IT complexity - Help Net Security
Outdated infrastructure remains a problem against sophisticated cyber attacks - Help Net Security
Shadow IT
Encryption
API
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies (thehackernews.com)
API security—and even visibility—isn’t getting handled by enterprises | CSO Online
Bad bots are coming at APIs! How to beat the API bot attacks? - Help Net Security
Open Source
When It Comes to Security, Don’t Overlook Your Linux Systems | SecurityWeek.Com
40% of pros scaled back back open source use over security • The Register
You never walk alone: The SideWalk backdoor gets a Linux variant | WeLiveSecurity
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Thwarting attackers in their favourite new playground: Social media - Help Net Security
Cyber attackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign (darkreading.com)
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
Nation State Actors – Russia
Montenegro Wrestles With Massive Cyber Attack, Russia Blamed | SecurityWeek.Com
Russia’s cyber future connected at the waist to Soviet military industrial complex | CSO Online
Nation State Actors – North Korea
Nation State Actors – Iran
Iranian cyber spies use multi-persona impersonation in phishing threads | CSO Online
Albania says Iranian hackers hit the country with another cyber attack - CyberScoop
US, UK, Canada and Australia Link Iranian Government Agency to Ransomware Attacks | SecurityWeek.Com
Iranian Hackers Used Victims’ Printers to Issue Ransom Demands, DOJ Says (vice.com)
Vulnerability Management
Vulnerabilities
Adobe Patches 63 Security Flaws in Patch Tuesday Bundle | SecurityWeek.Com
CISA orders agencies to patch vulnerability used in Stuxnet attacks (bleepingcomputer.com)
Chrome 105 Update Patches High-Severity Vulnerabilities | SecurityWeek.Com
Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs (bleepingcomputer.com)
Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs (darkreading.com)
Apple fixed the eighth actively exploited zero-day this year - Security Affairs
Cisco Patches High-Severity Vulnerability in SD-WAN vManage | SecurityWeek.Com
Over 280,000 WordPress sites may have been hijacked by zero-day hiding in popular plugin | TechRadar
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices (thehackernews.com)
CISA added 2 more security flaws to its Known Exploited Vulnerabilities Catalog - Security Affairs
ManageEngine Password Management Vulnerability and Patch: Details for MSPs, MSSPs - MSSP Alert
Reports Published in the Last Week
Other News
MSPs and cyber security: The time for turning a blind eye is over - Help Net Security
Organisations should fear misconfigurations more than vulnerabilities - Help Net Security
Companies need data privacy plan before joining metaverse (techtarget.com)
Lens reflections may betray your secrets in Zoom video calls • The Register
US Government Wants Security Guarantees From Software Vendors | SecurityWeek.Com
The Cyber Security Head Game | Psychology Today South Africa
Cyber Security Report: Average Data Breach in US Costs $9.4 Million - MSSP Alert
5 Best Practices for Building Your Data Loss Prevention Strategy (darkreading.com)
Hands-on cyber attacks jump 50%, CrowdStrike reports | CSO Online
Penetration Testing Report: Security Misconfiguration Is "Top Vulnerability" - MSSP Alert
Twitter whistleblower: Lack of access, data controls invite exploitation | SC Media (scmagazine.com)
Cost of Living Crisis Impact on Online Activity - IT Security Guru
Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber (darkreading.com)
Zoom outage left users unable to sign in or join meetings (bleepingcomputer.com)
Five ways your data may be at risk — and what to do about it (bleepingcomputer.com)
Twitter's ex-security boss Zatko disses biz as dysfunctional • The Register
Don't Let Your Home Wi-Fi Get Hacked. Here's What to Do - CNET
How serious are organisations about their data sovereignty strategies? - Help Net Security
Undermining Microsoft Teams Security By Mining Tokens (informationsecuritybuzz.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 09 September 2022
Black Arrow Cyber Threat Briefing 09 September 2022
-Why It’s Mission-critical That All-sized Businesses Stay Cyber Secure
-Half of Firms Report Supply Chain Ransomware Compromise
-Vulnerability Exploits, Not Phishing, Are the Top Cyber Attack Vector for Initial Compromise
-Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users
-Over 10% of Enterprise IT Assets Found Missing Endpoint Protection
-Some Employees Aren't Just Leaving Companies — They're Defrauding Them
-Ransomware Gangs Switching to New Intermittent Encryption Tactic
-How Posting Personal and Business Photos Can Be a Security Risk
-Your Vendors Are Likely Your Biggest Cyber Security Risk
-A Recent Chinese Hack Is a Wake-up Call for the Security of the World’s Software Supply Chain
-Massive Hotels Group IHG Struck by Cyber Attack Which Disrupts Booking Systems
-London's Biggest Bus Operator Hit by Cyber "Incident"
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Why It’s Mission-Critical That All-Sized Businesses Stay Cyber Secure
A study analysing millions of emails across thousands of companies found that on average, employees of small businesses with less than 100 employees experience 350% more social engineering attacks than employees of larger enterprises. 57% of these are phishing attacks – the most prevalent social engineering attack of 2021.
Add to the mix that the global average cost of a data breach for businesses has skyrocketed. According to IBM Security’s annual Cost of a Data Breach Report, the average global cost is now a phenomenal $4.35 million.
Generally, larger corporations tend to have bigger security budgets, making them less of a target than smaller businesses with lesser budgets, and as such, more attractive to cyber criminals. This means that for small and medium-sized enterprises (SMEs) – with fewer resources and money – protection from cyber-attacks is now a matter of survival.
Ease of attack is not the only reason why criminals attack SMEs either. SMEs are often an entry point to target bigger organisations within the same supply chain. These larger corporations can either be crucial partners, suppliers, or customers, making SMEs prime targets.
But with efficient cyber security measures, every business regardless of size can keep themselves and their network safe.
Half of Firms Report Supply Chain Ransomware Compromise
Over half (52%) of global organisations know a partner that has been compromised by ransomware, yet few are doing anything to improve the security of their supply chain, according to Trend Micro.
The security vendor polled nearly 3,000 IT decision makers across 26 countries to produce its latest report, ‘Everything is connected: Uncovering the ransomware threat from global supply chains’.
It revealed that 90% of global IT leaders believe their partners and customers are making their own organisation a more attractive ransomware target.
That might be down in part to the fact that SMBs comprise a significant chunk of the supply chain for 52% of respondents. The security of SMBs is generally thought to be less effective than protection in larger, better resourced companies.
However, despite their concerns, less than half (47%) of respondents said they share knowledge about ransomware attacks with their suppliers, while a quarter (25%) claimed they don’t share potentially useful threat information with partners.
https://www.infosecurity-magazine.com/news/half-firms-supply-chain-ransomware/
Vulnerability Exploits, Not Phishing, Are the Top Cyber Attack Vector for Initial Compromise
Breaches involving phishing and credential compromise have received a lot of attention in recent years because of how frequently threat actors have employed the tactics in executing both targeted and opportunistic attacks. But that doesn't mean that enterprise organisations can afford to lessen their focus on vulnerability patching one bit.
A report from Kaspersky this week identified more initial intrusions last year resulting from exploitation of vulnerabilities in Internet-facing applications than breaches involving malicious emails and compromised accounts combined. And data that the company has collected through the second quarter of 2022 suggests the same trend might be playing out this year as well.
Kaspersky's analysis of its 2021 incident-response data showed that breaches involving vulnerability exploits surged from 31.5% of all incidents in 2020 to 53.6% in 2021. Over the same period, attacks associated with the use of compromised accounts to gain initial access declined from 31.6% in 2020 to 17.9% last year. Initial intrusions resulting from phishing emails decreased from 23.7% to 14.3% during the same period.
Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users
Uber’s former security officer, Joe Sullivan, is standing trial this week in what is believed to be the first case of an executive facing criminal charges in relation to a data breach.
The US district court in San Francisco will start hearing arguments on whether Sullivan, the former head of security at the ride-share giant, failed to properly disclose a 2016 data breach affecting 57 million Uber riders and drivers around the world.
At a time when reports of ransomware attacks have surged and cyber security insurance premiums have risen, the case could set an important precedent regarding the culpability of US security staffers and executives for the way the companies they work for handle cyber security incidents.
The breach first came to light in November 2017, when Uber’s chief executive, Dara Khosrowshahi, revealed that hackers had gained access to the driver’s licence numbers of 600,000 US Uber drivers as well as the names, email addresses and phone numbers of as many as 57 million Uber riders and drivers.
Public disclosures like Khosrowshahi’s are required by law in many US states, with most regulations mandating that the notification be made “in the most expedient time possible and without unreasonable delay”.
But Khosrowshahi’s announcement came with an admission: a whole year had passed since the information had been breached.
https://www.theguardian.com/technology/2022/sep/06/uber-joe-sullivan-trial-security-data-breach
Over 10% of Enterprise IT Assets Found With Missing Endpoint Protection
More than 10% of enterprise IT assets are missing endpoint protection and roughly 5% are not covered by enterprise patch management solutions.
The figures come from new research by Sevco Security, which the company has compiled in the State of the Cybersecurity Attack Surface report.
"Attackers are very adept at exploiting enterprise vulnerabilities. Security and IT teams already have their hands full mitigating the vulnerabilities that they know about, and our data confirms that this is just the tip of the iceberg," Sevco told Infosecurity Magazine.
The document analyses data aggregated from visibility into more than 500,000 IT assets, and underlines existential and underreported cyber security issues in relation to securing enterprises’ assets.
“The uncertainty of enterprise inventory – the elements that make up an organisation’s cyber security attack surface – upends the foundation of every major security framework and presents a challenge to security teams: it’s impossible to protect what you can’t see,” they said.
For instance, the data found that roughly 3% of all IT assets are “stale” in endpoint protection, while 1% are stale from the perspective of patch management coverage.
https://www.infosecurity-magazine.com/news/enterprise-assets-miss-endpoint/
Some Employees Aren't Just Leaving Companies — They're Defrauding Them
Since the Great Resignation in 2021, millions of employees have left their roles with current employers in search of better ones. According to Microsoft, 40% of employees reported they are considering leaving their current roles by the end of 2022. With many still working in remote or hybrid positions due to the pandemic, larger businesses have started implementing measures to gain a better understanding of employee morale and sentiment to prevent turnover.
While most employees leave companies on good terms, some may become extremely unhappy or disgruntled prior to their departure and are more likely to defraud the company either before leaving or on their way out the door. The unfortunate reality is that no business is immune to fraud, but luckily, there are several steps you can take to prevent it from happening.
According to the Cressey Fraud Triangle, fraudulent behaviour often occurs due to three contributing factors. These include pressure or motive to commit a fraud (usually a personal financial problem), perceived opportunity within the organisation to commit a fraud (poor oversight or internal controls), and rationalisation (the ability to justify the crime to make it seem acceptable).
Very often, a fraudster needs all three sides of the triangle to successfully commit a crime. Therefore, it is extremely important for organisations to do their best to create controls and understand the risk associated with each of these areas. For example, an employee may be disgruntled and also have personal financial issues. However, if internal controls are robust and the employee doesn't have access to financial instruments, valuable assets or software systems, their ability to defraud the company is extremely limited or will get identified immediately.
Ransomware Gangs Switching to New Intermittent Encryption Tactic
A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims' systems faster while reducing the chances of being detected and stopped.
This tactic is called intermittent encryption, and it consists of encrypting only parts of the targeted files' content, which would still render the data unrecoverable without using a valid decryption key.
For example, by skipping every other 16 bytes of a file, the encryption process takes almost half of the time required for full encryption but still locks the contents for good.
Additionally, because the encryption is milder, automated detection tools that rely on detecting signs of trouble in the form of intense file IO operations are more likely to fail.
SentinelLabs has posted a report examining a trend started by LockFile in mid-2021 and now adopted by the likes of Black Basta, ALPHV (BlackCat), PLAY, Agenda, and Qyick.
These groups actively promote the presence of intermittent encryption features in their ransomware family to entice affiliates to join the RaaS operation.
"Notably, Qyick features intermittent encryption, which is what the cool kids are using as you read this. Combined with the fact that is written in Go, the speed is unmatched," describes a Qyick advertisement on hacking forums.
How Posting Personal and Business Photos Can Be a Security Risk
Image geotags, metadata, and location information can allow competitors, cyber criminals, and even nation-state threat actors to gain knowledge they can use against organisations.
Marketers in every industry enjoy evidencing their reach to their superiors and providing tangible examples of their width and breadth of influence via social networks, media, and other means of engagement. Photos of both customers and employees engaging at hosted social events, trade shows, conferences, and direct one-on-one encounters are often viewed as gold. Couple this with the individual employee’s or customer’s photos working their way onto social network platforms for others to see and admire, and the value of that gold increases, success being quantified by impressions, views and individual engagements.
The value of that gold doubles when not only does the company harvest data and call it a success, but their competitors also analyse such photos capturing a plethora of useful data points, including geotagged data, metadata of the photo, and identity of the individuals caught in the frame. They, too, call it a success. Yes, the digital engagement involving location data and or location hints within photos is a double-edged sword.
It isn’t just competitors who harvest the data. Criminal elements and nation-state intelligence and security elements do as well. Francis Bacon’s adage, “Knowledge itself is power,” applies. With location, time and place, and identity, competitors, criminals, and nation-states are given their initial tidbits of openly acquired information from which to begin to build their mosaic.
Your Vendors Are Likely Your Biggest Cyber Security Risk
As speed of business increases, more and more organisations are looking to either buy companies or outsource more services to gain market advantage. With organisations expanding their vendor base, there is a critical need for holistic third-party risk management (TPRM) and comprehensive cyber security measures to assess how much risk vendors pose.
While organisations assess and manage risk on a multitude of layers, none present bigger threats to business resiliency than third-party risk and a lack of robust cyber security controls. Breaches and service interruptions tied to these risk areas have brought down critical systems of major organisations. In 2021, 53% of CISOs surveyed by Black Kite reported being hit by at least one ransomware attack.
It bears repeating: Cyber security and third-party risk are the two biggest problems facing your long-term viability. Businesses need to be able to tackle these risk vectors individually to gain a complete view of their risk profile. A cross-functional process is essential to managing the overlap between these risk areas to better protect your organisation and increase workflow efficiency.
Ensuring that the cyber security practices of your vendors align with your organisation’s standards is critical to safeguarding your systems and data. In fact, it is just as important as how stable the business is or how well it delivers products and services.
https://www.helpnetsecurity.com/2022/09/05/vendors-cybersecurity-risk/
A Recent Chinese Hack Is a Wake-up Call for the Security of the World’s Software Supply Chain
It’s perhaps only a coincidence that there’s a famous Chinese saying ‘No one knows, not even the ghosts’ that neatly summarises a recent hack on MiMi, a Chinese messaging app. According to recent reports, a Chinese state-backed hacking group inserted malicious code into this messaging app, essentially pulling off the equivalent of the infamous SolarWinds hack. Users of MiMi were served a version of the app with malicious code added, thanks to attackers taking control of the servers that delivered the app. In short, this was a software supply chain attack in which the software delivery pipeline was compromised.
Observers could be forgiven for thinking that this is just another hack. Chinese hacking groups, and those of Western countries too, have developed a reputation over the past two decades for spying, surveillance, and sabotage. But this attack is different than typical hacking fare because the attackers rode in on the back of a trusted piece of software. This is a software supply chain attack, where the attackers tamper with either source code, the software build system, or the software publishing pipeline, all of which have become essential to the functioning of the world’s digital economy.
Software supply chain attacks have been rapidly growing in frequency. Twenty years ago, there might have been one or two a year. These days, depending on the methodology, there are either hundreds or thousands a year, and that’s only counting the reported attacks. And increasingly anybody who depends upon software (read: everybody) is or shortly will be a victim: the U.S. government, Microsoft, thousands of other companies and, apparently in this MiMi attack, individuals.
Massive Hotels Group IHG Struck by Cyber Attack Which Disrupts Booking Systems
InterContinental Hotels Group (IHG), which owns brands such as InterContinental, Crowne Plaza, Holiday Inn, and many others, has had its IT systems breached by malicious hackers.
In a filing with the London Stock Exchange, the multinational hospitality company reported that "parts of the company's technology systems have been subject to unauthorised activity."
As a result, the company said, "IHG's booking channels and other applications have been significantly disrupted since [Monday], and this is ongoing."
The first indication that the company was experiencing problems appeared early on Monday morning UK time, when anyone who tried to book a hotel room via the company's website or app, or access their IHG One Rewards account was greeted by a maintenance message.
Although it has made no declaration regarding the nature of the security breach, in its filing with the London Stock Exchange, IHG mentioned they were "working to fully restore all systems". This would fit into the scenario of IHG having hit been hit with ransomware, which may not only have encrypted data - locking the company out of its systems and demanding a ransom be paid - but could have also caused even more problems.
London's Biggest Bus Operator Hit by Cyber "Incident"
Travellers in London were braced for more delays last week after the city’s largest bus operator revealed it has been hit by a “cyber security incident,” according to reports.
Newcastle-based transportation group Go-Ahead shared a statement with the London Stock Exchange indicating “unauthorised activity” had been discovered on its network yesterday.
“Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans,” it stated. “Go-Ahead will continue to assess the potential impact of the incident but confirms that there is no impact on UK or International rail services which are operating normally.”
However, the same may not be true of its bus services. Sky News reported that bus and driver rosters may have been impacted by the attack, which could disrupt operations.
Go-Ahead operates multiple services in the South, South West, London, North West, East Anglia, East Yorkshire and its native North East. It is London’s largest bus company, operating over 2400 buses in the capital and employing more than 7000 staff.
https://www.infosecurity-magazine.com/news/londons-biggest-bus-operator-hit/
Threats
Ransomware and Extortion
Interpol dismantles sextortion ring, warns of increased attacks (bleepingcomputer.com)
Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa (trendmicro.com)
Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks (thehackernews.com)
How to Improve Mean Time to Detect for Ransomware | SecurityWeek.Com
Google: Former Conti ransomware members attacking Ukraine (techtarget.com)
Hackers Are Using NASA Telescope Images To Push Ransomware (informationsecuritybuzz.com)
Ransomware gang's Cobalt Strike servers DDoSed with anti-Russia messages (bleepingcomputer.com)
Everything You Need To Know About BlackCat (AlphaV) (darkreading.com)
Microsoft: Iranian hackers encrypt Windows systems using BitLocker (bleepingcomputer.com)
Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group (thehackernews.com)
Clarion Housing: Anger over landlord silence since cyber attack - BBC News
New Ransomware Hits Windows, Linux Servers Of Chile Govt Agency (informationsecuritybuzz.com)
QNAP warns new Deadbolt ransomware attacks exploiting 0day - Security Affairs
Second largest U.S. school district LAUSD hit by ransomware (bleepingcomputer.com)
Windows Defender identified Chromium, Electron apps as Hive Ransomware - Security Affairs
Phishing & Email Based Attacks
EvilProxy Commodifies Reverse-Proxy Tactic for Phishing, Bypassing 2FA (darkreading.com)
Criminals harvest users' PI by impersonating popular brands - Help Net Security
Lampion malware returns in phishing attacks abusing WeTransfer (bleepingcomputer.com)
A new phishing scam targets American Express cardholders - Security Affairs
EvilProxy phishing-as-a-service with MFA bypass emerged on the dark web - Help Net Security
GIFShell attack creates reverse shell using Microsoft Teams GIFs (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
Cyber criminals targeting Minecraft fans with malware • The Register
Next-Gen Linux Malware Takes Over Devices With Unique Tool Set (darkreading.com)
TeslaGun Primed to Blast a New Wave of Backdoor Cyber attacks (darkreading.com)
New Linux malware evades detection using multi-stage deployment (bleepingcomputer.com)
Bumblebee malware adds post-exploitation tool for stealthy infections (bleepingcomputer.com)
North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (thehackernews.com)
Mobile
Internet of Things – IoT
Data Breaches/Leaks
NATO docs sold on darkweb after they were stolen from Portugal - Security Affairs
Criminals claim they've stolen NATO missile plans • The Register
TikTok denies data breach following leak of user data - Security Affairs
IRS mistakenly published confidential info for roughly 120K taxpayers - Security Affairs
Samsung US Says Customer Data Compromised in July Data Breach | SecurityWeek.Com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Scammers live-streamed on YouTube a fake Apple crypto event - Security Affairs
FBI: Crooks are using these DeFi flaws to steal your money | ZDNET
Feds freeze $30m in cryptocurrency stolen from Axie Infinity • The Register
Fraud, Scams & Financial Crime
62% of consumers see fraud as an inevitable risk of online shopping - Help Net Security
Islanders in Jersey lose nearly £400,000 to romance fraud | ITV News Channel
The Advantages of Threat Intelligence for Combating Fraud | SecurityWeek.Com
AML/CFT/Sanctions
UK forces crypto exchanges to report suspected sanction breaches | Cryptocurrencies | The Guardian
US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyber attack - Security Affairs
Insurance
Supply Chain and Third Parties
Supply chain risk is a top security priority as confidence in partners wanes - Help Net Security
KeyBank: Hackers of third-party provider stole customer data | The Seattle Times
Government guide for supply chain security: The good, the bad and the ugly - Help Net Security
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
Defenders Be Prepared: Cyber attacks Surge Against Linux Amid Cloud Migration (darkreading.com)
Hybrid Cloud Security Challenges & Solutions (trendmicro.com)
Identity and Access Management
Encryption
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Are Default Passwords Hiding in Your Active Directory? Here's how to check (bleepingcomputer.com)
200,000 North Face accounts hacked in credential stuffing attack (bleepingcomputer.com)
Social Media
TikTok denies security breach after hackers leak user data, source code (bleepingcomputer.com)
Facebook Engineers Admit They Don’t Know What They Do With Your Data (vice.com)
Privacy
Parental Controls and Child Safety
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Google Details Recent Ukraine Cyber attacks | SecurityWeek.Com
Ukraine dismantles more bot farms spreading Russian disinformation (bleepingcomputer.com)
Ukraine is under attack by hacking tools repurposed from Conti cyber crime group | Ars Technica
Newly discovered cyber spy group targets Asia • The Register
New Iranian hacking group APT42 deploys custom Android spyware (bleepingcomputer.com)
Israeli Defence Minister's Cleaner Sentenced for Spying Attempt | SecurityWeek.Com
Researchers Find New Android Spyware Campaign Targeting Uyghur Community (thehackernews.com)
Anonymous hacked Yandex taxi causing a traffic jam in Moscow - Security Affairs
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
Nation State Actors – North Korea
North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (thehackernews.com)
North Korea's Lazarus Targets Energy Firms With Three RATs | SecurityWeek.Com
Nation State Actors – Iran
Microsoft: Iranian hackers encrypt Windows systems using BitLocker (bleepingcomputer.com)
UK condemns Iran for reckless cyber attack against Albania - GOV.UK (www.gov.uk)
US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyber attack - Security Affairs
NATO Condemns Alleged Iranian Cyber attack on Albania | SecurityWeek.Com
New Iranian hacking group APT42 deploys custom Android spyware (bleepingcomputer.com)
Microsoft investigates Iranian attacks against the Albanian government - Microsoft Security Blog
Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group (thehackernews.com)
Nation State Actors – Misc
Vulnerabilities
CISA adds 12 new flaws to Known Exploited Vulnerabilities Catalog - Security Affairs
September 2022 Patch Tuesday forecast: No sign of cooling off - Help Net Security
High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP - Help Net Security
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts (thehackernews.com)
Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities (thehackernews.com)
Cisco won’t fix authentication bypass zero-day in EoL routers (bleepingcomputer.com)
Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released (thehackernews.com)
Chrome and Edge fix zero-day security hole – update now! – Naked Security (sophos.com)
Google Patches Sixth Chrome Zero-Day of 2022 | SecurityWeek.Com
QNAP patches zero-day used in new Deadbolt ransomware attacks (bleepingcomputer.com)
HP fixes severe bug in pre-installed Support Assistant tool (bleepingcomputer.com)
Other News
The Heartbleed bug: How a flaw in OpenSSL caused a security crisis | CSO Online
Cyber Security - the More Things Change, the More They Are The Same | SecurityWeek.Com
CISOs say stress and burnout are their top personal risks (cnbc.com)
How to deal with unprecedented levels of regulatory change - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 September 2022
Black Arrow Cyber Threat Briefing 02 September 2022
-79% Of Companies Only Invest in Cyber Security After Hacking Incidents
-Nearly Half of Breaches During First Half of 2022 Involved Stolen Credentials
-Outdated Infrastructure Not Up to Today’s Ransomware Challenges
-Ghost Data Increases Enterprise Business Risk
-Detected Cyber Threats Surge 52% in 1H 2022
-An Interview with Initial Access Broker Wazawaka: ‘There Is No Such Money Anywhere as There is in Ransomware’
-Cyber Crime Underground More Dangerous Than Organisations Realize
-New Ransomware Group BianLian Activity Exploding
-Can Your Passwords Withstand Threat Actors’ Dirty Tricks?
-Ransomware Gangs’ Favourite Targets
-Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
-Organisations Are Spending Billions on Malware Defence That’s Easy to Bypass
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
79% Of Companies Only Invest in Cyber Security After Hacking Incidents
The British cyber security company Tanium published a survey on investments in digital protection in UK companies with alarming results: 79% of them only approve investments in cyber security after suffering a data breach; 92% experienced a data attack or breach, of which 74% occurred in 2021. Leadership reticence is also high, with 63% of leaders convinced cyber security is only a concern after an attack.
The complexity of the situation has grown with the digital transformation of work. If it streamlines many processes, it can also open up serious security gaps. A sensitive point is the “home office”: companies need effective solutions to eliminate gaps that may appear between employees’ computers (often shared devices) and the company’s internal network.
Putting in solutions is just the beginning of a necessary strategy and investment effort in virtual protection. Complex scams based on phishing, reverse engineering, and backdoor-type malicious programs (“planted” discreetly on a device and sometimes inactive for months) often combine real-world and virtual-world fraud.
The escalation of corporate data hijacking appears in this scenario. The most notorious case at a global level of such an incident, with a million-dollar ransom demand, was launched in 2021 on Colonial Pipeline. This US company paid $40 million to regain control over strategic data after fuel supplies through its pipelines to several states were threatened for days.
Nearly Half of Breaches During First Half of 2022 Involved Stolen Credentials
According to a new report by Acronis, a Switzerland-based cyber security company, nearly half of breaches during the first six months of 2022 involved stolen credentials.
The goal of stealing credentials is to launch ransomware attacks. According to the report, these “continue to be the number one threat to large and medium-sized businesses, including government organisations.”
Attackers usually use phishing techniques to extract these credentials. In the first half of the year, over 600 malicious email campaigns made their way across the internet, of which 58% were phishing attempts and 28% featured malware.
Acronis also added that “as reliance on the cloud increases, attackers have homed in on different entryways to cloud-based networks.”
Additionally, cyber criminals now also target unpatched or software vulnerabilities to extract data, with a recent increase on Linux operating systems and managed service providers (MSPs) and their network of SMB customers.
The third vector spotted by Acronis was “non-traditional entry avenues” such as cryptocurrencies and decentralised finance (DeFi) systems.
Outdated Infrastructure Not Up to Today’s Ransomware Challenges
A global research commissioned by Cohesity reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyber attacks plaguing enterprises globally.
Challenges pertaining to outdated infrastructure could easily be compounded by the fact that many IT and security teams don’t seem to have a plan in place to mobilise if and when a cyber attack occurs. Nearly 60% of respondents expressed some level of concern that their IT and security teams would be able to mobilise efficiently to respond to the attack.
These are just some of the findings from an April 2022 survey, conducted by Censuswide, of more than 2,000 IT and SecOps professionals (split nearly 50/50 between the two groups) in the United States, the United Kingdom, Australia and New Zealand. All respondents play a role in the decision-making process for IT or security within their organisations.
IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset – their data.
Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyber attacks.
https://www.helpnetsecurity.com/2022/08/30/outdated-infrastructure-manage-data/
Ghost Data Increases Enterprise Business Risk
IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organisation's cloud attack surface.
Cloud sprawl is a big issue for organisations, with business teams spinning up cloud systems and services on their own, often without IT oversight. That leads to cloud data sprawl as data is scattered across different environments. If IT doesn’t know about the cloud systems and services, then IT is also not managing the data being collected, processed, and stored there.
We all know about shadow IT, the systems and network devices in the organisation’s environment that IT is not managing. Similarly, shadow data refers to unmanaged data store copies and snapshots or log data that are not part of IT’s backup and recovery strategy. Researchers at Cyera estimate that 60% of the data security posture issues that are present in cloud accounts stem from unsecured sensitive data.
Then there is the problem of ghost data. When data gets deleted from cloud systems, it isn’t fully gone. Copies linger in backups or snapshots of data stores. Ghost data refers to those copies left behind after the original has been deleted, and Cyera’s recent analysis show that enterprises have quite a lot of it.
After scanning the three major cloud providers (Amazon Web Services, Azure, and Google Cloud), Cyera researchers found that over 30% of scanned customer cloud data stores are ghost data and more than 58% contain sensitive, or very sensitive, data. For example, researchers found unsecured database snapshots in non-production environments that contained sensitive customer data where the original database had been destroyed. Researchers also uncovered sensitive personal and authentication data in plain text where the production data and application were no longer in use.
Ghost data usually has no business value - the data was deleted for a reason - and having it around unnecessarily increases business risk. Attackers don’t care if they get their hands on the original sensitive information or the copy because to them, all data has value, regardless of the form it takes.
https://www.darkreading.com/edge-threat-monitor/ghost-data-increases-enterprise-business-risk
Detected Cyber Threats Surge 52% in 1H 2022
A leading cyber security vendor blocked 63 billion threats in the first half of 2022 alone, over 50% more than the same period a year ago.
The findings come from the Trend Micro 2022 Midyear Cybersecurity Report and illustrate the scale of the challenge facing network defenders.
Trend Micro highlighted the persistent threat posed by ransomware-as-a-service (RaaS) groups as one that will continue to cause major challenges for organisations in the years to come.
It said detections of prolific groups such as LockBit and Conti increased by 500% year-on-year in 1H 2022. Such groups will continue to adapt their tactics, techniques and procedures (TTPs) in the race for profits.
The report warned of a surge in threats targeting Linux systems, for example. It said detections of attacks on Linux servers and embedded systems grew 75% year-on-year in the first half of 2022. Both SMBs and larger organisations are now a target, it claimed.
Many RaaS groups exploit vulnerabilities as a primary attack vector. Their job is getting easier as the number of published common vulnerabilities and exposures (CVEs) continues to grow strongly.
Trend Micro’s Zero Day Initiative published advisories on 944 vulnerabilities in the first half of 2021, a 23% year-on-year increase. The number of critical bug advisories it published soared by 400% over the same period.
https://www.infosecurity-magazine.com/news/detected-cyberthreats-surge-52-in/
An Interview with Initial Access Broker Wazawaka: ‘There Is No Such Money Anywhere as There is in Ransomware’
Last April, a ransomware group threatened to expose police informants and other sensitive information if the Washington, D.C. Metropolitan Police Department did not pay a demand.
The brazen attack was the work of a gang known as Babuk, which in early 2021 gained a reputation for posting stolen databases on its website from victims that refused to pay a ransom. Just days after it tried to extort the Metropolitan Police Department, Babuk announced it was closing its ransomware affiliate program, and would focus on data theft and extortion instead.
Earlier this year, cyber security journalist Brian Krebs uncovered details about one man behind the operation named Mikhail Matveev, who was also connected to a number of other groups and identities, including the handle ‘Wazawaka.’ According to Krebs, Matveev had become more unhinged than usual, “publishing bizarre selfie videos” and creating a Twitter account to share exploit code.
Matveev talked to Recorded Future about his interaction with other hackers, details about ransomware attacks he’s been involved in, and how he settled on the name Babuk.
Click the link below for the full interview but the long and short is ransomware has created a criminal ecosystem the likes of which the world has never seen.
Cyber Crime Underground More Dangerous Than Organisations Realise
Kela, a cyber threat intelligence specialist, found in a new study of some 400 security pros in the US that organisations are more at risk from the “cyber crime underground” than they realise.
The Israel-based company surveyed security team members responsible for gathering cyber crime threat intelligence daily to better understand if they’re proactively scanning the dark web and other cyber crime sources, what tools they’re using and the gaps they see in their cyber crime threat intelligence approach. Nearly 60% of the respondents do not believe their current cyber crime prevention is effective, the results showed.
Here are the study’s key findings:
69% are concerned about threats from the cyber crime underground.
54% wouldn’t be surprised to find their organisation’s data on the cyber crime underground.
Only 38% believe that they’re very likely to detect it if it was released.
48% have no documented cyber crime threat intelligence policy in place.
Only 41% believe their current security program is very effective.
49% are not satisfied with the visibility they have of the cyber crime underground.
Of the 51% who were satisfied with their visibility into the cyber crime underground, 39% were still unable to prevent an attack.
Additional training and proficiency in cyber crime intelligence investigations is the most needed capability.
New Ransomware Group BianLian Activity Exploding
A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since.
The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cyber security firm Redacted, published on September 1, 2022. The majority of the victim organisations have been based in Australia, North America and the UK.
The research team has given no attribution yet but believes the threat actor “represents a group of individuals who are very skilled in network penetration but are relatively new to the extortion/ransomware business.”
BianLian uses a custom toolkit, including homemade encryptors and encryption backdoors. Both, as well as the command-and-control (C&C) software the hackers use, are written in Go, an increasingly popular programming language among ransomware threat actors.
Troublingly, the Redacted team of researchers has found evidence that BianLian is likely now trying to up their game.
https://www.infosecurity-magazine.com/news/new-ransomware-group-bianlian/
Can Your Passwords Withstand Threat Actors’ Dirty Tricks?
Password security hinges on the answer to that seemingly simple question. Unfortunately, you can’t know the answer until you’ve engaged a ruthless penetration tester to find out if your environment can stand up to the frighteningly good password cracking skills of today’s most nefarious hackers.
The whole purpose of hiring skilled penetration testers (“pentesters”) is to find out if your environment is truly impenetrable — and if it’s not, exactly how you should shore up your defences. Good pentesters and red teamers spend their time trying to simulate and emulate the real bad actors. After all, what’s the point of pressure-testing your IT infrastructure if you don’t use the same pressure that you’ll face in the real world?
You should “train like you fight.” Without sparring, how can you expect to jump into a boxing ring and go a few rounds with a skilled boxer? That’s the entire point of goal-based penetration testing and red/purple team engagements that simulate real-world threat actors.
Password cracking will continue to evolve – and so should your penetration testing tactics and plans. By the time you get to your fourth or fifth round with a quality pentesting consultancy, your risk mitigation will have dramatically improved — which means you’ll be able to move on to the next stage of security maturity.
https://www.helpnetsecurity.com/2022/08/30/stand-up-to-password-cracking/
Ransomware Gangs’ Favourite Targets
Barracuda released its fourth-annual threat research report which looks at ransomware attack patterns that occurred between August 2021 and July 2022.
For the 106 highly publicised attacks our researchers analysed, the dominant targets are still five key industries: education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and financial (6%). The number of ransomware attacks increased year-over-year across each of these five industry verticals, and attacks against other industries more than doubled compared to last year’s report.
While attacks on municipalities increased only slightly, the analysis over the past 12 months showed that ransomware attacks on educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled. Many choose not to disclose when they get hit.
This year, researchers dug in deeper on these highly publicised attacks to see which other industries are starting to be targeted. Service providers were hit the most, and ransomware attacks on automobile, hospitality, media, retail, software, and technology organisations all increased as well.
Most ransomware attacks don’t make headlines, though. Many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses.
As ransomware and other cyber threats continue to evolve, the need for adequate security solutions has never been greater. Many cyber criminals target small businesses in an attempt to gain access to larger organisations. As a result, it is essential for security providers to create products that are easy to use and implement, regardless of a company’s size.
Additionally, sophisticated security technologies should be available as services, so that businesses of all sizes can protect themselves against these ever-changing threats. By making security solutions more accessible and user-friendly, the entire industry can help to better defend against ransomware and other cyber attacks.
https://www.helpnetsecurity.com/2022/08/31/ransomware-attack-patterns/
Tentacles of ‘0ktapus’ Threat Group Victimise 130 Firms
Over 130 companies were tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organisations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.
The primary goal of the threat actors was to obtain Okta identity credentials and multi-factor authentication (MFA) codes from users of the targeted organisations. These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organisation.
114 US-based firms were impacted, with additional victims of sprinkled across 68 additional countries. The full scope of the attack is still unknown but the 0ktapus campaign has been incredibly effective, and the full scale of it may not be known for some time.
The 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’ phone numbers.
While unsure exactly how threat actors obtained a list of phone numbers used in MFA-related attacks, one theory researchers posit is that 0ktapus attackers began their campaign targeting telecommunications companies.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Organisations Are Spending Billions on Malware Defence That’s Easy to Bypass
Last year, organisations spent $2 billion on products that provide Endpoint Detection and Response, a relatively new type of security protection for detecting and blocking malware targeting network-connected devices. EDRs, as they're commonly called, represent a newer approach to malware detection. Static analysis, one of two more traditional methods, searches for suspicious signs in the DNA of a file itself. Dynamic analysis, the other more established method, runs untrusted code inside a secured "sandbox" to analyse what it does to confirm it's safe before allowing it to have full system access.
EDRs—which are forecasted to generate revenue of $18 billion by 2031 and are sold by dozens of security companies—take an entirely different approach. Rather than analyse the structure or execution of the code ahead of time, EDRs monitor the code's behaviour as it runs inside a machine or network. In theory, it can shut down a ransomware attack in progress by detecting that a process executed on hundreds of machines in the past 15 minutes is encrypting files en masse. Unlike static and dynamic analyses, EDR is akin to a security guard that uses machine learning to keep tabs in real time on the activities inside a machine or network.
Despite the buzz surrounding EDRs, new research suggests that the protection they provide isn't all that hard for skilled malware developers to circumvent. In fact, the researchers behind the study estimate EDR evasion adds only one additional week of development time to the typical infection of a large organisational network. That's because two fairly basic bypass techniques, particularly when combined, appear to work on most EDRs available in the industry.
Threats
Ransomware
Ransomware Research: 10 Key Findings, Five Ways to Defend Against Hijackers - MSSP Alert
LockBit ransomware gang gets aggressive with triple-extortion tactic (bleepingcomputer.com)
New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim (thehackernews.com)
Chile and Montenegro Floored by Ransomware - Infosecurity Magazine (infosecurity-magazine.com)
Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks (thehackernews.com)
Ragnar Locker Brags About TAP Air Portugal Breach (darkreading.com)
Police ‘negotiating with hackers’ who hit Paris hospital computer system | World | The Times
Advanced cyber-attack: NHS doctors' paperwork piles up - BBC News
Another Ransomware For Linux Likely In Development - Security Affairs
Montenegro hit by ransomware attack, hackers demand $10 million (bleepingcomputer.com)
Should ransomware payments be banned? A few considerations - Help Net Security
Researchers Spot Snowballing BianLian Ransomware Gang Activity (darkreading.com)
Ragnar Locker continues trend of ransomware targeting energy sector | CSO Online
BlackCat ransomware claims attack on Italian energy agency (bleepingcomputer.com)
Italian Oil Major Becomes Victim Of Ransomware Attack | OilPrice.com
Damart clothing store hit by Hive ransomware, $2 million demanded (bleepingcomputer.com)
Gloucester Council planning site still disrupted from cyber attack - BBC News
BEC – Business Email Compromise
Malware
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users | McAfee Blog
A study on malicious plugins in WordPress Marketplaces - Security Affairs
BumbleBee a New Modular Backdoor Evolved From BookWorm (trendmicro.com)
Malicious Chrome Extensions Plague 1.4M Users (darkreading.com)
Mobile
Mobile banking apps put 300,000 digital fingerprints at risk • The Register
Researcher unveils smart lock hack for fingerprint theft (techtarget.com)
Internet of Things – IoT
Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams (darkreading.com)
Singapore clocks higher ransomware attacks, warns of IoT risks | ZDNET
ieGeek Vulnerabilities still prevalent in 2022 - Amazon Ft. IG20 (realinfosec.net)
Data Breaches/Leaks
Okta Says Customer Data Compromised in Twilio Hack | SecurityWeek.Com
Neopets says hackers had access to its systems for 18 months (bleepingcomputer.com)
Akasa Air Suffers Data Leak on First Day of Operation- IT Security Guru
Samsung says hackers obtained some customer data in newly disclosed breach | Engadget
Millions of student loan accounts exposed in data breach | TechRadar
Russian streaming platform confirms data breach affecting 7.5M users (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FBI: Crooks stole $1b+ in cryptocurrency already this year • The Register
Ukraine takes down cyber crime group hitting crypto fraud victims (bleepingcomputer.com)
FBI: Crooks are using these DeFi flaws to steal your money | ZDNET
Windows malware delays coinminer install by a month to evade detection (bleepingcomputer.com)
Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack (darkreading.com)
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Insurance
Cyber insurance has been around for 25 years. It’s still a bit of a mess. (slate.com)
Travelers, Policyholder Agree to Void Current Cyber Policy (insurancejournal.com)
Cyber Frauds Skyrocket: Can Cyber Insurance Protect You in Real World? Experts Explain (news18.com)
Google Cloud, Microsoft and AWS dive into cyber insurance - Protocol
Cyber Insurance Price Hike Hits Local Governments Hard (insurancejournal.com)
Insurers must rethink handling of cyber attacks on states | Financial Times (ft.com)
Cyber insurance on rise as attacks surge | Mint (livemint.com)
Dark Web
German man charged for trying to hire fake contract killer on darkweb | Euronews
NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor (darkreading.com)
Supply Chain and Third Parties
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
1 in 3 organisations don't know if their public cloud data was exfiltrated - Help Net Security
Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation (darkreading.com)
Encryption
CISA: Prepare now for quantum computers, not when hackers use them (bleepingcomputer.com)
Homomorphic encryption: a holy grail for privacy, explained (fastcompany.com)
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass source code breach – do we still recommend password managers? – Naked Security (sophos.com)
Social Media
Social media is ruining our lives and the public are finally waking up (telegraph.co.uk)
Thousands lured with blue badges in Instagram phishing attack (bleepingcomputer.com)
Training, Education and Awareness
Privacy
Trident Royal Navy staff reveal sensitive data on fitness app | News | The Times
Cops wanted to keep mass surveillance app secret; privacy advocates refused | Ars Technica
US telcos admit to storing, handing over location data • The Register
Facebook moves to settle Cambridge Analytica lawsuit | TechCrunch
Homomorphic encryption: a holy grail for privacy, explained (fastcompany.com)
Nobody’s special to the WFH software spies | Comment | The Times
Travel
Parental Controls and Child Safety
Scammers Targeting Thousands Of Children As Young As Six, Figures Show (informationsecuritybuzz.com)
Over a Third of Parents Do Not Know What Online Accounts Their Children Use - IT Security Guru
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Why Russia's cyber war in Ukraine hasn't played out as predicted (newatlas.com)
Ukraine's army of hackers failed to thwart Russia and quickly gave up | New Scientist
Moscow gridlock as hackers send dozens of taxis to Hotel Ukraine (telegraph.co.uk)
Finland To Offer Businesses Cybersec Vouchers In Wake Of Nato-related (informationsecuritybuzz.com)
China-linked APT40 used ScanBox Framework in a long-running espionage campaign - Security Affairs
Montenegro says Russian cyber attacks threaten key state functions (bleepingcomputer.com)
Google says it cut off Russian disinformation sites from its vast ad display network - CyberScoop
Ex-spies banned from arms exports for UAE hack-for-hire work • The Register
Nation State Actors
Nation State Actors – Russia
FBI deploys cyber team to Montenegro following massive cyber attack | The Hill
Montenegro Sent Back to Analog by Unprecedented Cyber Attacks | Balkan Insight
Nation State Actors – China
Chinese Hackers Target Energy Firms in South China Sea | SecurityWeek.Com
China-linked APT40 targets wind turbines, Aust. government • The Register
Nation State Actors – Misc
Vulnerabilities
Apple Quietly Releases Another Patch for Zero-Day RCE Bug (darkreading.com)
Google Chrome emergency update fixes new zero-day used in attacks (bleepingcomputer.com)
URGENT! Apple slips out zero-day update for older iPhones and iPads – Naked Security (sophos.com)
WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites | SecurityWeek.Com
Critical hole in Atlassian Bitbucket needs patching now • The Register
Reports Published in the Last Week
Other News
Former Cyber criminal: These Are the Biggest Threats on the Internet (businessinsider.com)
Stuxnet explained: The first known cyber weapon | CSO Online
Infra Used in Cisco Hack Also Targeted Workforce Management Solution (thehackernews.com)
Okta Impersonation Technique Could be Utilized by Attackers | SecurityWeek.Com
Remote Work Cyber Security: 12 Risks and How to Prevent Them (techtarget.com)
Does your cyber crime prevention program work? - Help Net Security
Does Blockchain really offer Better Digital Security? - IT Security Guru
IT and Employees Don’t Always See Eye to Eye on Cyber Security - IT Security Guru
New Cyber Security Regulations Are Coming. Here’s How to Prepare. (hbr.org)
Cyber security budget breakdown and best practices (techtarget.com)
How Just-in-Time privilege elevation prevents data breaches and lateral movement - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 August 2022
Black Arrow Cyber Threat Briefing 12 August 2022
-Three Ransomware Gangs Consecutively Attacked the Same Network
-As The Cost of Cyber Insurance Rises, The Number of Organisations Who Can’t Afford It Is Set to Double
-Identity Cyber Attacks, Microsoft 365 Dominate Cybersecurity Incidents, Expel Research Finds
-Exploit Activity Surges 150% in Q2 Thanks to Log4Shell
-Ransomware Is Not Going Anywhere: Attacks Are Up 24%
-Email Is the Single Biggest Threat to Businesses, And Here’s What You Can Do About It
-Realtek SDK Vulnerability Exposes Routers from Many Vendors to Remote Attacks
-Most Companies Are at An Entry-Level When It Comes to Cloud Security
-The Impact of Exploitable Misconfigurations on Network Security
-Industrial Spy Ransomware: New Threat Group Emerges to Exfiltrate Data, Extort Victims
-UK NHS Service Recovery May Take a Month After MSP Ransomware Attack
-A Single Flaw Broke Every Layer of Security in MacOS
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Three Ransomware Gangs Consecutively Attacked the Same Network
Hive, LockBit and BlackCat, three prominent ransomware gangs, consecutively attacked the same network, according to Sophos. The first two attacks took place within two hours, and the third attack took place two weeks later. Each ransomware gang left its own ransom demand, and some of the files were triple encrypted.
It’s bad enough to get one ransomware note, let alone three. Multiple attackers create a whole new level of complexity for recovery, particularly when network files are triple encrypted. Cyber security that includes prevention, detection and response is critical for organisations of any size and type—no business is immune.
The “Multiple Attackers: A Clear and Present Danger” whitepaper further outlines additional cases of overlapping cyber attacks, including cryptominers, remote access trojans (RATs) and bots. In the past, when multiple attackers have targeted the same system, the attacks usually occurred across many months or multiple years. The attacks described in Sophos’ whitepaper took place within days or weeks of each other—and, in one case, simultaneously—often with the different attackers accessing a target’s network through the same vulnerable entry point.
Typically, criminal groups compete for resources, making it more difficult for multiple attackers to operate simultaneously. Cryptominers normally kill their competitors on the same system, and today’s RATs often highlight bot killing as a feature on criminal forums. However, in the attack involving the three ransomware groups, for example, BlackCat—the last ransomware group on the system—not only deleted traces of its own activity, but also deleted the activity of LockBit and Hive.
In another case, a system was infected by LockBit ransomware. Then, about three months later, members of Karakurt Team, a group with reported ties to Conti, was able to leverage the backdoor LockBit created to steal data and hold it for ransom.
https://www.helpnetsecurity.com/2022/08/09/ransomware-gangs-attacks/
As The Cost of Cyber Insurance Rises, The Number of Organisations Who Can’t Afford It Is Set to Double
The number of organisations that will be either unable to afford cyber insurance, be declined cover, or experience significant coverage limitations is set to double in 2023, according to Huntsman Security.
Even for those insured, the perfect storm of ongoing attacks, tightening regulations and growing financial pressures is making it more likely that any attack on an organisation will leave it exposed.
Factors like the supply chain crisis, inflation and skill shortages are all adding to the difficulty for organisations trying to execute on their cyber security strategy. At the same time, increases in insurance premiums, limits on coverage, increasing underwriting rigour, and capacity constraints are all limiting the accessibility of cyber insurance, for many.
Loss ratios will not improve until premium incomes better match the current level of pay-outs. With this reduced insurance access alongside increasing cyber threats and tightening regulations, many organisations are losing cyber insurance as an important risk management tool. Even those who can still get insurance are paying a prohibitively high cost.
With a third of UK firms subject to cyber attacks at least once a week, cyber insurance as part of overall risk management is crucial. To bridge this accessibility gap insurers are seeking to improve the quality of risk information, so premiums better reflect the true cost of that risk. Unless organisations can demonstrate they have insurers’ specified controls in place to manage their security risks, insurers will continue to have difficulty quantifying that risk. It’s for these reasons that insurers have changed the basis upon which their products are offered to reflect the risk being underwritten more accurately.
In this environment, improving and demonstrating the effectiveness of security controls will now be essential: both for organisations looking to improve their cyber resilience and oversight while enhancing their eligibility for insurers, and for insurers who need to minimise their own exposure by ensuring the accuracy of their risk pricing process.
https://www.helpnetsecurity.com/2022/08/11/afford-cyber-insurance/
Identity Cyber Attacks, Microsoft 365 Dominate Cyber Security Incidents, Expel Research Finds
Identity-based cyber attacks (including credential theft, credential abuse and long-term access key theft) accounted for 56% of all incidents in Q2 of 2022, and Microsoft 365 remained the prime target for SaaS attacks, according to Expel’s Quarterly Threat Report.
Among the key findings:
Business email compromise (BEC) and business application compromise (BAC) access to application data represented 51% of all incidents.
Identity-based attacks in popular cloud environments like Amazon Web Services (AWS) accounted for 5%.
Ransomware groups change tactics, with threat groups and their affiliates all but abandoning the use of Visual Basic for Application (VBA) macros and Excel 4.0 macros to gain initial entry to Windows-based environments. In Q1, a macro-enabled Microsoft Word document (VBA macro) or Excel 4.0 macro was the initial attack vector in 55% of all pre-ransomware incidents. In Q2, that figure fell sharply to 9%. Instead, ransomware operators opted to use disk image (ISO), short-cut (LNK) and HTML application (HTA) files to gain initial entry.
Cloud attacks are becoming more sophisticated, with 14% of identity attacks against cloud identity providers tackling the multi-factor authentication (MFA) requirement by continuously sending push notifications.
Microsoft 365 is a common threat target, with BEC in Microsoft Office 365 (O365) remaining the top threat to organisations in Q2. 45% of all Q2 incidents were BEC attempts in O365. No BEC attempts were identified in Google Workspaces. 19% of BEC attempts bypassed MFA in O365 using legacy protocols, a 16% increase of compared to Q1.
Exploit Activity Surges 150% in Q2 Thanks to Log4Shell
Detections of malware events, botnet activity and exploits all increased significantly in the second quarter of 2022, according to new data from Nuspire.
The managed security services provider (MSSP) gathered the data from its endpoint detection and response (EDR) and managed detection and response (MDR) tools to produce its Q2 2022 Quarterly Threat Report.
The company recorded an increase in malware events of over 25%, a doubling of botnet detections and a rise in exploit activity of 150% versus the first quarter.
Botnet activity in particular surged towards the end of Q2, thanks to the Torpig Mebroot botnet – a banking trojan designed to scrape credit card and payment information from infected devices, the report revealed. Nuspire claimed it is particularly difficult to detect and remove, because it targets a machine’s master boot record.
It attributed much of the surge in exploit activity to the persistent threat posed by the Log4j bugs discovered at the end of December 2021. At the time, experts warned that the ubiquity of the utility, and the difficulty many organisations have in finding all instances of the CVE due to complex Java dependencies, means it may be exploited for years.
https://www.infosecurity-magazine.com/news/exploit-activity-150-q2-log4shell/
Ransomware Is Not Going Anywhere: Attacks Are Up 24%
Avast released a report revealing a significant increase in global ransomware attacks, up 24% from Q1/2022. Researchers also uncovered a new zero-day exploit in Chrome, as well as signals of how cyber criminals are preparing to move away from macros as an infection vector.
After months of decline, global ransomware attacks increased significantly in Q2/2022, up 24% from the previous quarter. The highest quarter-on-quarter increases in ransomware risk ratio occurred in Argentina (+56%), UK (+55%), Brazil (+50%), France (+42%), and India (+37%).
Businesses and consumers should be on guard and prepared for encounters with ransomware, as the threat is not going anywhere anytime soon.
The decline in ransomware attacks observed in Q4/2021 and Q1/2022 were thanks to law enforcement agencies busting ransomware group members, and caused by the war in Ukraine, which also led to disagreements within the Conti ransomware group, halting their operations. Things dramatically changed in Q2/2022. Conti members have now branched off to create new ransomware groups, like Black Basta and Karakurt, or may join other existing groups, like Hive, BlackCat, or Quantum, causing an uptick in activity.
https://www.helpnetsecurity.com/2022/08/12/increase-ransomware-attacks/
Email Is the Single Biggest Threat to Businesses, And Here’s What You Can Do About It
Email remains one of the most popular methods of communication, particularly for business communications. There were 316.9 billion emails sent and received every day in 2021, and this is set to increase to 376.4 billion by 2025. But despite the scale of its use and how much people exchange confidential information over email, it is not a secure system by design.
Consequently, email is a major attack vector for organisations of all sizes. Deloitte found that 91% of all cyber attacks originate from a phishing email (an email that attempts to steal money, identity or personal information through a spoof website link that looks legitimate). The cost to organisations can be catastrophic with the National Cyber Security Centre (NCSC) reporting in August 2021 that phishing email attacks had cost UK organisations more than £5 million in the past 13 months.
It’s not enough for individuals to create complex passwords or rely on the security services of their email provider. Spam filters are not enough to stop malicious emails creeping into inboxes. Fortunately, safeguarding your emails with enterprise-grade email security doesn’t have to cost the earth or be hard to integrate so businesses of any size can protect themselves.
Realtek SDK Vulnerability Exposes Routers from Many Vendors to Remote Attacks
A serious vulnerability affecting the embedded Configurable Operating System (eCos) software development kit (SDK) made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.
The security hole, tracked as CVE-2022-27255 and rated ‘high severity’, has been described as a stack-based buffer overflow that can allow a remote attacker to cause a crash or achieve arbitrary code execution on devices that use the SDK. An attack can be carried out through the wide area network (WAN) interface using specially crafted session initiation protocol (SIP) packets.
The Realtek eCos SDK is provided to companies that manufacture routers, access points and repeaters powered by RTL819x family SoCs. The SDK implements the base functionalities of the router, including the web administration interface and the networking stack. Vendors can build on top of this SDK to add custom functionality and their branding to the device.
Realtek informed customers about the eCos SDK vulnerability in March, when it announced the availability of a patch. However, it’s up to the original equipment manufacturer (OEM) using the SDK to ensure that the patch is distributed to end-user devices.
The vulnerability can be exploited remotely — directly from the internet — to hack affected routers running with default settings. No user interaction is required for successful exploitation.
https://www.securityweek.com/realtek-sdk-vulnerability-exposes-routers-many-vendors-remote-attacks
Most Companies Are at An Entry-Level When It Comes to Cloud Security
Ermetic released a study by Osterman Research that found 84% of respondents were at an entry-level (one or two rating, with four being the highest) in terms of their cloud security capabilities.
The study found that only 16% ranked on the Ermetic Cloud Security Model at the top two levels, and 80% of companies said they lack a dedicated security team responsible for protecting cloud resources from threats.
“One of the most unexpected findings that emerged from this study was the lack of cloud security maturity among the largest enterprises surveyed,” said the author of the report. “Less than 10% of companies with more than 10,000 employees reported being at the top two maturity levels, while nearly 20% of smaller enterprises have achieved repeatable or automated & integrated cloud security capabilities.”
The report shows why new cloud data breaches are being reported all the time. Multi-cloud deployments, plus low investment in security, does not make for a good combination.
The new frontiers of cyber security, such as cloud security or internet of things (IoT) security are often at early stages of maturity. Organisations that are mature in their IT and data centre security are already overwhelmed and stretched thin and that’s why automation and simplification will help organisations accelerate their maturity in areas like cloud security.
There’s a mistaken belief that cloud computing environments inherently have security built-in — they don’t.
The Impact of Exploitable Misconfigurations on Network Security
Network professionals feel confident with their security and compliance practices but data suggests that they also leave their organisations open to risk, which is costing a significant amount of revenue, according to Titania.
In addition, some businesses are not minimising their attack surface effectively. Companies are prioritising firewall security and chronicle a fast time to respond to misconfigurations when detected in annual audits. However, switches and routers are only included in 4% of audits and these devices play a vital role in reducing an organisation’s attack surface and preventing lateral movement across the network.
Respondents also indicated that financial resources allocated to mitigating network configuration, which currently stands around 3.4% of the total IT budget, and a lack of accurate automation are limiting factors in misconfiguration risk management.
The study, which surveyed 160 senior cyber security decision-makers revealed:
Misconfigurations cost organisations millions, up to 9% of their annual revenue but the true cost is likely to be higher.
Compliance is a top priority, with 75% of organisations across all sectors saying their business relies on compliance to deliver security. Whilst almost every organisation reported that it is meeting its security and compliance requirements, this is at odds with a number of the other findings from the survey and other reports that show a decline in organisations maintaining full compliance with regulated data security standards.
Remediation prioritisation is a challenge. 75% said their network security tools meant they could categorise and prioritise compliance risks ‘very effectively’. However, 70% report difficulties prioritising remediation based on risk and also claim inaccurate automation as the top challenges when meeting security and compliance requirements.
Routers and switches are mostly overlooked. 96% of organisations prioritise the configuration and auditing of firewalls, but not routers or switches. This leaves these devices exposed to potentially significant and unidentified risks.
https://www.helpnetsecurity.com/2022/08/12/impact-exploitable-misconfigurations-network-security/
Industrial Spy Ransomware: New Threat Group Emerges to Exfiltrate Data, Extort Victims
A new ransomware group dubbed Industrial Spy that first emerged in April 2022 is specialising in exfiltration and double extortion tactics and has the potential to do significant damage, Zscaler’s threat tracking team said.
The threat crew has shown that it possesses the capability to breach organisations and have been “actively adding unencrypted data from two or three victims every month,” Zscaler said. In some instances, the threat group appears to only exfiltrate and ransom data. In other cases, they encrypt, exfiltrate and ransom the data, the cloud security provider said.
At this point, it’s not clear who’s behind the threat entry or if it’s nation-state affiliated. The group started as a data extortion marketplace where criminals could buy large companies’ internal data, promoting the marketplace through Readme.txt files downloaded using malware downloaders.
In May, 2022, the threat group introduced their own ransomware to create double extortion attacks that combine data theft with file encryption.
What you need to know:
Industrial Spy started by ransoming stolen data and more recently has combined these attacks with ransomware.
The threat group exfiltrates and sells data on their dark web marketplace, but does not always encrypt a victim’s files.
The ransomware utilises a combination of RSA and 3DES to encrypt files.
Industrial Spy lacks many common features present in modern ransomware families.
The Industrial Spy ransomware family is relatively basic, and parts of the code appear to be in development.
UK NHS Service Recovery May Take a Month After MSP Ransomware Attack
Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems disrupted emergency services (111) from the United Kingdom's National Health Service (NHS). Customers of seven solutions from the British MSP have been impacted either directly or indirectly, the company said. The first has stated it could take a month to recover systems to full service.
The ransomware attack started to disrupt Advanced systems on Thursday, August 4 and was identified around 7 AM. It caused a major outage to NHS emergency services across the UK.
Advanced did not disclose the ransomware group behind the attack but said that it took immediate action to mitigate the risk and isolated Health and Care environments where the incident was detected. The company is working with forensic experts from Microsoft (DART) and Mandiant, who are also helping bring the affected systems back online securely and with added defences:
Implementing additional blocking rules and further restricting privileged accounts for Advanced staff
Scanning all impacted systems and ensuring they are fully patched
Resetting credentials
Deploying additional endpoint detection and response agents
Conducting 24/7 monitoring
After implementing the security measures above, Advanced said it would restore connectivity to its environments and assist customers to gradually reconnect safely and securely.
A Single Flaw Broke Every Layer of Security in MacOS
Every time you shut down your Mac, a pop-up appears: “Are you sure you want to shut down your computer now?” Nestled under the prompt is another option most of us likely overlook: the choice to reopen the apps and windows you have open now when your machine is turned back on. Researchers have now found a way to exploit a vulnerability in this “saved state” feature—and it can be used to break the key layers of Apple’s security protections.
The vulnerability, which is susceptible to a process injection attack to break macOS security, could allow an attacker to read every file on a Mac or take control of the webcam. It's basically one vulnerability that could be applied to three different locations.
https://www.wired.com/story/a-single-flaw-broke-every-layer-of-security-in-macos/
Threats
Ransomware
Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen (bleepingcomputer.com)
Ransomware, email compromise are top security threats, but deepfakes increase | CSO Online
Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics | Threatpost
Black Basta: New ransomware threat aiming for the big league | CSO Online
Could criminalizing ransomware payments put a stop to the current crime wave? - Help Net Security
7-Eleven Denmark confirms ransomware attack behind store closures (bleepingcomputer.com)
Update: Colosseum Dental Benelux pays ransom to threat actors (databreaches.net)
SolidBit Ransomware Group Recruiting New Affiliates on Dark Web - Infosecurity Magazine
Fears for patient data after ransomware attack on NHS software supplier | NHS | The Guardian
US reveals 'Target' pic of Conti man with $10m reward offer • The Register
Organisations would like the government to help with ransomware demand costs - Help Net Security
Hacker uses new RAT malware in Cuba Ransomware attacks (bleepingcomputer.com)
Maui ransomware linked to North Korean group Andariel • The Register
How to Stop Zeppelin Ransomware Attacks: CISA, FBI Mitigation Guidance - MSSP Alert
Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan (darkreading.com)
US govt will pay you $10 million for info on Conti ransomware members (bleepingcomputer.com)
Phishing & Email Based Attacks
Other Social Engineering; SMishing, Vishing, etc
Hackers Behind Twilio Breach Also Targeted Cloudflare Employees (thehackernews.com)
SMS phishing nabs Twilio employee credentials, allowed access customer data (scmagazine.com)
Malware
Emotet Tops List of July's Most Widely Used Malware - Infosecurity Magazine
Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass (bleepingcomputer.com)
Mobile
Google researchers dissect Android spyware, zero days (techtarget.com)
Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan (darkreading.com)
Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments (thehackernews.com)
Hackers install Dracarys Android malware using modified Signal app (bleepingcomputer.com)
Internet of Things – IoT
The Time Is Now for IoT Security Standards (darkreading.com)
Introducing the book: If It's Smart, It's Vulnerable - Help Net Security
Organised Crime & Criminal Actors
Cisco hacked by access broker with Lapsus$ ties (techtarget.com)
New dark web markets claim association with criminal cartels (bleepingcomputer.com)
Dark Utilities C2 service draws thousands of cyber criminals • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Email marketing firm hacked to steal crypto-focused mailing lists (bleepingcomputer.com)
Swan Bitcoin Discloses Data Leak Due to Phishing Attack on Newsletter Provider - Decrypt
Phishers Swim Around 2FA in Coinbase Account Heists | Threatpost
Crypto and the US government are headed for a decisive showdown | Ars Technica
Cameo’s CEO fell victim to the latest Bored Ape NFT heist - The Verge
Fraud, Scams & Financial Crime
“Hi Mum” Phishing Scam Swindles Unsuspecting Parents (informationsecuritybuzz.com)
How hackers are stealing credit cards from classifieds sites (bleepingcomputer.com)
AML/CFT/Sanctions
US Sanctions Crypto 'Laundering' Service Tornado | SecurityWeek.Com
Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs | Threatpost
Greece Flies Russian Money Launderer to US: Lawyer | SecurityWeek.Com
Insurance
BlackBerry Study: Most SMBs Have Less Than $600K in Ransomware Coverage - MSSP Alert
Number Of Firms Unable To Access Cyber-Insurance Set To Double (informationsecuritybuzz.com)
Australian court finds insurer not liable for ransomware clean-up costs - Security - iTnews
Cloud/SaaS
Implementing zero trust for a secure hybrid working enterprise - Help Net Security
How to Clear Security Obstacles and Achieve Cloud Nirvana (darkreading.com)
Why SAP systems need to be brought into the cyber security fold - Help Net Security
Open Source
Social Media
Facebook's Metaverse is Expanding the Attack Surface (trendmicro.com)
Meta's chatbot says the company 'exploits people' - BBC News
Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’ | Threatpost
Training, Education and Awareness
Privacy
Travel
Parental Controls and Child Safety
Predator Pleads Guilty After Targeting Thousands of Young Girls Online - Infosecurity Magazine
Online sexual blackmail of primary school children surges since lockdown (telegraph.co.uk)
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russia's digital attacks are haphazard, chaotic, says top Ukrainian cyber official - CyberScoop
Cyberspying Aimed at Industrial Enterprises in Russia and Ukraine Linked to China | SecurityWeek.Com
Killnet Releases 'Proof' of its Attack Against Lockheed Martin | SecurityWeek.Com
Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook (thehackernews.com)
Ex Twitter employee found guilty of spying for Saudi Arabia - Security Affairs
Ex-CIA security boss predicts coming crackdown on spyware • The Register
Nation State Actors
Nation State Actors – Russia
Russia Is Escalating Ukraine Hacking, Black Hat Research Says (gizmodo.com)
Russian invasion has destabilized cyber security norms • The Register
Russia-Ukraine Conflict Holds Cyberwar Lessons (darkreading.com)
Industroyer2: How Ukraine avoided another blackout attack (techtarget.com)
Nation State Actors – China
China-linked spies used six backdoors to steal defence info • The Register
Mandiant researchers uncover significant new disinformation campaign (securitybrief.co.nz)
Stats say Chinese researchers are not deterred by China's vulnerability law (scmagazine.com)
Chinese scammers target kids with promise of extra gaming • The Register
Chinese hackers backdoor chat app with new Linux, macOS malware (bleepingcomputer.com)
Nation State Actors – North Korea
Vulnerabilities
Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws | Threatpost
Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions (thehackernews.com)
Yet another Microsoft RCE bug under active exploit • The Register
Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks (bleepingcomputer.com)
CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog - Security Affairs
Zimbra auth bypass bug exploited to breach over 1,000 servers (bleepingcomputer.com)
Researchers Debut Fresh RCE Vector for Common Google API Tool (darkreading.com)
Surge in CVEs as Microsoft Fixes Exploited Zero Day Bugs - Infosecurity Magazine
Risky Business: Enterprises Can’t Shake Log4j flaw - Security Affairs
Three flaws allow attackers to bypass UEFI Secure Boot feature - Security Affairs
Windows devices with newest CPUs are susceptible to data damage (bleepingcomputer.com)
Critical Flaws Disclosed in Device42 IT Asset Management Software (thehackernews.com)
Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key - Security Affairs
Organisations Warned of Critical Vulnerabilities in NetModule Routers | SecurityWeek.Com
4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls (darkreading.com)
New vulnerability in AMD Ryzen CPUs could seriously jeopardize performance | TechRadar
ÆPIC Leak: Architectural Bug in Intel CPUs Exposes Protected Data | SecurityWeek.Com
Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year | SecurityWeek.Com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Other News
Microsoft 365 outage triggered by Meraki firewall false positive (bleepingcomputer.com)
Why VPN no longer has a place in a secure work environment | TechRadar
VMware: The threat of lateral movement is growing (techtarget.com)
5 key things learned from CISOs of smaller enterprises survey - Help Net Security
Stolen credentials are the most common attack vector companies face - Help Net Security
Your cyber security staff are burned out - and many have thought about quitting | ZDNet
Researchers Use ‘Invisible Finger’ to Remotely Control Touchscreens (vice.com)
Businesses are struggling to balance security and end-user experience - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 July 2022
Black Arrow Cyber Threat Briefing 29 July 2022
-1 in 3 Employees Don’t Understand Why Cyber Security Is Important
-As Companies Calculate Cyber Risk, The Right Data Makes a Big Difference
-Only 25% Of Organizations Consider Their Biggest Threat to Be from Inside the Business
-The Global Average Cost of a Data Breach Reaches an All-Time High of $4.35 Million
-Race Against Time: Hackers Start Hunting for Victims Just 15 Minutes After a Bug Is Disclosed
-Ransomware-as-a-Service Groups Forced to Change Tack as Payments Decline
-Phishers Targeted Financial Services Most During H1 2022
-HR Emails Dupe Employees the Most – KnowBe4 research reveals
-84% Of Organizations Experienced an Identity-Related Breach In The Past 18 Months
-Economic Downturn Raises Risk of Insiders Going Rogue
-5 Trends Making Cyber Security Threats Riskier and More Expensive
-Ransomware: Publicly Reported Incidents Are Only the Tip of the Iceberg
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
1 in 3 Employees Don’t Understand Why Cyber Security Is Important
According to a new Tessian report, 30% of employees do not think they personally play a role in maintaining their company’s cyber security posture.
What’s more, only 39% of employees say they’re very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, 42% of employees said they wouldn’t know if they had caused an incident in the first place, and 25% say they just don’t care enough about cyber security to mention it.
Virtually all IT and security leaders agreed that a strong security culture is important in maintaining a strong security posture. Yet, despite rating their organisation’s security 8 out 10, on average, three-quarters of organisations experienced a security incident in the last 12 months.
The report suggests this could stem from a reliance on traditional training programs: 48% of security leaders say training is one of the most important influences on building a positive security posture. But the reality is that employees aren’t engaged; just 28% of UK and US workers say security awareness training is engaging and only 36% say they’re paying full attention. Of those who are, only half say it’s helpful, while another 50% have had a negative experience with a phishing simulation. With recent headlines depicting how phishing simulations can go awry, negative experiences like these further alienate employees and decrease engagement.
https://www.helpnetsecurity.com/2022/07/28/employees-dont-understand-why-cybersecurity-is-important/
As Companies Calculate Cyber Risk, the Right Data Makes a Big Difference
The proposed US Securities and Exchange Commission’s stronger rules for reporting cyber attacks will have ramifications beyond increased disclosure of attacks to the public. By requiring not just quick reporting of incidents, but also disclosure of cyber policies and risk management, such regulation will ultimately bring more accountability for cyber security to the highest levels of corporate leadership. Other jurisdictions will very likely follow the US in requiring more stringent cyber controls and governance.
This means that boards and executives everywhere will need to increase their understanding of cyber security, not only from a tech point of view, but from a risk and business exposure point of view. The CFO, CMO and the rest of the C-suite and board will want and need to know what financial exposure the business faces from a data breach, and how likely it is that breaches will happen. This is the only way they will be able to develop cyber policies and plans and react properly to the proposed regulations.
Companies will therefore need to be able to calculate and put a dollar value on their exposure to cyber risk. This is the starting point for the ability to make cyber security decisions not in a vacuum, but as part of overall business decisions. To accurately quantify cyber security exposure, companies need to understand what the threats are and which data and business assets are at risk, and they then need to multiply the cost of a breach by the probability that such an event will take place in order to put a dollar figure on their exposure.
While there are many automated tools, including those that use artificial intelligence (AI), that can help with this, the key to doing this well is to make sure calculations are rooted in real and relevant data – which is different for each company or organisation.
Only 25% Of Organisations Consider Their Biggest Threat to Be from Inside the Business
A worrying 73.5% of organisations feel they have wasted the majority of their cyber security budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal, according to Gurucul.
Only 25% of organisations consider their biggest threat to be from inside the business, despite insider threats increasing by 47% over the past two years. With only a quarter of businesses seeing their biggest threat emanating from inside their organisation, it seems over 70% saw the biggest cyber security challenges emanating from external threats such as ransomware. In fact, although external threats account for many security incidents, we must never forget to look beyond those external malicious and bad actors to insider threats to effectively secure corporate data and IP.
The survey also found 33% of respondents said they are able to detect threats within hours, while 27.07% even claimed they can detect threats in real-time. However, challenges persist with 33% of respondents stating that it still takes their organisation days and weeks to detect threats, with 6% not being able to detect them at all.
https://www.helpnetsecurity.com/2022/07/28/biggest-threat-inside-the-business/
The Global Average Cost of a Data Breach Reaches an All-Time High of $4.35 Million
IBM Security released the 2022 Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organisations.
With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organisations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.
The perpetuality of cyber attacks is also shedding light on the “haunting effect” data breaches are having on businesses, with the IBM report finding 83% of studied organisations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organisations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.
The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organisations globally between March 2021 and March 2022. The research, which was sponsored and analysed by IBM Security, was conducted by the Ponemon Institute.
https://www.helpnetsecurity.com/2022/07/27/2022-cost-of-a-data-breach-report/
Race Against Time: Hackers Start Hunting for Victims Just 15 Minutes After a Bug Is Disclosed
Attackers are becoming faster at exploiting previously undisclosed zero-day flaws, according to Palo Alto Networks. This means that the amount of time that system admins have to patch systems before exploitation happens is shrinking fast..
The company warns in its 2022 report covering 600 incident response (IR) cases that attackers typically start scanning for vulnerabilities within 15 minutes of one being announced.
Among this group are 2021's most significant flaws, including the Exchange Server ProxyShell and ProxyLogon sets of flaws, the persistent Apache Log4j flaws aka Log4Shell, the SonicWall zero-day flaws, and Zoho ManageEngine ADSelfService Plus.
While phishing remains the biggest method for initial access, accounting for 37% of IR cases, software vulnerabilities accounted of 31%. Brute-force credential attacks (like password spraying) accounted for 9%, while smaller categories included previously compromised credentials (6%), insider threat (5%), social engineering (5%), and abuse of trusted relationships/tools (4%).
Over 87% of the flaws identified as the source of initial access fell into one of six vulnerability categories.
Ransomware-as-a-Service Groups Forced to Change Tack as Payments Decline
Ransomware-as-a-service (RaaS) operators are evolving their tactics yet again in response to more aggressive law enforcement efforts, in a move that is reducing their profits but also making affiliates harder to track, according to Coveware.
The security vendor’s Q2 2022 ransomware report revealed that concerted efforts to crack down on groups like Conti and DarkSide have forced threat actors to adapt yet again.
It identified three characteristics of RaaS operations that used to be beneficial, but are increasingly seen as a hinderance.
The first is RaaS branding, which has helped to cement the reputation of some groups and improve the chances of victims paying, according to Coveware. However, branding also makes attribution easier and can draw the unwanted attention of law enforcement, it said.
“RaaS groups are keeping a lower profile and vetting affiliates and their victims more thoroughly,” Coveware explained.
“More RaaS groups have formed, resulting in less concentration among the top few variants. Affiliates are frequently shifting between RaaS variants on different attacks, making attribution beyond the variant more challenging.”
In some cases, affiliates are also using “unbranded” malware to make attribution more difficult, it added.
The second evolution in RaaS involves back-end infrastructure, which used to enable scale and increase profitability. However, it also means a larger attack surface and a digital footprint that’s more expensive and challenging to maintain.
As a result, RaaS developers are being forced to invest more in obfuscation and redundancy, which is hitting profits and reducing the amount of resources available for expansion, Coveware claimed.
Finally, RaaS shared services used to help affiliates with initial access, stolen data storage, negotiation management and leak site support.
https://www.infosecurity-magazine.com/news/raas-groups-forced-change-payments/
Phishers Targeted Financial Services Most During H1 2022
Banks received the lion’s share of phishing attacks during the first half of 2022, according to figures published by cyber security company Vade.
The analysis also found that attackers were most likely to send their phishing emails on weekdays, with most arriving between Monday and Wednesday. Attacks tapered off towards the end of the week, Vade said.
While financial services scored highest on a per-sector basis, Microsoft was the most impersonated brand overall. The company’s Microsoft 365 cloud productivity services are a huge draw for cyber-criminals hoping to access accounts using phishing attacks.
Phishing attacks on Microsoft customers have become more creative, according to Vade, which identified several phone-based attacks. It highlighted a campaign impersonating Microsoft’s Defender anti-malware product, fraudulently warning that the company had debited a subscription fee. It encouraged victims to fix the problem by phone.
Facebook came a close second, followed by financial services company Crédit Agricole, WhatsApp and Orange.
https://www.infosecurity-magazine.com/news/phishers-financial-services-h1-2022/
HR Emails Dupe Employees the Most – KnowBe4 research reveals
In phishing tests conducted on business emails, more than half of the subject lines clicked imitated Human Resources communications.
New research has revealed the top email subjects clicked on in phishing tests were those related to or from Human Resources, according to the latest ‘most clicked phishing tests‘ conducted by KnowBe4. In fact, half of those that were clicked on had subject lines related to Human Resources, including vacation policy updates, dress code changes, and upcoming performance reviews. The second most clicked category were those send from IT, which include requests or actions of password verifications that were needed immediately.
KnowBe4’s CEO commented “More than 80% of company data breaches globally come from human error, so security awareness training for your staff is one of the least costly and most effective methods to thwart social engineering attacks. Training gives employees the ability to rapidly recognise a suspicious email, even if it appears to come from an internal source, causing them to pause before clicking. That moment where they stop and question the email is a critical and often overlooked element of security culture that could significantly reduce your risk surface.”
This research comes hot off the heels of the recent KnowBe4 industry benchmarking report which found one in three untrained employees will click on a phishing link. The worst performing industries were Energy & Utilities, Insurance and Consulting, with all labelled the most at risk for social engineering in the large enterprise category.
84% Of Organisations Experienced an Identity-Related Breach in the Past 18 Months
60% of IT security decision makers believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20%), treading water (13%), or merely running to keep up (27%), according to a survey by Sapio Research.
The report also highlights differences between the perceived and actual effectiveness of security strategies. While 40% of respondents believe they have the right strategy in place, 84% of organisations reported that they have experienced an identity-related breach or an attack using stolen credentials during the previous year and a half.
Promisingly, many organisations are hungry to make a change, particularly when it comes to protecting identities. In fact, 90% of respondents state that their organisations fully recognise the importance of identity security in enabling them to achieve their business goals, and 87% say that it is one of the most important security priorities for the next 12 months.
However, 75% of IT and security professionals also believe that they’ll fall short of protecting privileged identities because they won’t get the support they need. This is largely due to a lack of budget and executive alignment, with 63% of respondents saying that their company’s board still doesn’t fully understand identity security and the role it plays in enabling better business operations.
While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks. This means that the majority of organisations will continue to fall short of protecting privileges, leaving them vulnerable to cyber criminals looking to discover privileged accounts and abuse them.
https://www.helpnetsecurity.com/2022/07/28/identity-related-breach/
Economic Downturn Raises Risk of Insiders Going Rogue
Declining economic conditions could make insiders more susceptible to recruitment offers from threat actors looking for allies to assist them in carrying out various attacks.
Enterprise security teams need to be aware of the heightened risk and strengthen measures for protecting against, detecting, and responding to insider threats, researchers from Palo Alto Network's Unit 42 threat intelligence team recommended in a report this week.
The security vendor's report highlighted several other important takeaways for security operations teams, including the fact that ransomware and business email compromise attacks continue to dominate incident response cases and vulnerability exploits — accounting for nearly one-third of all breaches.
Unit 42 researchers analysed data from a sampling of over 600 incident response engagements between April 2021 and May 2022 and determined that difficult economic times could lure more actors to cyber crime. This could include both people with technical skills looking to make a fast buck, as well as financially stressed insiders with legitimate access to valuable enterprise data and IT assets. The prevalence of remote and hybrid work models has created an environment where it's easier for workers to steal intellectual property or carry out other malicious activity, the researchers found.
https://www.darkreading.com/risk/economic-downturn-raises-the-risk-of-insiders-going-rogue
5 Trends Making Cyber Security Threats Riskier and More Expensive
Since the pandemic the cyber world has become a far riskier place. According to the Hiscox Cyber Readiness Report 2022, almost half (48%) of organisations across the US and Europe experienced a cyber attack in the past 12 months. Even more alarming is that these attacks are happening despite businesses doubling down on their cyber security spend.
Cyber security is at a critical inflection point where five megatrends are making the threat landscape riskier, more complicated, and costlier to manage than previously reported. To better understand the evolution of this threat landscape, let’s examine these trends in more detail.
Everything becomes digital
Organisations become ecosystems
Physical and digital worlds collide
New technologies bring new risks
Regulations become more complex
Organisations can follow these best practices to elevate cyber security performance:
Identify, prioritise, and implement controls around risks.
Adopt a framework such as ISO 27001 or NIST Cyber Security Framework.
Develop human-layered cyber security.
Fortify your supply chain.
Avoid using too many tools.
Prioritise protection of critical assets.
Automate where you can.
Monitor security metrics regularly to help business leaders get insight into security effectiveness, regulatory compliance, and levels of security awareness in the organisation.
Cyber security will always be a work in progress. The key to effective risk management is having proactive visibility and context across the entire attack surface. This helps to understand which vulnerabilities, if exploited, can cause the greatest harm to the business. Not all risks can be mitigated; some risks will have to be accepted and trade-offs will have to be negotiated.
Ransomware: Publicly Reported Incidents Are Only the Tip of the Iceberg
The threat landscape report on ransomware attacks published this week by the European Union Agency for Cybersecurity (ENISA) uncovers the shortcomings of the current reporting mechanisms across the EU.
As one of the most devastating types of cyber security attacks over the last decade, ransomware, has grown to impact organisations of all sizes across the globe.
This threat landscape report analysed a total of 623 ransomware incidents across the EU, the United Kingdom and the United States for a reporting period from May 2021 to June 2022. The data was gathered from governments' and security companies' reports, from the press, verified blogs and in some cases using related sources from the dark web.
Between May 2021 and June 2022 about 10 terabytes of data were stolen each month by ransomware threat actors. 58.2% of the data stolen included employees' personal data.
At least 47 unique ransomware threat actors were found.
For 94.2% of incidents, we do not know whether the company paid the ransom or not. However, when the negotiation fails, the attackers usually expose and make the data available on their webpages. This is what happens in general and is a reality for 37.88% of incidents.
We can therefore conclude that the remaining 62.12% of companies either came to an agreement with the attackers or found another solution.
The study also shows that companies of every size and from all sectors are affected.
The figures in the report can however only portray a part of the overall picture. In reality, the study reveals that the total number of ransomware attacks is much larger. At present this total is impossible to capture since too many organisations still do not make their incidents public or do not report on them to the relevant authorities.
Threats
Ransomware
LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top (darkreading.com)
Ransomware looms large over the cyber insurance industry - Help Net Security
800,000 businesses fall victim to ransomware each year (komando.com)
Business services top target of ransomware attacks (securitybrief.co.nz)
How Crypto is Driving the Ransomware Epidemic | Cryptoland Roundtable - YouTube
On security researcher's newsletter, exposing cyber criminals behind ransomware - CyberScoop
LockBit ransomware abuses Windows Defender to load Cobalt Strike (bleepingcomputer.com)
Mailing List Provider WordFly Scrambling to Recover Following Ransomware Attack | SecurityWeek.Com
No More Ransom helps millions of ransomware victims in 6 years (bleepingcomputer.com)
Lockbit ransomware gang claims to have breached the Italian Revenue Agency - Security Affairs
Lockbit Ramps Up Attacks on Public Sector - Infosecurity Magazine (infosecurity-magazine.com)
A ‘Top Tier’ Hacking Gang Is Likely To Be Behind Entrust Ransomware (informationsecuritybuzz.com)
No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices (darkreading.com)
Ransomware caused American Dental Association outage, led to stolen data (scmagazine.com)
The road to ransomware recovery starts before an attack • The Register
BEC – Business Email Compromise
Phishing & Email Based Attacks
Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands | Threatpost
Phishing scam targeting Bank of America, Citi and Wells Fargo customers (komando.com)
APT-Like Phishing Threat Mirrors Landing Pages (darkreading.com)
New Callback Malware Campaign Impersonates Legitimate Cyber Security Providers - MSSP Alert
Phishing Attacks: Microsoft Leads Top 25 of Impersonated Brands - MSSP Alert
1,000s of Phishing Attacks Blast Off From InterPlanetary File System (darkreading.com)
New ‘Robin Banks’ phishing service targets BofA, Citi, and Wells Fargo (bleepingcomputer.com)
Other Social Engineering; SMishing, Vishing, etc
Malware
Cisco Incident Response Report: Commodity Malware Top Threat in Q2 - MSSP Alert
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us | Ars Technica
As Microsoft blocks Office macros, hackers find new attack vectors (bleepingcomputer.com)
Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers (thehackernews.com)
Microsoft links Raspberry Robin malware to Evil Corp attacks (bleepingcomputer.com)
Malware-laced npm packages used to target Discord users - Security Affairs
CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards (bleepingcomputer.com)
Sophisticated UEFI rootkit of Chinese origin shows up again in the wild after 3 years | CSO Online
Attackers are slowly abandoning malicious macros - Help Net Security
One of the most beloved Windows tools could actually be a huge security risk | TechRadar
QBot phishing uses Windows Calculator DLL hijacking to infect devices (bleepingcomputer.com)
Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike (trendmicro.com)
Microsoft: Austrian company DSIRF selling Subzero malware (techtarget.com)
Threat actors leverages DLL-SideLoading to spread Qakbot - Security Affairs
Rare 'CosmicStrand' UEFI Rootkit Swings into Cyber crime Orbit (darkreading.com)
Mobile
Here are the top phone security threats in 2022 and how to avoid them | ZDNet
New Android malware apps installed 10 million times from Google Play (bleepingcomputer.com)
Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France (thehackernews.com)
Facebook ads push Android adware with 7 million installs on Google Play (bleepingcomputer.com)
Millions of Android devices infected with wallet-draining malware | TechRadar
Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware (thehackernews.com)
Internet of Things – IoT
IoT Botnets Fuels DDoS Attacks – Are You Prepared? | Threatpost
Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices (thehackernews.com)
Data Breaches/Leaks
US court system suffered ‘incredibly significant attack’ • The Register
Congress Warns of US Court Records System Breach - Infosecurity Magazine (infosecurity-magazine.com)
Uber admits covering up massive 2016 data breach in settlement with US prosecutors - The Verge
T-Mobile to pay $500M for one of the largest data breaches in US history [Updated] | Ars Technica
Data Stolen in Breach at Security Company Entrust | SecurityWeek.Com
Fallout from massive Shanghai Police data breach reverberates on dark web - CyberScoop
Big Questions Remain Around Massive Shanghai Police Data Breach (darkreading.com)
Organised Crime & Criminal Actors
Cyber-mercenaries represent shifting criminal business model • The Register
Messaging Apps Tapped as Platform for Cyber Criminal Activity | Threatpost
Teenager Jailed for Snapchat Blackmail Cyber Crimes- IT Security Guru
DUCKTAIL operation targets Facebook’s Business and Ad accounts - Security Affairs
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto fraud on the rise as consumers fall for fake celebrity endorsements | Cybernews
Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection (thehackernews.com)
NFT Hacking Group Attacks On The Rise, Report Finds- IT Security Guru
Hackers steal $6 million from blockchain music platform Audius (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Major shifts and the growing risk of identity fraud - Help Net Security
JPMorgan, UBS accused of shoddy identity theft protection • The Register
Euro Police Bust €3m Internet Fraud Gang - Infosecurity Magazine (infosecurity-magazine.com)
Romance scammers jailed after tricking Irish OAP out of €250k (bitdefender.com)
What the Titanic Can Teach Us About Fraud? | SecurityWeek.Com
AML/CFT/Sanctions
Insurance
Dark Web
Cyber crime goods and services are cheap and plentiful - Help Net Security
Hackers Selling Malware on Dark Web Underground Market (cybersecuritynews.com)
Supply Chain and Third Parties
Software Supply Chain
Denial of Service DoS/DDoS
Akamai blocked the largest DDoS attack ever on its European customers - Security Affairs
DDoS Attack Trends in 2022: Ultrashort, Powerful, Multivector Attacks (bleepingcomputer.com)
Cloud/SaaS
Kansas MSP shuts down cloud services to fend off cyber attack (bleepingcomputer.com)
Organisations are struggling with SaaS security. Why? - Help Net Security
Attack Surface Management
Identity and Access Management
Encryption
Transport Layer Security (TLS): Issues & Protocol (trendmicro.com)
SSH2 vs. SSH1 and why SSH versions still matter (techtarget.com)
Passwords, Credential Stuffing & Brute Force Attacks
Using Account Lockout policies to block Windows Brute Force Attacks (bleepingcomputer.com)
Stop Putting Your Accounts At Risk, and Start Using a Password Manager (thehackernews.com)
Social Media
Facebook security cracked by Malware made in Vietnam • The Register
Cyber-Criminal Offers 5.4m Twitter Users’ Data - Infosecurity Magazine (infosecurity-magazine.com)
Training, Education and Awareness
Privacy
Law Enforcement Action and Take Downs
UK Seizes Nearly $27m in Crypto-Assets - Infosecurity Magazine (infosecurity-magazine.com)
European Cops Helped 1.5 Million People Decrypt Their Ransomwared Computers (vice.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyberspies use Google Chrome extension to steal emails undetected (bleepingcomputer.com)
Microsoft says it caught an Austrian spyware group using Windows 0-day exploits - The Verge
Pegasus spyware: Just 'tip of the iceberg' seen so far • The Register
Cyber attacks by Iran and Israel now target critical infrastructure. - The Washington Post
US and Ukraine Sign Agreement to Deepen Cyber security Operational Collaboration - MSSP Alert
CISA, Ukrainian cyber agency deepen partnership to combat Russian threat - CyberScoop
How is Anonymous attacking Russia? The top six ways ranked (cnbc.com)
European Lawmaker Targeted With Cytrox Predator Surveillance Spyware | SecurityWeek.Com
Nation State Actors
Nation State Actors – Russia
Russia is quietly ramping up its Internet censorship machine | Ars Technica
Apple network traffic takes mysterious detour through Russia • The Register
Nation State Actors – China
Chinese APTs: Interlinked networks and side hustles – Intrusion Truth (wordpress.com)
OneWeb sale risks giving China a stake in ‘Five Eyes’ spying tech (telegraph.co.uk)
Nation State Actors – North Korea
North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts (thehackernews.com)
North Korean hackers attack EU targets with Konni RAT malware (bleepingcomputer.com)
US puts $10 million bounty on North Korean threat groups • The Register
Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37? Security Affairs
Nation State Actors – Iran
Vulnerability Management
Hackers scan for vulnerabilities within 15 minutes of disclosure (bleepingcomputer.com)
Attackers Have 'Favourite' Vulnerabilities to Exploit (darkreading.com)
Taking the Risk-Based Approach to Vulnerability Patching (thehackernews.com)
Organisations struggle to manage devices and stay ahead of vulnerabilities - Help Net Security
2022 Unit 42 Incident Response Report: How Attackers Exploit Zero-Days (paloaltonetworks.com)
Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization (darkreading.com)
Time between vuln disclosures, exploits is getting smaller • The Register
Vulnerabilities
Critical Samba bug could let anyone become Domain Admin – patch now! – Naked Security (sophos.com)
Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware (darkreading.com)
How to Fix CVE-2022-30190 vulnerability using Microsoft Intune - CloudInfra
CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG | CSO Online
Critical FileWave MDM Flaws Open Organisation-Managed Devices to Remote Hackers (thehackernews.com)
Hackers are abusing IIS extensions to establish covert backdoors - Security Affairs
FileWave fixes bugs that left 1,000+ orgs open to ransomware • The Register
Google Chrome Zero-day Vulnerability Discovered By Avast (informationsecuritybuzz.com)
LibreOffice fixed 3 flaws, including a code execution issue - Security Affairs
Drupal developers fixed a code execution flaw in the popular CMS - Security Affairs
LibreOffice Releases Software Update to Patch 3 New Vulnerabilities (thehackernews.com)
Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Reports Published in the Last Week
Other News
A Retrospective on the 2015 Ashley Madison Breach – Krebs on Security
The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications (darkreading.com)
Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office | Threatpost
Microsoft again reverses course, will block macros by default (scmagazine.com)
Is Your Home or Small Business Built on Secure Foundations? Think Again… (darkreading.com)
Infosec pros want more industry cooperation and support for open standards - Help Net Security
We pass cyber attack costs onto customers, businesses admit • The Register
How to Combat the Biggest Security Risks Posed by Machine Identities (thehackernews.com)
Discord, Telegram Services Hijacked to Launch Array of Cyber Attacks (darkreading.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 July 2022
Black Arrow Cyber Threat Briefing 15 July 2022:
-10,000 Organisations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication
-Businesses Are Adding More Endpoints, But Can’t Manage Them All
-Ransomware Activity Resurges in Q2
-North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware
-One-Third of Users Without Security Awareness Training Click on Phishing URLs
-Ransomware Scourge Drives Price Hikes in Cyber Insurance
-Conventional Cyber Security Approaches Are Falling Short
-Virtual CISOs Are the Best Defence Against Accelerating Cyber Risks
-Firms Not Planning for Supply Chain Threats
-Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?
-Security Culture: Fear of Cyber Warfare Driving Initiatives
-Cryptocurrency 'Mixers' See Record Transactions from Sanctioned Actors
-Online Payment Fraud Expected to Cost $343B Over Next 5 Years
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
10,000 Organisations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.
The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into the genuine site.
According to Microsoft’s detailed report on the campaign, once hackers had broken into email inboxes via the use of stolen passwords and session cookies, they would exploit their access to launch Business Email Compromise (BEC) attacks on other targets.
By creating rules on victims’ email accounts, the attackers are able to then ensure that they maintain access to incoming email even if a victim later changes their password.
The global pandemic, and the resulting increase in staff working from home, has helped fuel a rise in the adoption of multi-factor authentication.
Cyber criminals, however, haven’t thrown in the towel when faced with MFA-protected accounts. Accounts with MFA are certainly less trivial to break into than accounts which haven’t hardened their security, but that doesn’t mean that it’s impossible.
Reverse-proxy phishing kits like Modlishka, for instance, impersonate a login page, and ask unsuspecting users to enter their login credentials and MFA code. That collected data is then passed to the genuine website – granting the cyber criminal access to the site.
As more and more people recognise the benefits of MFA, we can expect a rise in the number of cyber criminals investing effort into bypassing MFA.
Microsoft’s advice is that organisations should complement MFA with additional technology and best practices.
Businesses Are Adding More Endpoints, But Can’t Manage Them All
Most enterprises struggle to maintain visibility and control of their endpoint devices, leading to increased security breaches and impaired ability to ward off outside attacks, according to a survey conducted by Ponemon Institute.
Findings show that the average enterprise now manages approximately 135,000 endpoint devices. Despite $4,252,500 of annual budget spent on endpoint protection, an average of 48 percent of devices – or 64,800 per enterprise – are at risk because they are no longer detected by the organisation’s IT department or the endpoints’ operating systems have become outdated.
Additionally, 63 percent of respondents find that the lack of visibility into their endpoints is the most significant barrier to achieving a strong security posture.
IT organisations are facing unprecedented rates of distribution point sprawl, which has grown rapidly since the onset of the COVID-19 pandemic. 61 percent of respondents say distribution points have increased in the last two years, and the average endpoint has as many as 7 agents installed for remote management, further adding to management complexity.
https://www.helpnetsecurity.com/2022/07/14/businesses-are-adding-more-endpoints/
Ransomware Activity Resurges in Q2
Ransomware activity rose by a fifth in the last quarter, according to a report from security firm Digital Shadows.
The company, which monitors almost 90 data leak sites on the dark web, observed ransomware groups name 705 victims in Q2 2022, representing a 21% increase over last quarter’s 582. This was a resurgence in activity following a 25.3% decline quarter-on-quarter during Q1.
The LockBit ransomware group overtook Conti in victim numbers as Conti ceased operations following the leak of internal chat logs. Conti had reached almost 900 victims during its operations, but LockBit is now closing in on 1,000 after a 13% growth in activity during the quarter.
LockBit also continued to innovate, releasing version 3 of its ransomware with new features, including support for payments using the Zcash cryptocurrency. It also launched a reward program for any information on high-value targets, along with a data leak site that allows anyone to purchase victim data.
At around 230, Lockbit’s quarterly victim numbers far exceeded any other group in Q2. It was accountable for almost a third of all postings to leak sites in Q2. Conti, which had limped along for several weeks after its own data leak, managed just over 50. In third place was Alphv, which grew 118% during the quarter. Basta came in fourth.
Some other smaller groups are also growing rapidly, according to the report. Vice Society, in fifth place this quarter, doubled its activity.
https://www.infosecurity-magazine.com/news/ransomware-activity-resurges-q2/
One-Third of Users Without Security Awareness Training Click on Phishing URLs
Phishing attacks just won't die, and new data underscores their effectiveness among users who have not been provided security awareness training.
According to data pulled from security awareness training provider KnowBe4's clients, 32.4% of users will fall for a phish — clicking on a link or following a phony request — if those users have not had any official training. The disconnect is worse in some industry sectors, including consulting, energy and utilities, and healthcare and pharmaceuticals, where half of all untrained users fall for phishing attacks.
The data was pulled from 23.4 million simulated phishing tests conducted at more than 30,000 organisations, encompassing some 9.5 million users. According to KnowBe4, 90 days after monthly or more training, the number of phishing test fails dropped to around 17.6%, and to 5% after one year of regular awareness training.
https://www.darkreading.com/remote-workforce/one-third-of-users-click-on-phishing
Ransomware Scourge Drives Price Hikes in Cyber Insurance
Cyber security insurance costs are rising, and insurers are likely to demand more direct access to organisational metrics and measures to make more accurate risk assessments.
The rising cost of ransomware attacks is helping push significant premium increases in cyber insurance policies in the UK and US, new data shows.
With the average payouts across the past two years averaging more than $3.5 million in the US, a growing number of cyber security insurers want direct access to customer security metrics and measures. This would help prove the status of security controls, according to a Panaseer report on the state of the cyber insurance industry.
However, insurance firms are struggling to accurately understand a customer's security posture, which is in turn affecting price increases.
Panaseer notes that 82% of insurers surveyed said they expect the rise in premiums to continue. The increasing cost of ransomware is putting premiums up, and the increase in the number of attacks, as well as the number of successful attacks, means insurance is getting harder to get and is getting more expensive.
Meanwhile, 87% of insurers surveyed say they want a more consistent approach to analysing cyber-risk. Fundamentally, insurers need better information in order to price the risk — questionnaires aren't going to cut it. Having real live data coming from a customer about their security posture is what's going to be required for them to accurately price risk, in the same way that telematics did for car insurance.
Conventional Cyber Security Approaches Are Falling Short
Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can’t keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organisations are not well prepared for today’s rapidly shifting threat landscape.
On average, organisations experienced 15% more cyber security incidents in 2021 than in 2020. In addition, “material breaches”— defined as “those generating a large loss, compromising many records, or having a significant impact on business operations” — jumped 24.5%.
The top four causes of the most significant breaches reported by the affected organisations were:
Human error
Misconfigurations
Poor maintenance/lack of cyber hygiene
Unknown assets.
https://www.helpnetsecurity.com/2022/07/14/conventional-cybersecurity-approaches/
Virtual CISOs Are the Best Defence Against Accelerating Cyber-Risks
The cyber security challenges that companies are facing today are vast, multidimensional, and rapidly changing. Exacerbating the issue is the relentless evolution of threat actors and their ability to outmanoeuvre security controls effortlessly.
As technology races forward, companies without a full-time CISO (Chief Information Security Officer) are struggling to keep pace. For many, finding, attracting, retaining, and affording the level of skills and experience needed is out of reach or simply unrealistic. Enter the virtual CISO (vCISO). These on-demand experts provide security insights to companies on an ongoing basis and help ensure that security teams have the resources they need to be successful.
Typically, an engagement with a vCISO is long lasting, but in a fractional delivery model. This is very different from a project-oriented approach that requires a massive investment and results in a stack of deliverables for the internal team to implement and maintain. A vCISO not only helps to form the approach, define the action plan, and set the road map but, importantly, stays engaged throughout the implementation and well into the ongoing management phases.
The best vCISO engagements are long-term contracts. Typically, there's an upfront effort where the vCISO is more engaged in the first few months to establish an understanding, develop a road map, and create a rhythm with the team. Then, their support drops into a regular pace which can range from two to three days per week or five to ten days per month.
Firms Not Planning for Supply Chain Threats
Enterprises are failing to plan properly for supply chain risks and cyber security threats from the wider digital ecosystem, a leading technology consultancy has warned.
According to Tata Consultancy Services (TCS), firms put the risks posed by ecosystem partners at the bottom of a list of 10 key threats. CISOs and chief risk officers believed that financial systems, customer databases and R&D were the systems most likely to be targeted. Supply chain and distribution was placed in ninth.
The report, based on a survey of larger firms with annual revenues of $1bn or more, found that only 16% of chief risk officers believed the digital ecosystem was a concern when it comes to cyber risks, and only 14% said those ecosystems were a priority for board level discussions.
The research also found that a small number of enterprises fail to focus on cyber risk, with one in six boards discussing it only “occasionally, as necessary or never.” TCS found, though, that organisations with above-average profit and revenue growth were more likely to put cyber security on the agenda at board meetings.
TCS also found that enterprises view the cloud as a more secure environment than conventional data centres and on-premises systems. Additionally, the research highlighted ongoing concerns about skills and the need to attract and retain talented security staff. Firms where senior leaders focus on cyber security are more likely to be able to close the skills gap, according to the study.
https://www.infosecurity-magazine.com/news/planning-supply-chain-threats/
Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?
IT service provider and consulting firm Capgemini is facing a lawsuit related to a June 2020 data breach. The plaintiff — gaming company Razer — is seeking $7 million in damages. A trial in Singapore’s High Court regarding the dispute is underway, according to Vulcan Post.
Razer claims it has suffered approximately $6.85 million in profit losses from its online website due to the data breach. Razer is pursuing damages for an unquantified sum for profit losses from the rejection of its digital bank license application.
The Razer data breach occurred due to an issue with an IT system. It may have exposed the personal information of about 100,000 Razer customers.
The Razer data breach may have occurred due to a misconfigured Elasticsearch cluster. It also was exposed to the public and indexed by public search engines and took more than three weeks to fix.
Experts from Razer and Capgemini agreed that the data breach was caused by a security misconfiguration. However, Razer now claims that a Capgemini employee recommended the IT system that led to the breach and is therefore responsible for the incident.
Security Culture: Fear of Cyber Warfare Driving Initiatives
KnowBe4, the provider of security awareness training and simulated phishing platform, has conducted a survey during Infosecurity Europe, which evaluated the opinions of nearly 200 security professionals towards security culture, or more specifically: the ideas, customs and social behaviours of an organisation that influence their security practices.
The research found the threat of cyber warfare (30%) or experiencing a data breach or cyber attack (30%) were the two biggest reasons why security professionals wanted to improve security culture at their organisations. Given the current invasion of Ukraine by Russia and the resulting cyber security warnings announced by many of the world’s leading governments, improving current cyber security efforts has continued to be a top priority for many.
The study also revealed just over two thirds (67%) answered that a strong security culture would very likely reduce the risk of security incidents, with the majority (85%) directing their efforts into both improving security awareness training and communicating values expected from employees regarding security.
However, there are many obstacles when attempting to create a strong security culture, with the main issue being a lack of budget (26%) which was followed security professionals facing indifference from fellow employees (24%) and a lack of senior management support (16%).
Interestingly, just under three quarters (73%) admitted to putting an increased effort into measuring employees understanding of security – this still leaves a considerable gap of 27% that do not, something many security professionals will want to consider closing. Thankfully, 38% agree this aspect of security culture would be an area they want to improve in their organisation. When witnessing a colleague display poor security practises, 67% of UK security experts would prefer to tell the individual discreetly, while just under a third (31%) would send the member of staff training material to review. Only 18% would report the individual to the security team.
Cryptocurrency 'Mixers' See Record Transactions from Sanctioned Actors
Use of so-called cryptocurrency “mixers,” which combine various types of assets to mask their origin, peaked at a 30-day average of nearly $52 million worth of digital currency in April, representing an unprecedented volume of funds moving through those services, researchers at cryptocurrency research firm Chainalysis found.
A near two-fold increase in funds sent from illicit addresses has accelerated the increase, indicating that the technology that can obfuscate the currency continues to be highly attractive to cyber criminals.
Cryptocurrency mixers work by taking an individual’s cryptocurrency and combining it with a larger pool before returning units equivalent to the original amount minus a service fee to the original account. As a result, it makes it harder for law enforcement and cryptocurrency analysts to trace the currency.
Mixers aren’t solely used by criminals, but they are extremely popular with them. 10% of all funds from illicit wallets are sent to mixers, while mixers received less than 0.5% of the share of other sources of funds tracked by the firm, including decentralised finance projects.
The bulk of illicit funds transferred to mixers came from sanctioned actors, primarily Russian dark net market Hydra and more recently the Lazarus Group, a group of North Korean state-backed hackers. International law enforcement took out Hydra, which had been responsible for 80% of dark web transactions involving cryptocurrency, in May. The US Treasury’s Office of Foreign Assets Control followed with sanctions on more than 100 of its cryptocurrency addresses.
The use of mixers by North Korea state-backed hackers, and a popular mixer they employed to launder funds, made up the rest of the transfers.
https://www.cyberscoop.com/cryptocurrency-mixers-see-record-transactions-from-sanctioned-actors/
Online Payment Fraud Expected to Cost $343B Over Next 5 Years
Despite ratcheted-up efforts to prevent account takeover, fraudsters are cashing in on a range of online payment fraud schemes, which researchers predict will cost retail organisations more than $343 billion over the next five years.
Physical good purchases are loss leaders, making up 49% of online payment fraud, driven in large part by developing markets with little address verification, according to a new Juniper Research report.
Fundamentally, no two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution. Payment fraud detection and prevention vendors must build a multitude of verification capabilities, and intelligently orchestrate different solutions depending on circumstances, in order to correctly protect both merchants and users.
Threats
Ransomware
Paying ransomware crooks won’t reduce your legal risk, warns regulator – Naked Security (sophos.com)
New Lilith ransomware emerges with extortion site, lists first victim (bleepingcomputer.com)
Experts warn of the new 0mega ransomware operation - Security Affairs
Organisations Warned of New Lilith, RedAlert, 0mega Ransomware | SecurityWeek.Com
Microsoft links H0ly Gh0st ransomware operation to North Korean hackers (bleepingcomputer.com)
Feds Issue Warning for North Korean-backed Ransomware Hijackers - MSSP Alert
Ransomware gang now lets you search their stolen data (bleepingcomputer.com)
Rise in ransomware drives IT leaders to implement data encryption - Help Net Security
Bandai Namco confirms hack after ALPHV ransomware data leak threat (bleepingcomputer.com)
1.9m patients' medical data exposed in PFC ransomware attack • The Register
Phishing & Email Based Attacks
Email scams are getting more personal – they even fool cyber security experts (theconversation.com)
Hackers impersonate cyber security firms in callback phishing attacks (bleepingcomputer.com)
$8 million stolen in large-scale Uniswap airdrop phishing attack (bleepingcomputer.com)
Almost a third of untrained users will click a phishing link - KnowBe4 research - IT Security Guru
PayPal phishing kit added to hacked WordPress sites for full ID theft (bleepingcomputer.com)
Other Social Engineering
Rise In Smishing Scams, Why And How To Protect? (informationsecuritybuzz.com)
How Hackers Create Fake Personas for Social Engineering (darkreading.com)
How attackers abuse Quickbooks to send phone scam emails - Help Net Security
Malware
Mobile
New Android malware on Google Play installed 3 million times (bleepingcomputer.com)
The weaponizing of smartphone location data on the battlefield - Help Net Security
Internet of Things – IoT
Honda Admits Hackers Could Unlock Car Doors, Start Engines | SecurityWeek.Com
Watch This $80,000 Tesla Model Y Get Hacked With $20 Hardware - autoevolution
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Scams Soar Despite Crash (informationsecuritybuzz.com)
Cryptocurrency flowing into “mixers” hits an all-time high. Wanna guess why? | Ars Technica
Hackers stole $620 million from Axie Infinity via fake job interviews (bleepingcomputer.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Insurance
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Identity and Access Management
Encryption
Social Media
Training, Education and Awareness
Privacy
New Cache Side Channel Attack Can De-Anonymize Targeted Online Users (thehackernews.com)
Amazon handed Ring video to police without warrant, consent • The Register
TikTok Chief Security Officer Steps Down Amid Concerns About Privacy (businessinsider.com)
Regulations, Fines and Legislation
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber espionage groups increasingly target journalists and media organisations | CSO Online
Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine (darkreading.com)
Lithuanian Energy Firm Disrupted by DDOS Attack - Infosecurity Magazine (infosecurity-magazine.com)
Security vendor splits to address Russia’s war in Ukraine • The Register
Apple previews Lockdown Mode, a new extreme security feature | ZDNet
Nation State Actors
Nation State Actors – North Korea
Nation State Actors – Misc APT
Vulnerabilities
DHS warns: Expect Log4j risks for 'a decade or longer' • The Register
Microsoft's Patch Tuesday fixes one bug under active exploit • The Register
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution (cisecurity.org)
CISA orders agencies to patch new Windows zero-day used in attacks (bleepingcomputer.com)
Flaw in Netwrix Auditor application allows arbitrary code execution - Security Affairs
Elastix VoIP systems hacked in massive campaign to install PHP web shells (bleepingcomputer.com)
Hackers Targeting VoIP Servers by Exploiting Digium Phone Software (thehackernews.com)
Anvil Mobile Hit By New Exploit - DNS Hijacking. (informationsecuritybuzz.com)
Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now (darkreading.com)
Buggy WordPress plugin allows complete site takeover • The Register
VMware patches vCenter Server flaw disclosed in November (bleepingcomputer.com)
AMD, Intel chips vulnerable to 'Retbleed' Spectre variant • The Register
Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs (bleepingcomputer.com)
Microsoft releases PoC exploit for macOS sandbox escape vulnerability (bleepingcomputer.com)
AWS squashes authentication bugs in Kubernetes service • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Other News
5 key considerations for your 2023 cyber security budget planning | CSO Online
What Are the Risks of Employees Going on a 'Hybrid Holiday'? (darkreading.com)
New ‘Luna Moth’ hackers breach orgs via fake subscription renewals (bleepingcomputer.com)
Experian accounts could still be at risk from hackers | TechRadar
Mergers and acquisitions are a strong zero-trust use case • The Register
Recruitment agency Morgan Hunt confirms 'cyber incident' • The Register
New Exploit Attacks UK Routers and Runs Up Mobile Data Bills - ISPreview UK
How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub (darkreading.com)
Data breaches explained: Types, examples, and impact | CSO Online
President of European Central Bank Christine Lagarde targeted by hackers - Security Affairs
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 July 2022
Black Arrow Cyber Threat Briefing 08 July 2022:
-Businesses Urged Not To Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts
-People Are the Primary Attack Vector Around the World
-Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams
-54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)
-New Cyber Threat Emerges from the Inside, Research Report Finds
-Ransomware: Why it's still a big threat, and where the gangs are going next
-NCSC: Prepare for Protected Period of Heightened Cyber-Risk
-69% Of Employees Need to Deal With More Security Measures In A Hybrid Work Environment
-FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying
-As Cyber Criminals Recycle Ransomware, They're Getting Faster
-UK Military Investigates Hacks on Army Social Media Accounts
-APT Campaign Targeting SOHO Routers Highlights Risks to Remote Workers
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Businesses Urged Not to Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts
While there have been arguments made for criminalising the payment of ransoms, it poses a number of additional risks such as providing the criminals with an additional factor they could use to extort their victims.
Businesses are being urged not to pay cyber extortionists as authorities say they are seeing evidence of a rise in ransomware payments.
In a joint letter to the Law Society, the National Cyber Security Centre (NCSC) and the Information Commissioner's Office are warning solicitors who may have been advising their clients to pay.
It follows warnings earlier this year by cyber security experts from the UK, US, and Australia of a "growing wave of increasingly sophisticated ransomware attacks" which could have "devastating consequences".
The joint letter states that while ransomware payments are "not unusually unlawful" those who pay them "should be mindful of how relevant sanctions regimes (particularly those related to Russia)" when considering making the payment.
The US sanctioned in December 2019 any financial dealings with a Russian cyber crime group that was accused of working with Russian intelligence to steal classified government documents.
Despite the spillover from the Russian war in Ukraine - in one case knocking 5,800 wind turbines in Germany offline - the NCSC says it has not detected any increase in hostile activity targeting Britain during the conflict.
Businesses however had been warned that there is a heightened threat level when it comes to cyber attacks due to the conflict which is likely to be here "for the long-haul".
People Are the Primary Attack Vector Around the World
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber secure workforce and an engaged security culture.
People have become the primary attack vector for cyber-attackers around the world. Humans, rather than technology, represent the greatest risk to organisations and the professionals who oversee security awareness programs are the key to effectively managing that risk.
Awareness programs enable security teams to effectively manage their human risk by changing how people think about cyber security and help them exhibit secure behaviours, from the Board of Directors on down.
Effective and mature security awareness programs not only change their workforce’s behaviour and culture but also measure and demonstrate their value to leadership via a metrics framework. Organisations can no longer justify an annual training to tick the compliance box, and it remains critical for organisations to dedicate enough personnel, resources, and tools to manage their human risk effectively.
https://www.helpnetsecurity.com/2022/07/05/people-primary-attack-vector/
Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails.
Avoiding a costly social engineering attack often requires employees to spot suspicious emails before threat actors request sensitive information or access.
Cofense Intelligence published new research Thursday that showed most business email compromise (BEC) scams can be thwarted in their initial stages when the attackers are not asking for money or a transfer of funds. The cyber security vendor analysed hundreds of BEC emails sent to customers during March and April, and engaged with the threat actors in approximately half the cases.
The company found that only 36% of attackers looking to conduct fraud attacks opened with a cordial greeting and request for cash, gift cards or confidential payment information. Most BEC scams, Cofense found, attempt to slowly build up trust over the course of multiple email exchanges with the target and ingratiate them with common phrases like "sorry to bother you."
Once they realise they can get money out of you, they will do everything they can to drain you dry. For many of the scammers, this becomes a literal hustle, where they will quickly pivot to other cash-out methods. Just because something starts as a wire transfer doesn't mean they won't ask you to send cryptocurrency, gift cards, a cheque, or use your personal Venmo or PayPal to wire them money.
54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)
SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business Multi-Factor Authentication (MFA) Study released by the Cyber Readiness Institute (CRI).
Services that enforce MFA require users to present more than one piece of evidence whenever they log in to a business account (e.g., company email, payroll, human resources, etc.).
MFA has been in use for decades and is widely recommended by cyber security experts, yet 55% of SMBs surveyed are not “very aware” of MFA and its security benefits, and 54% do not use it for their business. Of the businesses that have not implemented MFA, 47% noted they either didn’t understand MFA or didn’t see its value. In addition, nearly 60% of small business and medium-sized owners have not discussed MFA with their employees.
Nearly all account compromise attacks can be stopped outright, just by using MFA. It’s a proven, effective way to thwart bad actors.
Of the companies that have implemented some form of MFA, many still seem to have done so haphazardly. Only 39% of those who offer MFA have a process for prioritising critical hardware, software, and data, with 49% merely “encouraging the use of MFA when it is available.”
https://www.helpnetsecurity.com/2022/07/08/smb-implement-mfa/
New Cyber Threat Emerges from the Inside, Research Report Finds
In its 2022 Insider Risk Intelligence & Research Report, DTEX Systems, a workforce cyber intelligence and security company, identifies a new cyber threat: the “Super Malicious Insider.”
Just what is a Super Malicious Insider and where does it come from? Well, it comes from inside your own organisation or someone who recently worked for you — a threat actor who may be truly of your own making.
“It was the year (2021) we all came to realise the Work-from-Anywhere (WFA) movement was here to stay,” DTEX reports. “For security and risk professionals, this hastened the end of corporate perimeter-centric security, and a requirement to protect hundreds of thousands of ‘remote offices’ outside of traditional corporate controls. To make matters worse, a measurable increase in employee attrition toward the end of 2021 created the perfect storm for insider threats.”
So, if your organisation didn’t observe a proportional increase in attempted or actual data loss, then you were likely not looking, DTEX asserts.
Critically your insiders know your vulnerabilities and can exploit them, for example, when an employee quits to join a competitor, it is often tempting to take proprietary information with them. This can include customer lists, product plans, financial data and other intellectual property.
The Super Malicious Insider is better able to hide their activities, obfuscate data and exfiltrate sensitive information without detection. Importantly, in numerous insider incidents reviewed in 2021, the Super Malicious Insider had made significant efforts to appear normal by not straying outside of their day-to-day routine, DTEX reports.
Here are some key statistics from the report:
Industrial espionage is at an all-time high. In 2021, 72% of respondents saw an increase in actionable insider threat incidents. IP or data theft led the list at 42% of incidents, followed by unauthorised or accidental disclosure (23%), sabotage (19%), fraud (%) and other (7%). In fact, 42% of all DTEX i3 investigations involved theft of IP or customer data.
The technology industry (38%), followed by pharma/life sciences (21%), accounted for the most IP theft incidents. In addition, technology (33%) had the most super malicious incidents, followed by critical infrastructure (24%) and government (11%).
Investigations that led to criminal prosecution occurred within someone’s home 75% of the time. More telling, 32% of malicious incident incidents included sophisticated insider techniques.
Ransomware: Why It's Still A Big Threat, And Where The Gangs Are Going Next
Ransomware attacks are still lucrative for cyber criminals because victims pay ransoms - and the threat is still evolving.
Ransomware has been a cyber security issue for a long time, but last year it went mainstream. Security threats like malware, ransomware and hacking gangs are always evolving.
Major ransomware attacks like those on Colonial Pipeline, the Irish Healthcare Executive and many others demonstrated how significant the problem had become as cyber attacks disrupted people's lives.
What was once a small cyber-criminal industry based around encrypting files on personal computers and demanding a ransom of a few hundred dollars for a decryption key had evolved into a massive ecosystem designed around holding critical services and infrastructure to ransom - and making extortion demands of millions of dollars.
No wonder Lindy Cameron, head of the UK's National Cyber Security Centre (NCSC), has described ransomware as "the biggest global cyber threat".
Ransomware is continually evolving, with new variants appearing, new ransomware groups emerging, and new techniques and tactics designed to make the most money from attacks.
And as the recent Conti ransomware leaks showed, the most successful ransomware gangs are organised as if they were any other group of software developers.
They are really acting like a business. Aside from the fact they're not legitimately registered, they really are. They're functioning like a real business and sometimes the number of people within these organisations is bigger than some startups. They have shown a lot of resilience and a lot of agility in adapting to what's new.
NCSC: Prepare for Protracted Period of Heightened Cyber Risk
The UK’s leading cyber security agency has urged organisations to follow best practices and take care of their infosecurity staff in order to weather an extended period of elevated cyber risk due to the ongoing war in Ukraine.
The National Cyber Security Centre (NCSC) guide, Maintaining A Sustainable Strengthened Cyber Security Posture, comes on the back of warnings that organisations must “prepare for the long haul” as the conflict enters its fifth month.
Alongside basic hygiene controls, the strengthening of cyber-resilience and revisiting of risk-based decisions made in the earlier acute phase of the war, organisations should pay special attention to their security staff, the NCSC said.
“Increased workloads for cyber security staff over an extended period can harm their wellbeing and lead to lower productivity, with a potential rise in unsafe behaviours or errors,” it said.
With this in mind, the guide highlighted several steps IT security managers should consider:
Empower staff to make decisions in order to improve agility and free-up leaders to focus on medium-term priorities
Spread workloads evenly across a wider pool of staff to reduce the risk of burnout and enable less experienced employees to benefit from development opportunities
Provide opportunities for staff to recharge through more frequent breaks and time away from the office, as well as work on less pressured tasks
Look after each other by watching for signs that colleagues are struggling and ensuring they always have the right resources to hand
Engage the entire workforce with the right internal communications processes, and support so that all staff are able to identify and report suspicious behaviour
https://www.infosecurity-magazine.com/news/ncsc-prepare-cyber-risk/
69% Of Employees Need to Deal with More Security Measures In A Hybrid Work Environment
Security firm Ivanti worked with global digital transformation experts and surveyed 10,000 office workers, IT professionals, and the C-Suite to evaluate the level of prioritisation and adoption of digital employee experience in organisations and how it shapes the daily working experiences for employees. The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe that the way they interact with technology directly impacts morale.
One of the biggest challenges facing IT leaders today is the need to enable a seamless end user experience while maintaining robust security. The challenge becomes more complex when there is pressure from the top to bypass security measures, with 49% of C-level executives reporting they have requested to bypass one or more security measures in the last year.
Maintaining a secure environment and focusing on the digital employee experience are two inseparable elements of any digital transformation. In the war for talent a key differentiator for organisations is providing an exceptional and secure digital experience. Ivanti, a cyber security software provider, says “We believe that organisations not prioritising how their employees experience technology is a contributing factor for the Great Resignation”.
https://www.helpnetsecurity.com/2022/07/04/security-measures-hybrid-work-environment/
FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying
The head of the FBI and the leader of Britain’s domestic intelligence agency have delivered an unprecedented joint address, raising fresh alarm about the Chinese government, warning business leaders that Beijing is determined to steal their technology for competitive gain.
In a speech at MI5’s London headquarters intended as a show of western solidarity, Christopher Wray, the FBI director, stood alongside the MI5 director general, Ken McCallum. Wray reaffirmed longstanding concerns about economic espionage and hacking operations by China, as well as the Chinese government’s efforts to stifle dissent abroad.
“We consistently see that it’s the Chinese government that poses the biggest long-term threat to our economic and national security, and by ‘our’, I mean both of our nations, along with our allies in Europe and elsewhere,” Wray said.
He told the audience the Chinese government was “set on stealing your technology, whatever it is that makes your industry tick, and using it to undercut your business and dominate your market”.
Ken McCallum said MI5 was running seven times as many investigations into China as it had been four years ago and planned to “grow as much again” to tackle the widespread attempts at inference which pervade “so many aspects of our national life”.
https://www.theguardian.com/world/2022/jul/06/fbi-mi5-china-spying-cyberattacks-business-economy
As Cyber Criminals Recycle Ransomware, They're Getting Faster
Like history, ransomware repeats itself. Researchers recently encountered a new variant of a ransomware campaign and observed that it has been improving itself by reusing code from publicly available sources.
Nokoyawa is a new ransomware for Windows that first appeared at the beginning of this year. The first samples found by researchers were gathered in February 2022 and contain significant coding similarities with other older ransomware strains, some going back to 2019.
These new variants had been improving themselves by reusing code from publicly available sources. The April 2022 samples include three new features that increase the number of files that Nokoyawa can encrypt. These features already existed in recent ransomware families, and their addition just indicates that Nokoyawa developers are trying to match pace with other operators in terms of technological capability.
https://www.securityweek.com/cybercriminals-recycle-ransomware-theyre-getting-faster
UK Military Investigates Hacks on Army Social Media Accounts
British military authorities are trying to find out who hacked the army’s social media accounts over the weekend, flooding them with cryptocurrency videos and posts related to collectible electronic art.
The investigation was launched after authorised content on the army’s YouTube account was replaced with a video feed promoting cryptocurrencies that included images of billionaire Elon Musk. The Army’s Twitter account retweeted a number of posts about non-fungible tokens, unique digital images that can be bought and sold but have no physical counterpart.
“Apologies for the temporary interruption to our feed,” the Army said in a tweet posted after the Twitter account was restored on Sunday. “We will conduct a full investigation and learn from this incident. Thanks for following us, and normal service will now resume.”
The Ministry of Defence said late Sunday that both breaches had been “resolved.”
While internet users were unable to access the Army’s YouTube site on Monday, a spokesperson said the site was down for standard maintenance. The Twitter feed was operating normally.
Although U.K. officials have previously raised concerns about state-sponsored Russian hacking, the military did not speculate on who was responsible for Sunday’s breaches.
“The Army takes information security extremely seriously, and until their investigation is complete it would be inappropriate to comment further,” the Ministry of Defence said.
https://www.securityweek.com/uk-military-investigates-hacks-army-social-media-accounts
Campaign Targeting SOHO Routers Highlights Risks to Remote Workers
A targeted attack campaign has been compromising small office/home office (SOHO) routers since late 2020, with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself.
"The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defence-in-depth protections by targeting the weakest points of the new network perimeter - devices that are routinely purchased by consumers but rarely monitored or patched - small office/home office (SOHO) routers," researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.
Threats
Ransomware
Lawyers Urged to Stop Advising Clients to Pay Ransomware Demands - Infosecurity Magazine
Ransomware in 2022: Evolving threats, slow progress (techtarget.com)
AstraLocker ransomware closes doors to pursue cryptojacking • The Register
Ransomware gangs are feeling the crypto winter's impact | TechSpot
LockBit explained: How it has become the most popular ransomware | CSO Online
Hive ransomware gang turns to Rust, more complex encryption • The Register
New RedAlert Ransomware targets Windows, Linux VMware ESXi servers (bleepingcomputer.com)
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)
North Korean ransomware dubbed Maui active since May 2021 • The Register
Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method (thehackernews.com)
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)
New 'HavanaCrypt' Ransomware Distributed as Fake Google Software Update | SecurityWeek.Com
As New Clues Emerges, Experts Wonder: Is REvil Back? (thehackernews.com)
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)
New 0mega ransomware targets businesses in double-extortion attacks (bleepingcomputer.com)
Evolution of the LockBit Ransomware operation relies on new techniques - Security Affairs
AstraLocker ransomware shuts down and releases decryptors (bleepingcomputer.com)
QNAP warns of new Checkmate ransomware targeting NAS devices (bleepingcomputer.com)
Quantum ransomware attack affects 657 healthcare orgs (bleepingcomputer.com)
How Conti ransomware group crippled Costa Rica — then fell apart | Financial Times (ft.com)
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)
EternalBlue 5 years after WannaCry and NotPetya - SANS Internet Storm Center
Phishing & Email Based Attacks
Malware
Hackers Exploiting Follina Bug to Deploy Rozena Backdoor (thehackernews.com)
Dangerous new malware dances past more than 50 antivirus services | TechRadar
Raspberry Robin campaign leverages compromised QNAP devicesSecurity Affairs
Malware knocks IT services vendor SHI offline • The Register
Near-undetectable malware linked to Russia's Cozy Bear • The Register
New stealthy OrBit malware steals data from Linux devices (bleepingcomputer.com)
Hackers are using YouTube videos to trick people into installing malware | TechRadar
Mobile
This WhatsApp scam promises big, but just sends you into a spiral | ZDNet
Android malware subscribes you to premium services without you knowing - GSMArena.com news
Free smartphone stalkerware detection tool gets dedicated hub (bleepingcomputer.com)
Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)
Internet of Things – IoT
Data Breaches/Leaks
Marriott Data Breach Exposes PII, Credit Cards (darkreading.com)
Aon Hack Exposed Sensitive Information of 146,000 Customers - Infosecurity Magazine
Hackers Claim to Have Stolen Police Data in China’s Largest Cyber Security Breach - Bloomberg
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ransomware gangs are feeling the crypto winter's impact | TechSpot
AstraLocker ransomware closes doors to pursue cryptojacking • The Register
Hackers are using YouTube videos to trick people into installing malware | TechRadar
PennyWise crypto-stealing malware spreads through YouTube (cointelegraph.com)
US urges Japan to step up pressure on crypto miners with links to Russia | Financial Times (ft.com)
Large-scale cryptomining campaign is targeting the NPM repositorySecurity Affairs
ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru
Insider Risk and Insider Threats
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost
HackerOne incident raises concerns for insider threats (techtarget.com)
Fraud, Scams & Financial Crime
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru
What Do All of Those Cloud Cyber Security Acronyms Mean? (darkreading.com)
Identity and Access Management
Asset Management
Encryption
Encryption is high up on corporate priority lists - Help Net Security
Quantum-resistant encryption recommended for standardization • The Register
The threat of quantum computing to sensitive data - Help Net Security
Inside NIST's 4 Crypto Algorithms for a Post-Quantum World (darkreading.com)
End-to-end encryption’s central role in modern self-defence | Ars Technica
API
Open Source
Social Media
Digital Transformation
Travel
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
ICO Set to Scale Back Public Sector Fines - Infosecurity Magazine
ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)
Wegmans hit with $400,000 data-breach penalty (democratandchronicle.com)
Models, Frameworks and Standards
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware (thehackernews.com)
Pro-Kremlin hackers Killnet hit Latvia with biggest cyber attack in its history | World | The Times
TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (thehackernews.com)
NATO Announce Plans to Develop Cyber Rapid Response Capabilities - IT Security Guru
FBI and MI5 bosses: China cheats and steals at massive scale • The Register
Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop
In Switch, Trickbot Group Now Attacking Ukrainian Targets (darkreading.com)
Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)
Nation State Actors
Nation State Actors – Russia
Russian Info Ops Ramp Up Effort to Divide West on Ukraine - Infosecurity Magazine
Near-undetectable malware linked to Russia's Cozy Bear • The Register
Nation State Actors – China
China Censors What Could Be Biggest Data Hack in History (gizmodo.com)
Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop
China’s Cabinet Stresses Cyber Security After Data Leak - Bloomberg
Security warning after sale of stolen Chinese data - BBC News
Five accused of trying to silence China critics in US • The Register
50 Chinese students leave UK in three years after spy chiefs’ warning | Espionage | The Guardian
More UK calls for ban of CCTV makers Hikvision, Dahua • The Register
Nation State Actors – North Korea
Russian information operations focus on dividing Western coalition supporting Ukraine - CyberScoop
North Korean ransomware dubbed Maui active since May 2021 • The Register
Nation State Actors – Iran
Vulnerabilities
Cisco and Fortinet Release Security Patches for Multiple Products (thehackernews.com)
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE - Security Affairs
Django fixes SQL Injection vulnerability in new releases (bleepingcomputer.com)
Google fixes the fourth Chrome zero-day in 2022 - Security Affairs - Security Affairs
Tens of Jenkins plugins are affected by zero-day vulnerabilities - Security Affairs
OpenSSL fixes two “one-liner” crypto bugs – what you need to know – Naked Security (sophos.com)
Fortinet addressed multiple vulnerabilities in several products - Security Affairs
There’s a Nasty Security Hole in the Apache Webserver – The New Stack
Sector Specific
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
We currently provide tailored threat intelligence based on the following sectors, additional sectors by arrangement:
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Other News
These are the cyber security threats of tomorrow that you should be thinking about today | ZDNet
Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk (darkreading.com)
Microsoft rolls back plan to block macros by default • Graham Cluley
Attacker groups adopt new penetration testing tool Brute Ratel | CSO Online
Security tester says he broke into datacenter via toilets • The Register
SQL injection, XSS vulnerabilities continue to plague organisations | CSO Online
Imagination is key to effective data loss prevention - Help Net Security
The Age of Collaborative Security: What Tens of Thousands of Machines Witness (thehackernews.com)
Maintaining a sustainable strengthened cyber security posture - NCSC.GOV.UK
Zero Trust Bolsters Our National Defence Against Rising Cyber Threats (darkreading.com)
Security advisory accidentally exposes vulnerable systems (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 01 July 2022
Black Arrow Cyber Threat Briefing 01 July 2022:
-Ransomware Is the Biggest Global Cyber Threat. And The Attacks Are Still Evolving
-Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion
-Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
-Three in Four Vulnerability Management Programs Ineffective, NopSec Research Finds
-EMEA Continues to Be a Hotspot for Malware Threats
-A New, Remarkably Sophisticated Malware Is Attacking Home and Small Office Routers
-What Are Shadow IDs, and How Are They Crucial in 2022?
-Zero-Days Aren't Going Away Anytime Soon & What Leaders Need to Know
-Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities
-Human Error Remains the Top Security Issue
-Carnival Cruises Torpedoed by US States, Agrees to Pay $6m After Wave of Cyber Attacks
-Uber Ex-Security Chief Accused of Hacking Coverup Must Face Fraud Charges, Judge Rules
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Is the Biggest Global Cyber Threat. And The Attacks Are Still Evolving
Ransomware is the biggest cyber security threat facing the world today, with the potential to significantly affect whole societies and economies – and the attacks are unrelenting, the head of the National Cyber Security Centre (NCSC) has warned.
"Even with a war raging in Ukraine – the biggest global cyber threat we still face is ransomware. That tells you something of the scale of the problem. Ransomware attacks strike hard and fast. They are evolving rapidly, they are all-pervasive, they're increasingly offered by gangs as a service, lowering the bar for entry into cyber crime," said Lindy Cameron, CEO of the NCSC in a speech at Tel Aviv Cyber Week.
She added that the NCSC has dealt with "nationally significant incidents" along with hundreds of general cyber incidents that "affect the UK more widely every year".
While she didn't detail any specific instances of responding to ransomware incidents, Cameron warned that "these complex attacks have the potential to affect our societies and economies significantly", and implied that if it weren't for the work of NCSC incident responders, alongside their counterparts in the industry and international counterparts, the attacks could have had a major impact.
Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion
Titaniam, Inc., the data security platform, announced the ‘State of Data Exfiltration & Extortion Report.’ The survey revealed that while over 70% of organisations have an existing set of prevention, detection, and backup solutions, nearly 40% of organisations have been hit with ransomware attacks in the last year, and more than 70% have experienced one in the previous five years, proving existing solutions to be woefully inadequate in managing the risks and impacts from these attacks.
Data exfiltration during ransomware attacks is up 106% relative to where it was five years ago. We are seeing the emergence of a new trend where cyber criminals are no longer limiting themselves to just encrypting entire systems—they are making sure to steal data ahead of the encryption so that they can have additional leverage on the victim. The survey found that 65% of those who have experienced a ransomware attack have also experienced data theft or exfiltration due to the incident. Of those victims, 60% say the hackers used the data theft to extort them further, known as double extortion. Most of them, i.e., 59% of victims, paid the hackers, implying that they were not helped by their backup or data security tools to prevent this fate.
Data is being exposed for theft and extortion in other ways too. Nearly half (47%) uncovered publicly exposed data in their systems in the last 24 months. It was found that respondents have a mix of data security & protection (78%), prevention & detection (75%), and backup and recovery (73%) in their cyber security stacks. Still, exposure and extortion numbers imply a missing puzzle piece regarding attacks.
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against companies spiked in Q1 2022 with patchable and preventable external vulnerabilities responsible for the bulk of attacks.
Eighty-two percent of attacks on organisations in Q1 2022 were caused by the external exposure of known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18 percent.
The numbers come from Tetra Defense and its quarterly report that sheds light on a notable uptick in cyber attacks against United States organisations between January and March 2022.
The report did not let employee security hygiene, or a lack thereof, off the hook. Tetra revealed that a lack of multi-factor authentication (MFA) mechanisms adopted by firms and compromised credentials are still major factors in attacks against organisations.
https://threatpost.com/lead-causes-of-q1-attacks/180096/
Three in Four Vulnerability Management Programs Ineffective
How at risk are organisations to unsecured vulnerabilities in their networks? NopSec, a threat and exposure management provider, gives us the answers in a new study of some 430 cyber security professionals.
Are security teams finding successful approaches to their vulnerability management, or are “open doors around their attack surface” leaving them susceptible to disaster in their organisation? The answer, as it turns out, is that some organisations are better at detection, response and remediation of their vulnerabilities.
Perhaps more importantly, others are not as locked down as they believe, according to the report. Keeping track of known vulnerabilities and responding quickly is one thing, but locating flaws they did not previously know existed is quite another.
Seventy percent of respondent say their vulnerability management program (VMP) is only somewhat effective or worse, blind spots and shadow IT remain top challenges, and vulnerabilities take too long to patch.
EMEA Continues to Be a Hotspot for Malware Threats
Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to the latest quarterly Internet Security Report from the WatchGuard Threat Lab. Researchers also found that the Emotet botnet came back in a big way, the infamous Log4Shell vulnerability tripled its attack efforts and malicious cryptomining activity increased.
Although findings from the Threat Lab’s Q4 2021 report showed ransomware attacks trending down year over year, that all changed in Q1 2022 with a massive explosion in ransomware detections. While Q4 2021 saw the downfall of the infamous REvil cybergang, WatchGuard analysis suggests that this opened the door for the LAPSUS$ extortion group to emerge, which along with many new ransomware variants such as BlackCat – the first known ransomware written in the Rust programming language – could be contributing factors to an ever-increasing ransomware and cyber-extortion threat landscape.
The report also shows that EMEA continues to be a hotspot for malware threats. Overall regional detections of basic and evasive malware show WatchGuard Fireboxes in EMEA were hit harder than those in North, Central and South America (AMER) at 57% and 22%, respectively, followed by Asia-Pacific (APAC) at 21%.
https://www.helpnetsecurity.com/2022/06/30/emea-malware-threats/
A New, Remarkably Sophisticated Malware Is Attacking Home and Small Office Routers
An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on June 28.
So far, researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.
The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive, and remain undetected, is the hallmark of a highly sophisticated threat actor.
"While compromising small office/home office (SOHO) routers as a vector to gain access to an adjacent LAN is not a novel technique, it has seldom been reported," Black Lotus Labs researchers wrote. "Similarly, reports of person-in-the-middle style attacks, such as DNS and HTTP hijacking, are even rarer and a mark of a complex and targeted operation. The use of these two techniques congruently demonstrated a high level of sophistication by a threat actor, indicating that this campaign was possibly performed by a state-sponsored organisation."
The campaign comprises at least four pieces of malware, three of them written from scratch by the threat actor. The first piece is the MIPS-based ZuoRAT, which closely resembles the Mirai internet-of-things malware that achieved record-breaking distributed denial-of-service attacks that crippled some Internet services for days. ZuoRAT often gets installed by exploiting unpatched vulnerabilities in SOHO devices.
https://www.wired.com/story/zuorat-trojan-malware-hacking-routers/
What Are Shadow IDs, and How Are They Crucial in 2022?
Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool that they preferred over any other sanctioned products (which JPMorgan certainly has quite a few of.)
Visibility into unknown and unsanctioned applications has been required by regulators and also recommended by the Center for Internet Security community for a long time. Yet it seems that new and better approaches are still in demand. Gartner has identified External Attack Surface Management, Digital Supply Chain Risk, and Identity Threat Detection as the top three trends to focus on in 2022, all of which are closely intertwined with Shadow IT.
"Shadow IDs," or in other words, unmanaged employee identities and accounts in third-party services, are often created using a simple email-and-password-based registration. Cloud access security broker (CASB) and corporate single-sign-on (SSO) solutions are limited to a few sanctioned applications, and are not widely adopted on most websites and services either. This means, that a large part of an organisation's external surface - as well as its user identities - may be completely invisible.
https://thehackernews.com/2022/06/what-are-shadow-ids-and-how-are-they.html
Zero-Days Aren't Going Away Anytime Soon, and What Leaders Need to Know
Few security exploits are the source of more sleepless nights for security professionals than zero-day attacks. Just recently, researchers discovered a new vulnerability enabling hackers to achieve remote code execution within Microsoft Office. Dubbing the evolving threat the Follina exploit, researchers say all versions of Office are at risk. And because the internal security teams have no time to prepare or patch their systems to defend against these software vulnerabilities, crafty threat actors can take advantage, taking their time after they've accessed an organisation's environment to observe and exfiltrate data while remaining completely unseen.
And though sophisticated threat actors and nations have exploited zero-days for nearly two decades, last year saw a historic rise in the number of vulnerabilities detected. Both Google and Mandiant tracked a record number of zero-days last year, with the caveat that more zero-days are being discovered because security companies are getting better at finding them — not necessarily because hackers are coming up with new vulnerabilities. Not all zero-days are created equal, though. Some require sophisticated and novel techniques, like the attack on SolarWinds, and others exploit simple vulnerabilities in commonly used programs like Windows. Thankfully, there's some basic cyber hygiene strategies that can keep your organisation sufficiently prepared to mitigate zero-day exploits.
Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities
Google Project Zero has observed a total of 18 exploited zero-day vulnerabilities in the first half of 2022, at least half of which exist because previous bugs were not properly addressed.
According to Google Project Zero researcher Maddie Stone, nine of the in-the-wild zero-days seen so far this year could have been prevented had organisations applied more comprehensive patching.
“On top of that, four of the 2022 zero-days are variants of 2021 in-the-wild zero-days. Just 12 months from the original in-the-wild zero-day being patched, attackers came back with a variant of the original bug,” Stone says.
The most recent of these issues is the Follina vulnerability in the Windows platform. Tracked as CVE-2022-30190, it is a variant of an MSHTML zero-day tracked as CVE-2021-40444.
CVE-2022-21882 is another Windows vulnerability that is a variant of an in-the-wild zero-day that was improperly resolved last year, namely CVE-2021-1732.
An iOS IOMobileFrameBuffer bug (CVE-2022-22587) and a type confusion flaw in Chrome’s V8 engine (CVE-2022-1096) are two other zero-days that are variants of exploited security flaws found last year – CVE-2021-30983 and CVE-2021-30551, respectively.
Other 2022 zero-days that are variants of improperly addressed security defects are CVE-2022-1364 (Chrome), CVE-2022-22620 (WebKit), CVE-2021-39793 (Google Pixel), CVE-2022-26134 (Atlassian Confluence), and CVE-2022-26925 (Windows flaw called PetitPotam).
https://www.securityweek.com/google-half-2022s-zero-days-are-variants-previous-vulnerabilities
Human Error Remains the Top Security Issue
Human error remains the most effective vector for conducting network infiltrations and data breaches.
The SANS Institute security centre issued its annual security awareness report Wednesday, which was based on data from 1,000 infosec professionals and found that employees and their lack of security training remain common points of failure for data breaches and network attacks. The report also tracked the maturity level of respondents' security awareness programs and their effectiveness in reducing human risk.
"This year's report once again identifies what we have seen over the past three years: that the most mature security awareness programs are those that have the most people dedicated to managing and supporting it," the cyber security training and education organisation said.
"These larger teams are more effective at working with the security team to identify, track, and prioritise their top human risks, and at engaging, motivating, and training their workforce to manage those risks."
The SANS Institute study ranked maturity by five levels, from lowest to highest: nonexistent, compliance-focused, promoting awareness and behaviour change, long-term sustainment and culture change, and metrics framework. The report found that while approximately 400 respondents said their programs promote awareness and behaviour change - the highest such response for any maturity level - the number represented a 10% decrease from the previous year's report.
Carnival Cruises Torpedoed by US States, Agrees to Pay $6m After Wave of Cyber Attacks
Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyber attacks.
A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based business revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.
It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.
Back in 2019, the security operations team spotted an internal email account sending spam to other addresses. It turned out miscreants had hijacked 124 employee Microsoft Office 365 email accounts, and were using them to send phishing emails to harvest more credentials. This, we're told, gave the intruders access to personal data on 180,000 Carnival employees and customers. It's likely the miscreants first broke in using phishing mails or brute-forcing passwords; either way, there was no multi-factor authentication.
Then in August 2020, the company said it was hit with the aforementioned ransomware, and copies of its files were siphoned. In January 2021, it was infected again with malware, and again sensitive information – specifically, customer passport numbers and dates of birth, and employee credit card numbers – were downloaded. And in March that year, a staffer's work email account was compromised again to send out a phishing email; more sensitive information was exposed.
https://www.theregister.com/2022/06/28/carnival-cybersecurity-fines/
Uber Ex-Security Chief Accused of Hacking Coverup Must Face Fraud Charges, Judge Rules
A federal judge on Tuesday said a former Uber Technologies Inc. security chief must face wire fraud charges over his alleged role in trying to cover up a 2016 hacking that exposed personal information of 57 million passengers and drivers.
The US Department of Justice had in December added the three charges against Joseph Sullivan to an earlier indictment, saying he arranged to pay money to two hackers in exchange for their silence, while trying to conceal the hacking from passengers, drivers and the US Federal Trade Commission.
Threats
Ransomware
Record-Breaking Year for Ransomware Attacks, WatchGuard Research Predicts - MSSP Alert
Cyber Security Experts Warn of Emerging Threat of "Black Basta" Ransomware (thehackernews.com)
AstraLocker 2.0 infects users directly from Word attachments (bleepingcomputer.com)
Black Basta Ransomware Gang Attacks 50 Companies, Cybereason Reports - MSSP Alert
How Dangerous Is BlackBasta Ransomware? (informationsecuritybuzz.com)
LockBit 3.0 Debuts With Ransomware Bug Bounty Program (darkreading.com)
Son of Conti: Ransomware tries its hand at politics - The Record by Recorded Future
Kaseya Ransomware - Cyber Leader’s Thoughts & Learnings One Year Later (informationsecuritybuzz.com)
Are Protection Payments the Future of Ransomware? (tripwire.com)
Conti vs. LockBit: A Comparative Analysis of Ransomware Groups (trendmicro.com)
This new malware is at the heart of the ransomware ecosystem | ZDNet
Macmillan Publishing shuts down systems after likely ransomware attack (bleepingcomputer.com)
Walmart denies being hit by Yanluowang ransomware attack (bleepingcomputer.com)
Fake copyright infringement emails install LockBit ransomware (bleepingcomputer.com)
Cisco Talos techniques uncover ransomware sites on dark web (techtarget.com)
RansomHouse gang claims to have some stolen AMD data • The Register
'Prolific' NetWalker extortionist pleads guilty • The Register
Phishing & Email Based Attacks
Google Warns About Hacker-for-Hire Services Trying to Phish Users (pcmag.com)
Clever phishing method bypasses MFA using Microsoft WebView2 apps (bleepingcomputer.com)
Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)
How phishing attacks are becoming more sophisticated - Help Net Security
How Evilnum Cyber Attacks Target Microsoft Office Files - MSSP Alert
New Matanbuchus Campaign drops Cobalt Strike beacons - Security Affairs
Kaspersky Reveals Phishing Emails That Employees Find Most Confusing (darkreading.com)
Ukraine arrests cyber crime gang operating over 400 phishing sites (bleepingcomputer.com)
Malware
Microsoft finds Raspberry Robin worm in hundreds of Windows networks (bleepingcomputer.com)
Microsoft Exchange servers worldwide backdoored with new malware (bleepingcomputer.com)
Microsoft warning: This malware that targets Linux just got a big update | ZDNet
ZuoRAT Hijacks SOHO Routers From Cisco, Netgear (darkreading.com)
XFiles info-stealing malware adds support for Follina delivery (bleepingcomputer.com)
Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)
PyPi python packages caught sending stolen AWS keys to unsecured sites (bleepingcomputer.com)
Mobile
Android Spyware 'Revive' Upgraded to Banking Trojan - Infosecurity Magazine
Phone Hackers: 9 Ways To Tell If You Have Fallen Victim (informationsecuritybuzz.com)
Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru
Internet of Things – IoT
Data Breaches/Leaks
Leaky Access Tokens Exposed Amazon Photos of Users | Threatpost
California gun dashboards expose 10 years of personal data • The Register
Organised Crime & Criminal Actors
Russia-China cyber criminal collaboration could “destabilize” international order | CSO Online
Canadian admits to hacking spree with Russian cyber-gang - BBC News
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Pentagon finds concerning vulnerabilities on blockchain | TechRepublic
Hackers steal $100m from another breached crypto bridge | TechRadar
Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine
Dozens of cryptography libraries vulnerable to private key theft | The Daily Swig (portswigger.net)
Missing Cryptoqueen: FBI adds Ruja Ignatova to top ten most wanted - BBC News
Singapore warns of ‘brutal, unrelentingly hard’ crypto regs • The Register
Insider Risk and Insider Threats
Rogue HackerOne employee steals bug reports to sell on the side (bleepingcomputer.com)
Japanese worker loses city's personal data in USB fail • The Register
How you handle independent contractors may determine your insider threat risk | CSO Online
Fraud, Scams & Financial Crime
Threat actors increasingly use third parties to run their scams - Help Net Security
Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine
Evolving online habits have paved the way for fraud. What can we do about it? - Help Net Security
Insurance
Software Supply Chain
It's a Race to Secure the Software Supply Chain — Have You Already Stumbled? (darkreading.com)
Over a Decade in Software Security: What Have We learned? - IT Security Guru
Denial of Service DoS/DDoS
Attack Surface Management
Shadow IT
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
RansomHouse Hackers Claim to Breach AMD With Bad Passwords (gizmodo.com)
Breaking Down the Zola Hack and Why Password Reuse is so Dangerous (bleepingcomputer.com)
Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)
Social Media
Verified Twitter accounts hacked to send fake suspension notices (bleepingcomputer.com)
Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign (darkreading.com)
New YTStealer malware steals accounts from YouTube Creators (bleepingcomputer.com)
Facebook 2FA phish arrives just 28 minutes after scam domain created – Naked Security (sophos.com)
Training, Education and Awareness
Privacy
‘Supercookies’ Have Privacy Experts Sounding the Alarm | WIRED
UK should immediately ban use of live facial recognition, warns report | Financial Times (ft.com)
Snoopers’ Charter Ruled Partially Unlawful - Infosecurity Magazine
We must stop sleepwalking towards a surveillance state | Financial Times (ft.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Manx government department fined over data breach - BBC News
Clearview fine: The unacceptable face of modern surveillance - Help Net Security
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
NATO to create cyber rapid response force, increase cyber defence aid to Ukraine - CyberScoop
Evilnum hackers return in new operation targeting migration orgs (bleepingcomputer.com)
Commercial cyber products must be used responsibly, says NCSC CEO (computerweekly.com)
G7 to tackle cyber threats and disinformation from Russia: communique | Reuters
Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru
China lured graduate jobseekers into digital espionage | Ars Technica
Nation State Actors
Nation State Actors – Russia
Ukraine targeted by almost 800 cyber attacks since the war started (bleepingcomputer.com)
Russian Hacker Group Says Cyber Attacks Continue On Lithuania (informationsecuritybuzz.com)
Russian hacktivists take down Norway govt sites in DDoS attacks (bleepingcomputer.com)
Russia's Killnet hacker group says it attacked Lithuania | Reuters
Nation State Actors – China
Chinese Hackers Target Building Management Systems | SecurityWeek.Com
China lured graduate jobseekers into digital espionage | Ars Technica
Nation State Actors – North Korea
Vulnerability Management
Why more zero-day vulnerabilities are being found in the wild | CSO Online
Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)
Microsoft's quiet mishandling of vulnerabilities is becoming a public mess - OnMSFT.com
Vulnerabilities
MITRE shares this year's list of most dangerous software bugs (bleepingcomputer.com)
How and why threat actors target Microsoft Active Directory | CSO Online
Atlassian Confluence Exploits Peak at 100K Daily (darkreading.com)
Patch Now: Linux Container-Escape Flaw in Azure Service Fabric (darkreading.com)
Zoho ManageEngine ADAudit Plus bug gets public RCE exploit (bleepingcomputer.com)
OpenSSL 3.0.5 awaits release to fix potential security flaw • The Register
CISA: Adopt Modern Auth now for Exchange Online • The Register
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild (thehackernews.com)
CISA orders agencies to patch Windows LSA bug exploited in the wild (bleepingcomputer.com)
Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware (trendmicro.com)
Jenkins discloses dozens of zero-day bugs in multiple plugins (bleepingcomputer.com)
New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers (thehackernews.com)
Sector Specific
Critical National Infrastructure (CNI)
Financial Services Sector
FinTech
A Fintech Horror Story: How One Company Prioritizes Cyber Security (darkreading.com)
Security and compliance concerns limit ‘open finance’ expansion, say executives (scmagazine.com)
Telecoms
OT, ICS, IIoT, SCADA and Cyber-Physical Systems
APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor (thehackernews.com)
Cyber-Physical Security: Benchmarking to Advance Your Journey | SecurityWeek.Com
Critical Security Flaws Identified in CODESYS ICS Automation Software (thehackernews.com)
Microsoft Exchange bug abused to hack building automation systems (bleepingcomputer.com)
5 Cyber Security Tips for Smart Buildings - IT Security Guru
Chinese Hackers Target Building Management Systems | SecurityWeek.Com
OT security: Helping under-resourced critical infrastructure organisations - Help Net Security
Energy & Utilities
Oil, Gas and Mining
Food and Agriculture
Education and Academia
Web3
Reports Published in the Last Week
Q1 2022 Incident Response Insights from Tetra Defense | Arctic Wolf
Defending Ukraine: Early Lessons from the Cyber War - Microsoft On the Issues
Other News
Cyber Attacks Gain Steam in Early '22: Tetra Defense Report - MSSP Alert
FBI warns crooks are using deepfake videos in job interviews • The Register
Destructive firmware attacks pose a significant threat to businesses - Help Net Security
48% of security practitioners seeing 3x increase in alerts per day - Help Net Security
Adversarial machine learning explained: How attackers disrupt AI and ML systems | CSO Online
82% Cyber Breaches In Verizon’s Report Preventable, Says MyCena (informationsecuritybuzz.com)
SolarWinds hack explained: Everything you need to know (techtarget.com)
Properly securing APIs is becoming increasingly urgent - Help Net Security
97% Of UK Business Leaders Expect Quantum Computing to Disrupt Their Sectors - Infosecurity Magazine
LGBTQ+ folks warned of dating app extortion scams • The Register
What is Zero Trust and why would you want it? • The Register
Tencent admits to poisoned QR code attack on QQ accounts • The Register
Exploring the insecurity of readily available Wi-Fi networks - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 June 2022
Black Arrow Cyber Threat Briefing 17 June 2022
-How Organisations Can Protect Themselves in The Emerging Risk Landscape
-Phishing Reaches All-Time High in Early 2022
-Ransomware Attacks Are Surging, with More Dangerous Hybrid Attacks to Come. Is Your Cyber Security Up to Date?
-The Challenges of Managing Increased Complexity As Hybrid IT Accelerates
-72% Of Middle Market Companies Expect to Experience a Cyber Attack
-Malware's Destruction Trajectory and How to Defeat It
-Which Stolen Data Are Ransomware Gangs Most Likely to Disclose?
-Threat Actors Becoming More Creative Exploiting the Human Factor
-66% Of Organisations Store 21%-60% Of Their Sensitive Data in The Cloud
-Travel-related Cyber Crime Takes Off as Industry Rebounds
-How Should You Think About Security When Considering Digital Transformation Projects?
-Internet Explorer Now Retired but Still an Attacker Target
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
How Organisations Can Protect Themselves in The Emerging Risk Landscape
ThoughtLab’s 2022 cyber security benchmarking study ‘Cyber Security Solutions for a Riskier World’ revealed that the pandemic has brought cyber security to a critical inflection point. The number of material breaches that respondents suffered rose 20.5% from 2020 to 2021, and cyber security budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%.
During that time, cyber security has become a strategic business imperative, requiring CEOs and their management teams to work together to meet the higher expectations of regulators, shareholders, and the board.
https://www.helpnetsecurity.com/2022/06/13/cybersecurity-strategic-business-imperative-video/
Phishing Reaches All-Time High in Early 2022
The Anti-Phishing Working Group (APWG) Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total.
In the first quarter of 2022, OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well, while attacks against retail/ecommerce sites fell from 17.3 to 14.6 percent after the holiday shopping season.
Phishing against social media services rose markedly, from 8.5 percent of all attacks in 4Q2021 to 12.5 percent in 1Q2022. Phishing against cryptocurrency targets—such as cryptocurrency exchanges and wallet providers—inched up from 6.5 in the previous quarter to 6.6 percent of attacks.
https://www.helpnetsecurity.com/2022/06/15/2022-total-phishing-attacks/
Ransomware Attacks Are Surging, with More Dangerous Hybrid Attacks to Come. Is Your Cyber Security Up to Date?
Time to reassess your cyber security strategies. Again.
Ransomware attacks on businesses have increased by one-third in the past year, according to a recent report by the Boston-based cyber security company Cybereason.
Most (73 percent of businesses) were hit by at least one ransomware attack in the past year, and 68 percent of businesses that paid a ransom were hit again in less than a month for a higher ransom, according to the survey, which polled 1,456 cyber security professionals at global companies with 700 or more employees.
These attacks have big implications: Thirty-seven percent of companies were forced to lay off employees after paying ransoms, and 33 percent were forced to temporarily suspend business.
Since the invasion of Ukraine, cyber security experts have insisted businesses improve their lines of defence to protect against an increased risk of ransomware attacks from Russia. Ransomware attacks have also increased since the start of the pandemic--the rise of remote work increased vulnerability for many businesses, which hackers have taken advantage of, a 2020 FBI memo noted. So, enterprises of all sizes are at risk from many more points of attack.
https://www.inc.com/rebecca-deczynski/ransomware-attacks-increasing-cyber-security-advice.html
The Challenges of Managing Increased Complexity as Hybrid IT Accelerates
SolarWinds released the findings of its ninth annual IT Trends Report which examines the acceleration of digital transformation efforts and its impact on IT departments. The report found the acceleration of hybrid IT has increased network complexity for most organisations and caused several worrisome challenges for IT professionals.
Hybrid and remote work have amplified the impact of distributed and complex IT environments. Running workloads and applications across both cloud and on-premises infrastructure can be challenging, and many organisations are increasingly experiencing—and ultimately hindered by—these pain points.
As more and more mission-critical workloads move to connected cloud architectures that span public, private, hybrid, and multi-cloud environments, enterprises recognise they need to invest in the tools that will help them ensure consistent policies and performance across all platforms and end users. However, they simultaneously face challenges such as budget, time constraints, and barriers to implementing observability as a strategy to keep pace with hybrid IT realities.
However professionals feel less confident in their organisation’s ability to manage IT. While 54% of respondents state they leverage monitoring strategies to manage this complexity, 49% revealed they lack visibility into the majority of their organisation’s apps and infrastructure. This lack of visibility impacts their ability to conduct anomaly detection, easy root-cause analysis, and other critical processes to ensure the availability, performance, and security of business-critical applications.
https://www.helpnetsecurity.com/2022/06/16/hybrid-it-acceleration-challenges/
72% Of Middle Market Companies Expect to Experience a Cyber Attack
Middle market companies face an increasingly volatile cyber security environment, with threats coming from more directions than ever before and more skilled criminals targeting the segment, according to an RSM US and US Chamber of Commerce report.
However, there is good news as the number of breaches reported in the last year among middle market companies slightly decreased with protections becoming more available and executives understanding the consequences related to potential incidents. Twenty-two percent of middle market leaders claimed that their company experienced a data breach in the last year, representing a drop from 28% in last year’s survey, suggesting that even with enhanced protections in place and the decrease in attacks, companies cannot afford to let their guard down.
The middle market encountered a roller coaster of risks in the last year, from lingering threats related to the COVID-19 pandemic to geopolitical conflicts and economic uncertainty.
The small drop in reported breaches is encouraging, and largely attributed to middle market companies beginning to implement better identity and access management controls. Yet, even with the decline in reported attacks, companies recognise the risks posed by the current dynamic threat environment, with 72% of executives anticipating that unauthorised users will attempt to access data or systems in 2022, a sharp rise from 64% last year and the highest number since RSM began tracking data in 2015.
https://www.helpnetsecurity.com/2022/06/16/middle-market-companies-cybersecurity/
Malware's Destruction Trajectory and How to Defeat It
Malware and targeted attacks on operating systems and firmware have become increasingly destructive in nature, and these more nefarious attack methods are rising in prevalence. And just to add insult to injury, there are more of them. Today’s attacks are hitting more often, and they are hitting harder.
In the first three decades of its existence, malware was primarily restricted to mischief and attempts by virus creators to discover if their creations would work. But now the threat landscape has changed from simple vandalism to lucrative cyber crime and state-sponsored attacks.
Wiper malware, in particular, has gained traction in recent months. The FortiGuard Labs research team has seen at least seven different malware attacks targeting Ukrainian infrastructure or Ukrainian companies so far this year. The primary reason for using Wiper malware is its sheer destructiveness – the intent is to cripple infrastructure. What does the increased presence of Wiper malware strains indicate? And what do security leaders need to know and do to keep their organisation safe? Read more…
https://www.securityweek.com/malwares-destruction-trajectory-and-how-defeat-it
Which Stolen Data Are Ransomware Gangs Most Likely to Disclose?
If your organisation gets hit by a ransomware gang that has also managed to steal company data before hitting the “encrypt” button, which types of data are more likely to end up being disclosed as you debate internally on whether you should pay the ransomware gang off?
Rapid7 analysed 161 data disclosures performed by ransomware gangs using the double extortion approach between April 2020 and February 2022, and found that:
The most commonly leaked data is financial (63%), followed by customer/patient data (48%)
Files containing intellectual property (e.g., trade secrets, research data, etc.) are rarely disclosed (12%) by ransomware gangs, but if the organisation is part of the pharmaceutical industry, the risk of IP data being disclosed is considerably higher (43%), “likely due to the high value placed on research and development within this industry.”
https://www.helpnetsecurity.com/2022/06/17/ransomware-data-disclosed/
Threat Actors Becoming More Creative Exploiting the Human Factor
Threat actors exhibited "ceaseless creativity" last year when attacking the Achilles heel of every organisation—its human capital—according to Proofpoint's annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company's deployments to identify the latest attack trends by malicious players.
"Last year, attackers demonstrated just how unscrupulous they really are, making protecting people from cyber threats an ongoing—and often eye-opening—challenge for organisations,” Proofpoint said in a statement.
The combination of remote work and the blurring of work and personal life on smartphones have influenced attacker techniques, the report notes. During the year, SMS phishing, or smishing, attempts more than doubled in the United States, while in the UK, 50% of phishing lures focused on delivery notifications. An expectation that more people were likely working from home even drove good, old-fashioned voice scams, with more than 100,000 telephone attacks a day being launched by cyber criminals.
66% Of Organisations Store 21%-60% Of Their Sensitive Data in The Cloud
A Thales report, conducted by 451 Research, reveals that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year, raising even greater concerns regarding the protection of sensitive data from cyber criminals.
Globally, cloud adoption and notably multicloud adoption, remains on the rise. In 2021, organisations worldwide were using an average amount of 110 software as a service (SaaS) applications, compared with just eight in 2015, showcasing a startlingly rapid increase.
With increasing complexity of multicloud environments comes an even greater need for robust cyber security. When asked what percentage of their sensitive data is stored in the cloud, 66% said between 21-60%. However, only 25% said they could fully classify all data.
https://www.helpnetsecurity.com/2022/06/16/cloud-based-data-breach-video/
Travel-related Cyber Crime Takes Off as Industry Rebounds
An upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cyber criminals to scam the tourists.
Researchers are warning a post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cyber crimes.
Criminal activity includes an uptick in adversaries targeting the theft of airline mileage reward points, website credentials for travel websites and travel-related databases breaches, according to a report by Intel 471.
The impact of the attacks are hacked accounts stripped of value. But also, researchers say the consequences of recent attacks can also include flight delays and cancelations as airlines grapple with mitigating hacks.
https://threatpost.com/travel-related-cybercrime-takes-off/179962/
How Should You Think About Security When Considering Digital Transformation Projects?
Digital transformation helps businesses keep operating and stay competitive. Here are the ways to think about security so that businesses reap the benefits without taking on associated risks.
Multiple factors contribute to the sheer number of digital transformation projects underway today: the proliferation of the Internet of Things (IoT), expanding artificial intelligence (AI) capabilities, the sudden shift to a remote workforce prompted by the global COVID-19 pandemic, and the rapid rate of cloud migration. Digital transformation is no longer a nice-to-have; it’s a must-have in order to survive and thrive in today’s business world.
CISOs and their security teams need to think about security in the digital age from both an internal and an external perspective. For the former, security teams should introduce and adopt digital enablers to transform the information security organisation. Digital enablers include the cloud, IoT, AI/machine learning (ML), and automation to transform the information security organisation.
For the latter, they should address potential risks as new digital enablers are introduced by the business to drive growth.
Here are five specific areas security teams should prioritise to achieve security-first digital transformation:
Security operations modernisation
Developer-centric security
Cloud strategy and execution
Connected devices
Big data and analytics
As important as it is to keep the business operating and competitive, organisations must transform securely. Keeping security at the forefront gives the business the benefits of digital transformation without the associated risks.
Internet Explorer Now Retired but Still an Attacker Target
Microsoft's official end-of-support for the Internet Explorer 11 desktop application on June 15 relegated to history a browser that's been around for almost 27 years. Even so, IE still likely will provide a juicy target for attackers.
That's because some organisations are still using Internet Explorer (IE) despite Microsoft's long-known plans to deprecate the technology. Microsoft meanwhile has retained the MSHTML (aka Trident) IE browser engine as part of Windows 11 until 2029, allowing organisations to run in IE mode while they transition to the Microsoft Edge browser. In other words, IE isn't dead just yet, nor are threats to it.
Though IE has a negligible share of the browser market worldwide these days (0.52%), many enterprises still run it or have legacy applications tied to IE. This appears to be the case in countries such as Japan and Korea. Stories in Nikkei Asia and Japan Times this week quoted a survey by Keyman's Net showing that nearly 49% of 350 Japanese companies surveyed are still using IE. Another report in South Korea's MBN pointed to several large organisations still running IE.
Threats
Ransomware
Ransomware attacks are increasing with more dangerous hybrids ahead | CSO Online
Why do organisations need to prioritize ransomware preparedness? - Help Net Security
Ransomware and Phishing Remain IT's Biggest Concerns (darkreading.com)
The attacker’s toolkit: Ransomware-as-a-service | VentureBeat
Ransomware gang publishes stolen victim data on the public Internet - Help Net Security
Researchers Discover Way to Attack SharePoint and OneDrive Files with Ransomware | SecurityWeek.Com
ALPHV/BlackCat ransomware gang starts publishing victims' data on the clear web - Security Affairs
Ransomware gang creates site for employees to search for their stolen data (bleepingcomputer.com)
Microsoft: Exchange servers hacked to deploy BlackCat ransomware (bleepingcomputer.com)
Conti's Attack Against Costa Rica Sparks a New Ransomware Era | WIRED UK
Hello XD ransomware now drops a backdoor while encrypting (bleepingcomputer.com)
Alphv ransomware gang ups pressure with new extortion scheme (techtarget.com)
Costa Rica Chaos a Warning That Ransomware Threat Remains | SecurityWeek.Com
DeadBolt ransomware takes another shot at QNAP storage • The Register
The many lives of BlackCat ransomware - Microsoft Security Blog
Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners (thehackernews.com)
BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers - Security Affairs
Ransomware gangs target Japan as a feeding ground | Financial Times (ft.com)
Africa's biggest supermarket hit by ransomware attacks | TechRadar
Phishing & Email Based Attacks
NakedPages Phishing Toolkit is Now Available on Cyber crime Forums - Infosecurity Magazine
New phishing attack infects devices with Cobalt Strike (bleepingcomputer.com)
Other Social Engineering
How social engineering attacks are evolving beyond email - Help Net Security
2,000 People Arrested Worldwide for Social Engineering Schemes | SecurityWeek.Com
Heineken giving away free beer for Father's Day? It's a WhatsApp scam (bitdefender.com)
Malware
Businesses are leaving bot attacks unchallenged for almost four months - Help Net Security
New Syslogk Linux rootkit uses magic packets to trigger backdoor (bleepingcomputer.com)
Linux Malware Deemed ‘Nearly Impossible’ to Detect | Threatpost
Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices (thehackernews.com)
Akamai Warns Of "Panchan" Linux Botnet That Leverages Golang Concurrency, Systemd - Phoronix
Websites Hosting Fake Cracks Spread Updated CopperStealer Malware (trendmicro.com)
Mobile
Over a billion Google Play Store app downloads could be infected by malware | TechRadar
Android malware on the Google Play Store gets 2 million downloads (bleepingcomputer.com)
MaliBot: A New Android Banking Trojan Spotted in the Wild (thehackernews.com)
Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users (thehackernews.com)
Android Spyware 'Hermit' Discovered in Targeted Attacks (darkreading.com)
Internet of Things - IoT
Anker Eufy smart home hubs exposed to RCE attacks by critical flaw (bleepingcomputer.com)
Researcher Shows How Tesla Key Card Feature Can Be Abused to Steal Cars | SecurityWeek.Com
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cyber Criminals Smuggle Ukrainian Men Across Border - Infosecurity Magazine
iCloud hacker gets 9 years in prison for stealing nude photos (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
INTERPOL raids hundreds of scammy call centers in sweep - CyberScoop
Fraud trends and scam tactics consumers should be aware of - Help Net Security
Dark Web
Supply Chain and Third Parties
Denial of Service DoS/DDoS
A tiny botnet launched the largest DDoS attack on record | ZDNet
DDoS Subscription Service Operator Gets 2 Years in Prison (darkreading.com)
Cloud/SaaS
Increased cloud complexity needs stronger cyber security - Help Net Security
Beware the 'Secret Agent' Cloud Middleware (darkreading.com)
SaaS security: How to avoid “death by 1000 apps” - Help Net Security
Quantifying the SaaS Supply Chain and Its Risks (darkreading.com)
83% of IT pros are using either hybrid or multi-cloud - Help Net Security
Privacy
Passwords, Credential Stuffing & Brute Force Attacks
24+ Billion Credentials Circulating on the Dark Web in 2022 — So Far (darkreading.com)
Strong passwords still a priority strategy for enterprises - Help Net Security
The future is passwordless. What's slowing it down? - Help Net Security
Brute-Force Attacks: How to Defend Against Them - MSSP Alert
Staffing Firm Robert Half Says Hackers Targeted Over 1,000 Customer Accounts | SecurityWeek.Com
Travel
Regulations, Fines and Legislation
Privacy Watchdog Set to Keep Millions in Fines for Legal Costs - Infosecurity Magazine
Canada wants companies to report cyber attacks and hacking incidents | Reuters
A closer look at the US SEC Cyber Security Disclosure rule - Help Net Security
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Sophisticated Android Spyware 'Hermit' Used by Governments | SecurityWeek.Com
Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks (thehackernews.com)
Vladimir Putin forced by cyber attack in Russia to delay keynote speech | The Independent
Iranian hacking campaign that included former US ambassador exposed - CyberScoop
Nation State Actors
Nation State Actors – Russia
Russian hackers start targeting Ukraine with Follina exploits (bleepingcomputer.com)
Mixed results for Russia's aggressive Ukraine information war, experts say - CyberScoop
Nation State Actors – China
Nation State Actors – Iran
Vulnerabilities
Microsoft fixes Follina and 55 other CVEs - Help Net Security
Details of Twice-Patched Windows RDP Vulnerability Disclosed | SecurityWeek.Com
New Hertzbleed side-channel attack affects Intel, AMD CPUs (bleepingcomputer.com)
Time to throw out those older, vulnerable Cisco SMB routers • The Register
Critical Citrix Bugs Impact All ADM Servers, Agents (darkreading.com)
Time to update: Google patches seven Chrome browser bugs, four rated 'high' risk | ZDNet
Why Log4j Is Still The Problem When The Patch Is Released 6 Months Ago? – Information Security Buzz
Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners (thehackernews.com)
Sophos Firewall zero-day bug exploited weeks before fix (bleepingcomputer.com)
Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses (thehackernews.com)
How to mitigate Active Directory attacks that use the KrbRelayUp toolset | CSO Online
Hertzbleed disclosure raises questions for Intel (techtarget.com)
Critical Atlassian Confluence flaw remains under attack (techtarget.com)
Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike (bleepingcomputer.com)
Zimbra bug allows stealing email logins with no user interaction (bleepingcomputer.com)
Microsoft takes months to fix critical Azure Synapse bug (techtarget.com)
PACMAN, a new attack technique against Apple M1 CPUs - Security Affairs
Critical Code Execution Vulnerability Patched in Splunk Enterprise | SecurityWeek.Com
High-Severity RCE Vulnerability Reported in Popular Fastjson Library (thehackernews.com)
This Security Exploit Could Have Major PS5 And PS4 Implications (slashgear.com)
Sector Specific
Financial Services Sector
Telecoms
Government
Health/Medical/Pharma Sector
Ransomware Risk in Healthcare Endangers Patients | Threatpost
Kaiser Permanente Says Data Breach Hit 69,000 Patients (gizmodo.com)
Transport and Aviation
CNI, OT, ICS, IIoT and SCADA
Tackling 5 Challenges Facing Critical National Infrastructure Today (darkreading.com)
State of OT Security in 2022: Big Survey Key Insights (trendmicro.com)
Over a Dozen Flaws Found in Siemens' Industrial Network Management System (thehackernews.com)
Eight ICS Zero Days Could Open Doors for Hackers - Infosecurity Magazine
Web3
Reports Published in the Last Week
Other News
Why We Need Security Knowledge and Not Just Threat Intel (darkreading.com)
Once is never enough: The need for continuous penetration testing - Help Net Security
CISOs Gain False Confidence in the Calm After the Storm of the Pandemic (darkreading.com)
9 ways hackers will use machine learning to launch attacks | CSO Online
API security warrants its own specific solution - Help Net Security
Cyber Security Courses Ramp Up Amid Shortage of Professionals | SecurityWeek.Com
How Russian sanctions may be helping US cyber security (techtarget.com)
UK Security Practitioners Lack The Confidence To Stop Attacks – Information Security Buzz
How Can Security Partnerships Help to Mitigate the Increasing Cyber Threat? (darkreading.com)
45% of cyber security pros are considering quitting the industry due to stress - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.