Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 26 April 2024
Black Arrow Cyber Threat Intelligence Briefing 26 April 2024:
-Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox
-Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery
-Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy
-Ransomware Double-Dip - Re-Victimisation in Cyber Extortion
-AI is a Major Threat and Many Financial Organisations Are Not Doing Enough to Fight the Threat
-6 out of 10 Businesses Struggle to Manage Cyber Risk
-'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs
-Penetration Testing Infrequency Leaves Security Gaps
-Bank Prohibited from Opening New Accounts After Regulators Lose Patience With Poor Cyber Security Governance
-The Psychological Impact of Phishing Attacks on Your Employees
-Where Hackers Find Your Weak Spots
-The Role of Threat Intelligence in Financial Data Protection
-Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox
The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.
Sources: [IT Security Guru] [Emerging Risks]
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery
The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.
According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.
Sources: [The Hacker News] [Huntress] [SC Media]
Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy
Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.
Source: [Forbes]
Ransomware Double-Dip: Re-Victimisation in Cyber Extortion
A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.
Sources: [Security Magazine] [The Hacker News] [SC Media]
AI is a Major Threat and Many Financial Organisations Are Not Doing Enough
Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.
Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.
Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]
6 out of 10 Businesses Struggle to Manage Cyber Risk
A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.
Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.
Sources: [PR Newswire] [Beta News]
'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs
Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.
Source: [Security Brief] [Tripwire]
Penetration Testing Infrequency Leaves Security Gaps
Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.
The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.
Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.
Source: [MSSP Alert]
Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance
A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.
Source: [The Register]
The Psychological Impact of Phishing Attacks on Your Employees
Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.
Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.
Source: [Beta News]
Where Hackers Find Your Weak Spots
A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.
Source: [Dark Reading]
The Role of Threat Intelligence in Financial Data Protection
The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.
Source: [Security Boulevard]
Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say
According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.
Source: [TechRadar] [Security Magazine]
Governance, Risk and Compliance
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Six out of 10 businesses struggle to manage cyber risk (betanews.com)
Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)
It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress
Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)
Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News
Cyber staff priority as threats continue – report (emergingrisks.co.uk)
UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar
Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur
Bank banned from opening new accounts over IT risks • The Register
Battening down the hatches: Navigating third-party cyber threats | SC Media (scmagazine.com)
Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com
73% of SME security pros missed or ignored critical alerts - Help Net Security
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)
4 steps CISOs can take to raise trust in their business | TechTarget
NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)
Uncertainty is the most common driver of noncompliance - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine
Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)
'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)
Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget
Behavioural patterns of ransomware groups are changing - Help Net Security
Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)
Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)
Hackers use developing countries as testing ground for new ransomware attacks (ft.com)
Ransomware Still On Rise Despite Better Defences, Firm Says - Law360
Hackers are using developing countries for ransomware practice | Ars Technica
Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)
Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)
Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)
CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra
Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)
Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities | CISA
Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)
Ransomware Victims
Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)
UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert
UnitedHealth admits breach could affect large chunk of US • The Register
Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)
UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert
UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)
Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week
Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)
Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)
Authentication failure blamed for Change Healthcare ransomware attack | CSO Online
Ransomware feared as Octapharma Plasma closes 150+ centers • The Register
Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week
Carpetright unable to trade after cyber attack - Retail Gazette
Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)
Phishing & Email Based Attacks
The psychological impact of phishing attacks on your employees (betanews.com)
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)
BEC
Other Social Engineering
LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)
Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert
Artificial Intelligence
AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update
Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)
Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra
AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)
CSOs say AI is 'biggest cyber threat' to organisations | TechRadar
Man arrested for 'framing colleague' with AI-generated voice • The Register
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)
People doubt their own ability to spot AI-generated deepfakes - Help Net Security
A National Security Insider Does the Math on the Dangers of AI | WIRED
40% of organisations have AI policies for critical infrastructure | Security Magazine
GPT-4 can exploit real vulnerabilities by reading advisories • The Register
25 cyber security AI stats you should know - Help Net Security
Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard
6 security items that should be in every AI acceptable use policy | CSO Online
'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence
The use of AI in war games could change military strategy (theconversation.com)
2FA/MFA
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
What is multi-factor authentication (MFA), and why is it important? - Help Net Security
Malware
ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)
Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena
New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)
GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)
Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)
Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)
Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)
Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week
Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)
Antivirus updates hijacked to drop dangerous malware | TechRadar
Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica
Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)
Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Mobile
Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)
iPhone password reset attacks are real – how to protect yourself | Mashable
New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)
Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)
Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET
Data Breaches/Leaks
5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)
Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News
AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)
App bug exposes 1M neighbourhood watchers to data harvesters • The Register
Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)
Organised Crime & Criminal Actors
Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)
Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)
Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)
Insider Risk and Insider Threats
Most people still rely on memory or pen and paper for password management - Help Net Security
CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch
Insurance
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)
Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget
Supply Chain and Third Parties
Battening down the hatches: Navigating third-party cyber threats | SC Media (scmagazine.com)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week
Cloud/SaaS
How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)
5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)
Identity and Access Management
How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)
Identity-based security threats are growing rapidly: report | CSO Online
Encryption
Europol asks tech firms, governments to get rid of E2EE • The Register
How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)
Australian authorities call for Big Tech help with decryption • The Register
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Most people still rely on memory or pen and paper for password management - Help Net Security
New Password Cracking Analysis Targets Bcrypt - Security Week
Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)
Social Media
Dutch govt body: Don't use Facebook if unsure about privacy • The Register
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard
NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra
Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)
Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)
A view from Brussels: To be sovereign, or not to be (iapp.org)
Cyber Security | UK Regulatory Outlook April 2024 - Lexology
Net neutrality has been restored in the US - Help Net Security
Models, Frameworks and Standards
Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)
Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard
Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard
Data Protection
Boost your data protection with insights from Dell's report - SiliconANGLE
A view from Brussels: To be sovereign, or not to be (iapp.org)
Careers, Working in Cyber and Information Security
Cyber staff priority as threats continue – report (emergingrisks.co.uk)
Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard
Addressing the cyber skills shortage: 5 key steps to take | CSO Online
Five Essential Steps To Land Your First Cyber Security Job (forbes.com)
Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru
Law Enforcement Action and Take Downs
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)
Man arrested for 'framing colleague' with AI-generated voice • The Register
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)
China
ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)
Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)
UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)
FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)
Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters
New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)
Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times
MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security
Ads on .gov.uk websites raise eyebrows over privacy • The Register
Russia
Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)
Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro
Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)
Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)
Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)
Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)
Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)
Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security
Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop
Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)
MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security
Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)
Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)
Iran
Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop
Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register
Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop
The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)
North Korea
Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)
Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert
Automated patch management: 9 best practices for success | TechTarget
Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack
GPT-4 can exploit real vulnerabilities by reading advisories • The Register
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Vulnerabilities
22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)
Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)
'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)
Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)
MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)
GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)
Google Patches Critical Chrome Vulnerability - Security Week
Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)
PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)
Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)
Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)
GitHub vulnerability leaks sensitive security reports | TechTarget
New Password Cracking Analysis Targets Bcrypt - Security Week
Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)
Tools and Controls
Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)
Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert
The Role of Threat Intelligence in Financial Data Protection - Security Boulevard
Automated patch management: 9 best practices for success | TechTarget
Rethinking How You Work with Detection and Response Metrics (darkreading.com)
Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard
Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek
What is multi-factor authentication (MFA), and why is it important? - Help Net Security
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)
5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)
Explore CASB use cases before you decide to buy | TechTarget
SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek
Identity-based security threats are growing rapidly: report | CSO Online
Microsoft criticized for charging for security add-ons • The Register
5 insights from new Microsoft CNAPP guide | Microsoft Security Blog
The Peril of Badly Secured Network Edge Devices (inforisktoday.com)
VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)
The first steps of establishing your cloud security strategy - Help Net Security
40% of organizations have AI policies for critical infrastructure | Security Magazine
Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)
World´s most advanced cyber defence exercise kicks off in Tallinn
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Reports Published in the Last Week
Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)
Boost your data protection with insights from Dell's report - SiliconANGLE
Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)
Cyber Security in the UK - House of Commons Library (parliament.uk)
Other News
Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)
Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)
UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)
Internet cable at Cali airport cut in apparent sabotage • The Register
EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)
Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)
AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga
Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly
World´s most advanced cyber defence exercise kicks off in Tallinn
Why Cyber Security Is Key To Solving Global Crises (forbes.com)
Colleges spending more than ever on cyber security efforts (insidehighered.com)
Foreign states targeting UK universities, MI5 warns - BBC News
Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)
Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 December 2023
Black Arrow Cyber Threat Intelligence Briefing 08 December 2023:
-Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year
-Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says Government
-NCSC CTO Cyber Security is Essential, Not Optional
-69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs
-75% of Sports Related Passwords are Reused Across Accounts
-Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift
-Ransomware, Vendor Hacks Push Breach Number to Record High
-Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure
-Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?
-US Government Agency Was Hacked Thanks to 'End of Life' Software
-Digital Transformation, Security Implications, and their Effects on The Modern Workplace
-Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach
-Report Reveals Sorry State of Cyber Security at UK Football Clubs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year
A survey of more than 1,200 UK businesses of all sizes across multiple industries conducted by Aviva found that a fifth of UK businesses were victims to cyber attacks in the past year. The report found that businesses were 67% more likely to have experienced a cyber incident than a physical theft and five times more likely to have experienced a cyber attack than a fire.
When it came to the fallout from a cyber attack, 31% of businesses experienced operational disruption and 20% admit to not being confident in knowing what to do should this happen. This lack of confidence rises to more than a quarter (27%) for small businesses, who appear to be the most vulnerable to such a risk. Financially, the average incident was found to cost £21,000, however this figure is likely to be more given the further implications that result from a cyber attack.
Sources: [Insurance Age] [theHRD] [Infosecurity Magazine]
Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says UK Government
The UK government has accused Russia's Federal Security Service (FSB), successor to the KGB, of conducting a prolonged cyber hacking campaign since at least 2015, targeting politicians, journalists, academics, and others through sophisticated attacks that included the creation of false accounts. This accusation, part of a coordinated effort with the US, aims to disrupt FSB operations and raise awareness ahead of major elections. This comes as a recent report by Palo Alto Networks' Unit 42 found that the Russia-linked APT28 group, also known as “Forest Blizzard” or “Fancybear,” has exploited a Microsoft Outlook vulnerability to target European NATO members. Active since 2007 and linked to the Russian military, APT28's recent campaigns have focused on government, energy, transportation, and NGOs in the US, Europe, and the Middle East. These incidents highlight the critical need for enhanced cyber security measures and international cooperation to counter sophisticated and evolving cyber threats, ensuring the security of sensitive sectors and the integrity of global democratic processes.
Sources: [BBC News] [ Security Affairs]
NCSC CTO: Cyber Security is Essential, Not Optional
Ollie Whitehouse, Chief Technology Officer (CTO) of the UK’s NCSC has argued in a recent keynote that extra security features should not be a premium feature, highlighting the importance of vendors adopting a secure-by-design method, rather than implementing security upcharges where vendors charge extra for users to secure their product.
The speech also noted that organisations should utilise the tools that are already available to them, on top of maintaining a focus on user awareness.
Sources: [Infosecurity Magazine] [Dark Reading]
69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs
According to a survey, 75% of respondents reported being targeted by ransomware in the past year, and of those, 69% paid the ransom. 54% of those who paid the ransom, suffered financial ramifications of $100,000 or more. It is unclear whether the research includes further implications such as regulatory fines, loss of work, reputational damage, and cost of down-time.
A separate study found that ransomware attacks costs are directly contributing to rising inflation in the UK, as businesses face an average increase of 17% to their costs following an attack. Cumulatively, 68% of the companies represented in the survey reported they had increased prices by at least 11% as a direct result of suffering an attack. In addition, of those falling victim to ransomware, 70% believed their business would have to close if they suffered another attack. When it came to the time lost to dealing with ransomware, companies took an average of two months to recover from an attack and 16% took between three and six months.
Sources: [ITPro] [Beta News] [Security Magazine]
75% of Sports Related Passwords are Reused Across Accounts
According to a recent Bitwarden report, 33% of Americans have used a sports-themed password. This figure rose to 49% for those ages 18-34. Of those, 75% admitted to using it across multiple accounts. Password re-use a common issue globally: by re-using passwords, users are multiplying the likelihood of being breached by an attacker. Additionally, this can crossover to the corporate environment, where users’ personal breached credentials can be utilised to get into their corporate account.
Sources: [Security Magazine] [Help Net Security]
Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift
As ransomware continues to rise, we can expect groups to evolve their attacks, operating on a larger scale for bigger profits, especially following large-scale supply chain attacks in the past 12 months. Ransomware has solidified its position as the predominant security threat in 2023, with a record number of victims. A recent report highlighted a 46% increase in cyber extortion and ransomware attacks compared to previous years. This trend shows ransomware evolving into a profitable microcosm, akin to a startup ecosystem, with more groups emerging as disruptors and newcomers. In response, organisations are increasingly turning to services that lend-out cryptocurrency, a frequent ransomware payment method. With changing tactics and the formation of new groups, it's crucial for leaders to prepare their 2024 security strategies now, ensuring they have a robust plan in place to counter ransomware threats to their organisations.
Sources: [Barrons] [Help Net Security] [Computer Weekly]
Ransomware, Vendor Hacks Push Breach Number to Record High
The world is experiencing a significant rise in data breaches, reaching a record high with more than 360 million individuals affected in the first eight months of 2023 in the US alone, according to a joint report from Apple and an MIT researcher. This alarming increase includes a notable surge in ransomware attacks, which have escalated by nearly 70% compared to 2022. The healthcare sector is particularly vulnerable, with 60% of organisations reporting ransomware attacks in 2023, an increase from 34% in 2021. The largest health data breach this year impacted 11 million people at HCA Healthcare. A critical factor in these breaches is the exploitation of third-party vendors, as seen in attacks on Progress Software's MOVEit and Fortra's GoAnywhere applications. These incidents highlight the urgent need for organisations to prioritise data security, especially in managing relationships with vendors, to protect sensitive information and mitigate the growing threat of cyber attacks.
Source: [Info Risk Today]
Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure
News of one of the UK’s most high profile nuclear power stations, Sellafield, being hacked, with fears that highly sensitive information has been accessible for years, has led to new calls for the UK to tighten up security of its vital infrastructure. Rather worryingly, The Guardian have added that it discovered that authorities were unaware of its first compromise, but it has been detected as far back as 2015.
Sources: [Emerging Risks]
Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?
Conveyancing firms across the UK faced significant disruption when they discovered blank screens on their computers due to a problem originating from CTS, a cloud hosting provider widely used for legal applications. This unexpected issue led many within these affected firms to hastily purchase new laptops to regain partial access to emails and documents, but their case management systems remained largely inaccessible. Firms had to devise manual workarounds to keep transactions moving, amidst concerns about the safety of client data and funds. While most firms have found ways to progress with exchanges and completions, the reliance on cumbersome manual processes and limited access to client data and financial systems has more than doubled the workload. This situation raises several questions about the preparedness and resilience of paperless (or paper-light) office environments, the adequacy of backup systems, and potential compensation for those inconvenienced. The immediate focus, however, is on collaborative efforts to ensure as many clients as possible can move into their new homes before Christmas.
Source: [Property Industry Eye]
US Government Agency Was Hacked Thanks to 'End of Life' Software
The US Cyber security and Infrastructure Security Agency (CISA) recently issued a warning about two cyber attacks on an undisclosed federal agency, exploiting a vulnerability in outdated Adobe ColdFusion software. This software, now end-of-life, no longer receives updates, leaving the agency vulnerable and unable to apply security patches. The attacks, which occurred in June and July, appeared to be reconnaissance efforts to map the agency's network, with no evidence of malware installation or data exfiltration. However, it's unclear if the same hackers were behind both incidents. Microsoft Defender for Endpoint detected and limited the hackers' activities. This situation underscores the significant risks associated with running end-of-life software, highlighting the need for organisations to update or replace such software to protect against potential cyber threats.
Source:[ TechCrunch]
Digital Transformation, Security Implications, and their Effects on The Modern Workplace
The vast majority of digital transformation projects will have implications for your cyber security, yet too often this is overlooked with the focus on delivery of the project or the functionality it will bring. Thinking about security after the fact is not only more expensive and less efficient, but can also mean dangerous gaps remaining open in the meantime. In this era, where remote work and public network access are prevalent, the lack of a robust cyber security framework significantly undermines the digital transformation process. Continuous employee education on digital threats and proactive cyber security measures are not just add-ons but essential components of a successful digital transformation. As businesses move towards 2024, integrating advanced cyber security practices is as crucial as adopting new technologies for a truly effective and secure digital transformation.
Source:[ Forbes]
Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach
With 90% of the largest energy companies globally experiencing a third-party breach in the past 12 months, it is no wonder the sector is shaken. In the US, 100% of the top 10 US energy providers suffered a breach and in total, 98% of the organisations in the research used at least one third party vendor that had experienced a breach in the last two years.
Third-party breaches are a concern for any organisation. It is important to know who has access to your organisation’s data, and what security controls they have in place to protect it. Organisations can benefit from firstly identifying who has their information and then conducting supply chain risk assessments to understand what information is held and how it is protected.
Sources: [Help Net Security]
Report Reveals Sorry State of Cyber Security at UK Football Clubs
A new report reveals a concerning lack of cyber resilience within UK football clubs, extending from the Premier League downwards. The industry, increasingly targeted by cyber attacks, suffers from a disconnect between the perceived and actual risk levels. Key findings include a general lack of cyber maturity, outdated approaches to cyber security, and a scarcity of dedicated IT and cyber security roles, including Chief Information Security Officers (CISOs). Despite significant financial investments in players, there's reluctance from club boards to allocate sufficient resources for cyber security. The report underscores the need for comprehensive training, increased awareness of security risks across all levels of club operations, and the hiring of dedicated cyber security professionals. This situation calls for an industry-wide standard for cyber security budgets, scaled according to the club's size and turnover, to adequately address these emerging digital threats.
Source: [Computer Weekly]
Governance, Risk and Compliance
A fifth of UK businesses victims of cyber attacks in past year - Insurance Age
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
Digital Transformation And Its Effects On The Modern Workplace (forbes.com)
UK Cyber CTO: Vendors' Security Failings Are Rampant (darkreading.com)
Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)
2024 will see wave after wave of cyber attacks | theHRD (thehrdirector.com)
Doing More With Less: Cyber Security Tools And Budget Efficiency (forbes.com)
Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard
SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)
CISOs are getting more help after cyber attacks, but often it isn't helping | TechRadar
Cyber and remote working: How Covid moved the cursor | Computer Weekly
Why effective cyber security is more important than ever for European family offices | Campden FB
Building cyber-resilience: Security, compliance, governance, and privacy - Digital Journal
Massive Consolidated Lawsuit Blazes Trail for Hacking Litigation (bloomberglaw.com)
Threats
Ransomware, Extortion and Destructive Attacks
69% of organisations facing ransomware attacks paid the ransom | Security Magazine
2023 may have seen highest ransomware ‘body count’ yet | Computer Weekly
Cyber attacks surge in 2023, as millions fall victim to ransomware: Report (yahoo.com)
Ransomware attack costs are driving up inflation in the UK | ITPro
Ransomware ramped up against private sector in November | TechTarget
BlackCat threatens to directly extort vendor's customers • The Register
New wave of ransomware attacks plague US critical infrastructure post-Thanksgiving (axios.com)
How Ransomware Gangs Are Fueling a New Cyber Security Arms Race - Barron's (barrons.com)
Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)
Expert warns of Turtle macOS ransomware (securityaffairs.com)
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)
Linux version of Qilin ransomware focuses on VMware ESXi (bleepingcomputer.com)
LockBit Remains Top Global Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)
Wanted: top three most prolific ransomware gangs revealed! (techinformed.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Ransomware Victims
60 US credit unions offline after cloud ransomware infection • The Register
'Thousands' affected by cyber attack on conveyancing platform (thenegotiator.co.uk)
Western Isles Council 'counting cost' of November's cyber attack - BBC News
Austal USA Investigates Cyber Attack Claimed by Ransomware Group (darkreading.com)
Almost 440K individuals affected by cyber attack on Proliance Surgeons (WA) | HealthLeaders Media
Phishing & Email Based Attacks
Black Friday phishing attacks, and other cyber security news | World Economic Forum (weforum.org)
US aerospace firm downed by spearphishing attack | SC Media (scmagazine.com)
Booking.com users angry at firm's response to hacks - BBC News
Hershey warns of data breach following phishing attack (therecord.media)
This huge Russian phishing campaign is hitting targets across the world | TechRadar
ChatGPT builder helps create scam and hack campaigns - BBC News
Artificial Intelligence
ChatGPT builder helps create scam and hack campaigns - BBC News
Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law
Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek
How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)
Exploring the impact of generative AI in the 2024 presidential election - Help Net Security
Put guardrails around AI use to protect your org, but be open to changes - Help Net Security
Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek
Proliferation of AI-driven Attacks Anticipated in 2024 (itsecuritywire.com)
Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law
Researchers automated jailbreaking of LLMs with other LLMs - Help Net Security
Malware
Fake WordPress security advisory pushes backdoor plugin (bleepingcomputer.com)
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)
Agent Racoon Backdoor Targets Organisations in Middle East, Africa, and US (thehackernews.com)
Mac users are being targeted again with dangerous malware - here's what to know | TechRadar
Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)
New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand (thehackernews.com)
Hackers switch from email attacks to downloads (therecord.com)
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)
Mobile
Android users warned about new threat after one victim loses $280K - PhoneArena
December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)
94 Vulnerabilities Patched in Android with December 2023 Security Updates - SecurityWeek
Top mobile password managers could be exposing user details | TechRadar
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)
SpyLoan Android malware on Google Play downloaded 12 million times (bleepingcomputer.com)
Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)
Apple and some Linux distros are open to Bluetooth attack • The Register
Denial of Service/DoS/DDOS
Internet of Things – IoT
EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)
Customizing Cyber Security For Critical Infrastructure In Smart Cities (forbes.com)
Data Breaches/Leaks
23andMe to Book Up to $2M in Cyber Security Breach Expenses - MarketWatch
After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica
23andMe updates user agreement to prevent data breach lawsuits (bleepingcomputer.com)
23andMe confirms hackers stole ancestry data on 6.9 million users | TechCrunch
23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)
Data breach debacle hits yet another UK public sector org • The Register
Fortune-telling website WeMystic exposes 13M+ user records (securityaffairs.com)
Hackers Claim to Have Stolen Data From Naval Shipyard Austal USA (maritime-executive.com)
Hershey warns of data breach following phishing attack (therecord.media)
Nissan is investigating cyber attack and potential data breach (bleepingcomputer.com)
GST Invoice Billing Inventory exposes sensitive data to threat actors (securityaffairs.com)
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Organised Crime & Criminal Actors
Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)
Police Arrests 1000 Suspected Money Mules - Infosecurity Magazine (infosecurity-magazine.com)
Online crime risks are doubling: Are cyber criminal groups starting to merge? - Digital Journal
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)
Platypus exploiters walk free after claiming to be ‘ethical hackers’ (cointelegraph.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Insider Risk and Insider Threats
Insurance
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)
Brokers urged to deliver cyber threat message (emergingrisks.co.uk)
Hot Topics to Consider for 2024 D&O Questionnaires | Bryan Cave Leighton Paisner - JDSupra
Supply Chain and Third Parties
Third-party breaches shake the foundations of the energy sector - Help Net Security
Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)
60 US credit unions offline after cloud ransomware infection • The Register
Tipalti investigates claims of data stolen in ransomware attack (bleepingcomputer.com)
Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek
BlackCat threatens to directly extort vendor's customers • The Register
Cloud/SaaS
60 US credit unions offline after cloud ransomware infection • The Register
Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk (thehackernews.com)
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts (thehackernews.com)
More oversight needed for cloud in banking, say regulators - Tech Monitor
Encryption
Cracking Weak Cryptography Before Quantum Computing Does (darkreading.com)
HSBC tests protecting FX trading from quantum computer attacks (yahoo.com)
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek
Linux and Open Source
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)
Apple and some Linux distros are open to Bluetooth attack • The Register
Passwords, Credential Stuffing & Brute Force Attacks
75% of sports-related passwords are reused across accounts | Security Magazine
New Relic admits attack on staging systems, user accounts • The Register
After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica
23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)
Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)
Top mobile password managers could be exposing user details | TechRadar
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)
More oversight needed for cloud in banking, say regulators - Tech Monitor
Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek
SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)
Interpol Arrests Smuggler With New Biometric Screening Database (darkreading.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Sellafield nuclear site 'hit by cyber attacks from Russian and Chinese hackers' - Tech Monitor
Sellafield nuclear site under ‘robust scrutiny’ over cyber security fears (telegraph.co.uk)
UK government denies China/Russia nuke plant hack claim • The Register
Russia
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - BBC News
NCSC exposes Russian cyber attacks on UK political processes | Computer Weekly
UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador (therecord.media)
2 Russian intel officers charged with hacking into US and British government agencies (nbcnews.com)
Russia's APT8 exploited Outlook 0day to target EU NATO members (securityaffairs.com)
Fancy Bear goes phishing in US, European high-value networks • The Register
This huge Russian phishing campaign is hitting targets across the world | TechRadar
Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)
Iran
Breaches by Iran-Affiliated Hackers Spanned Multiple US States, Federal Agencies Say - SecurityWeek
US, Israel Warn of Iranian-Linked Cyber Attacks on Water Systems - Bloomberg
North Korea
Vulnerability Management
CISA says US government agency was hacked thanks to ‘end of life’ software | TechCrunch
CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop
Key drivers of software security for financial services - Help Net Security
Vulnerabilities
Sticking With Windows 10 Instead Of Upgrading? Get Ready To Pay For Security Updates (slashgear.com)
Quick: Update iPhones and Macs – WebKit security hole found • The Register
VMware Patches Critical Authentication Bypass Bug | Decipher (duo.com)
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)
Notepad++ Input Validation Flaw Leads Search Path Vulnerability (cybersecuritynews.com)
December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)
94 Vulnerabilities Patched in Android With December 2023 Security Updates - SecurityWeek
Adobe ColdFusion flaw exploited in US government agency attacks (stackdiary.com)
Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks (thehackernews.com)
Dangerous vulnerability in fleet management software seemingly ignored by vendor | CyberScoop
Future Intel, AMD and Arm CPUs Vulnerable to New 'SLAM' Attack: Researchers - SecurityWeek
Tools and Controls
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
How to recover systems in the event of a cyber attack | Computer Weekly
How Financial Institutions Can Navigate the ‘Operational Resilience' imperative (finextra.com)
How to solve 2 MFA challenges: SIM swapping and MFA fatigue | TechTarget
Why you should create a physical security standard for your company (securitybrief.co.nz)
Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard
New 'Pool Party' Process Injection Techniques Undetected by EDR Solutions - SecurityWeek
Best 10 Best Cyber Attack Maps - 2024 (cybersecuritynews.com)
Brokers urged to deliver cyber threat message (emergingrisks.co.uk)
Proactive, not reactive: the path to ensuring operational resilience in cyber security | CSO Online
Cyber Security: How to Demonstrate Resilience and Hygiene - Techopedia
Cyber Security Insurance: Once Optional, Now Essential (informationweek.com)
When Should You Replace A Cyber Security Vendor? (forbes.com)
Are companies falling behind on cyber security awareness training? | CTV News
Other News
NATO’s Flagship Cyber Exercise Concludes In Estonia – Eurasia Review
Ofcom publishes UK age verification proposals • The Register
Microsoft Hires New CISO in Major Security Shakeup - SecurityWeek
US aerospace companies are facing dangerous new cyber attacks | TechRadar
Report reveals sorry state of cyber security at UK football clubs | Computer Weekly
2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks (govtech.com)
Nuclear hack creates rising fears of cyber vulnerability in critical services (emergingrisks.co.uk)
The World Depends on 60-Year-Old Code No One Knows Anymore | PCMag
Public sector has misplaced confidence in cyber security (securitybrief.co.nz)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 June 2022
Black Arrow Cyber Threat Briefing 24 June 2022:
-The NCSC Sets Out the UK’s Cyber Threat Landscape
-We're Now Truly in The Era of Ransomware as Pure Extortion Without the Encryption
-5 Social Engineering Assumptions That Are Wrong
-Gartner: Regulation, Human Costs Will Create Stormy Cyber Security Weather Ahead
-Ransomware Attacks - This Is the Data That Cyber Criminals Really Want to Steal
-Cloud Email Threats Soar 101% in a Year
-80% of Firms Suffered Identity-Related Breaches in Last 12 Months
-After Being Breached Once, Many Companies Are Likely to Be Hit Again
-Do You Have Ransomware Insurance? Look at the Fine Print
-The Price of Stolen Info: Everything on Sale On The Dark Web
-How Companies Are Prioritizing Infosec and Compliance
-Businesses Risk ‘Catastrophic Financial Loss’ from Cyber Attacks, US Watchdog Warns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
The NCSC Sets Out the UK’s Cyber Threat Landscape
The current state of the UK’s cyber threat landscape was outlined by the National Cyber Security Centre (NCSC), during a keynote address on the final day of Infosecurity Europe 2022.
They described the cyber threats posed by nation-states, particularly Russia and China. Russia remains “one of the world’s most prolific cyber actors and dedicates significant resources to conducting cyber operations across the globe.” The NCSC and international partner organisations have attributed a number of high-profile attacks related to the conflict to Russian state actors, including the Viasat incident on the eve of the invasion of Ukraine on February 24. Therefore, the NCSC recommends that organisations prepare for a dynamic situation that is liable to change rapidly.
The NCSC emphasised that a more significant long-term threat comes from China, citing GCHQ director Jeremy Fleming’s assertion that “Russia is affecting the weather, but China is shaping the climate.” She described the nation’s “highly sophisticated” activities in cyberspace, born out of its “increasing ambitions to project its influence beyond its borders.” This includes a keen interest in the UK’s commercial secrets.
In addition to nation-state attacks, the NCSC noted that cyber crime is continuing to rise, with ransomware a continuing concern. Attacks are expected to grow in scale, with threat actors likely to increasingly target managed service providers (MSPs) to gain access to a wider range of targets. More generally, cyber capabilities will become more commoditised over the next few years, meaning they are increasingly available to a larger group of would-be attackers who are willing to pay.
https://www.infosecurity-magazine.com/news/ncsc-uk-cyber-threat-landscape/
We're Now Truly in The Era of Ransomware as Pure Extortion Without the Encryption
Increasingly cyber crime rings tracked as ransomware operators are turning toward primarily data theft and extortion – and skipping the encryption step altogether. Rather than scramble files and demand payment for the decryption keys, and all the faff in between in facilitating that, simply exfiltrating the data and demanding a fee to not leak it all is just as effective. This shift has been ongoing for many months, and is now virtually unavoidable.
The FBI and CISA this month warned about a lesser-known extortion gang called Karakurt, which demands ransoms as high as $13 million. Karakurt doesn't target any specific sectors or industries, and the gang's victims haven't had any of their documents encrypted and held to ransom. Instead, the crooks claim to have stolen data, with screenshots or copies of exfiltrated files as proof, and they threaten to sell it or leak it publicly if they don't receive a payment.
Some of these thieves offer discounted ransoms to corporations to encourage them to pay sooner, with the demanded payment getting larger the longer it takes to cough up the cash (or Bitcoin, as the case may be).
Additionally, some crime groups offer sliding-scale payment systems. So you pay for what you get, and depending on the amount of ransom paid you get a control panel, you get customer support, you get all of the tools you need."
https://www.theregister.com/2022/06/25/ransomware_gangs_extortion_feature/
5 Social Engineering Assumptions That Are Wrong
Social engineering is involved in the vast majority of cyber attacks, but a new report from Proofpoint has revealed five common social engineering assumptions that are not only wrong but are repeatedly subverted by malicious actors in their attacks.
Threat actors don’t have conversations with targets.
Legitimate services are safe from social engineering abuse.
Attackers only use computers, not telephones.
Replying to existing email conversations is safe.
Fraudsters only use business-related content as lures.
Commenting on the report’s findings, Sherrod DeGrippo, Proofpoint’s Vice-President Threat Research and Detection, stated that the vendor has attempted to debunk faulty assumptions made by organisations and security teams so they can better protect employees against cyber crime. “Despite defenders’ best efforts, cyber criminals continue to defraud, extort and ransom companies for billions of dollars annually. Security-focused decision makers have prioritised bolstering defences around physical and cloud-based infrastructure, which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviours and interests.”
Indeed, cyber criminals will go to creative and occasionally unusual lengths to carry out social engineering campaigns, making it more difficult for users to avoid falling victim to them.
Gartner: Regulation, Human Costs Will Create Stormy Cyber Security Weather Ahead
Security teams should prepare for what researchers say will be a challenging environment through 2023, with increased pressure from government regulators, partners, and threat actors.
Gartner kicked off its Security & Risk Management Summit with the release of its analysts' assessments of the work ahead, which Richard Addiscott, the company's senior director analyst, discussed during his opening keynote address.
“We can’t fall into old habits and try to treat everything the same as we did in the past,” Addiscott said. “Most security and risk leaders now recognise that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program, and our architecture.”
Topping Gartner's list of eight predictions is a rise in the government regulation of consumer privacy rights and ransomware response, a widespread shift by enterprises to unify security platforms, more zero trust, and, troublingly, the prediction that by 2025 threat actors will likely have figured out how to "weaponise operational technology environments successfully to cause human casualties”, the cyber security report said.
Ransomware Attacks - This Is the Data That Cyber Criminals Really Want to Steal
There are certain types of data that criminals target the most, according to an analysis of attacks.
Data theft and extortion has become a common – and unfortunately effective – part of ransomware attacks, where in addition to encrypting data and demanding a ransom payment for the decryption key, gangs steal information and threaten to publish it if a payment isn't received.
These so-called double extortion attacks have become an effective tool in the arsenal of ransomware gangs, who leverage them to force victims to pay up, even in cases where data could be restored from offline backups, because the threat of sensitive information being published is too great.
Any stolen data is potentially useful to ransomware gangs, but according to analysis by researchers at cyber security company Rapid7, of 161 disclosed ransomware incidents where data was published, some data is seen as more valuable than others.
According to the report, financial services is the sector that is most likely to have customer data exposed, with 82% of incidents involving ransomware gangs accessing and making threats to release this data. Stealing and publishing sensitive customer information would undermine consumer trust in financial services organisations: while being hacked in the first place would be damaging enough, some business leaders might view paying a ransom to avoid further damage caused by data leaks to be worth it.
The second most-leaked type of file in ransomware attacks against financial services firms, featuring in 59% of disclosures from victims, is employee personally identifiable information (PII) and data related to human resources.
Cloud Email Threats Soar 101% in a Year
The number of email-borne cyber-threats blocked by Trend Micro surged by triple digits last year, highlighting the continued risk from conventional attack vectors.
The vendor stopped over 33.6 million such threats reaching customers via cloud-based email in 2021, a 101% increase. This included 16.5 million phishing emails, a 138% year-on-year increase, of which 6.5 million were credential phishing attempts.
Trend Micro also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware.
The news comes as Proofpoint warned in a new report of the continued dangers posed by social engineering, and the mistaken assumptions many users make.
Many users don’t realise that threat actors may spend considerable time and effort building a rapport over email with their victims, especially if they’re trying to conduct a business email compromise (BEC) attack, it said.
https://www.infosecurity-magazine.com/news/cloud-email-threats-soar-101-in-a/
80% of Firms Suffered Identity-Related Breaches in Last 12 Months
Rapidly growing employee identities, third-party partners, and machine nodes have companies scrambling to secure credential information, software secrets, and cloud identities, according to researchers.
In a survey of IT and identity professionals from Dimensional Research, almost every organisation — 98% — experienced rapid growth in the number of identities that have to be managed, with that growth driven by expanding cloud usage, more third-party partners, and machine identities. Furthermore, businesses are also seeing an increase in breaches because of this, with 84% of firms suffering an identity-related breach in the past 12 months, compared with 79% in a previous study covering two years.
The number and complexity of identities organisations are having to manage and secure is increasing. Whenever there is an increase in identities, there is a corresponding heightened risk of identity-related breaches due to them not being properly managed and secured, and with the attack surfaces also growing exponentially, these breaches can occur on multiple fronts.
For the most part, organisations focus on employee identities, which 70% consider to be the most likely to be breached and 58% believe to have the greatest impact, according to the 2022 "Trends in Securing Digital Identities" report based on the survey. Yet third-party partners and business customers are significant sources of risk as well, with 35% and 25% of respondents considering those to be a major source of breaches, respectively.
https://www.darkreading.com/operations/identity-related-breaches-last-12-months
After Being Breached Once, Many Companies Are Likely to Be Hit Again
Cymulate announced the results of a survey, revealing that two-thirds of companies who have been hit by cyber crime in the past year have been hit more than once, with almost 10% experiencing 10 or so more attacks a year.
Research taken from 858 security professionals surveyed across North America, EMEA, APAC and LATAM across a wide range of industries including technology, banking, finance and government, also highlighted larger companies hit by cyber crime are experiencing shorter disruption time and damage to business with 40% reported low damage compared with medium-size businesses (less than 2,500 employees) which had longer recovery times and more business affecting damage.
Other highlights
40% of respondents admitted to being breached over the past 12 months.
After being breached once, statistics showed they were more likely to be hit again than not (66%).
Malware (55%), and more specifically ransomware (40%) and DDoS (32%) were the main forms of cyber attacks experienced by those surveyed.
Attacks primarily occurred via end-user phishing (56%), via third parties connected to the enterprise (37%) or direct attacks on enterprise networks (34%).
22% of companies publicly disclosed cyber attacks in the worst-case breaches, with 35% needing to hire security consultants, 12% dismissing their current security professionals and 12% hiring public relations consultants to deal with the repercussions to their reputations. Top three best practices for cyber attack prevention, mitigation and remediation include multi-factor authentication (67%), proactive corporate phishing and awareness campaigns (53%), and well-planned and practiced incident response plans (44%). Least privilege also ranked highly, at 43%.
29% of attacks come from insider threats – intentionally or unintentionally.
Leadership and cyber security teams who meet regularly to discuss risk reduction are more cyber security-ready – those who met 15 times a year incurred zero breaches whereas those who suffered six or more breaches met under nine times on average.
https://www.helpnetsecurity.com/2022/06/21/companies-hit-by-cybercrime/
Do You Have Ransomware Insurance? Look at the Fine Print
Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance.
In recent years, ransomware insurance has grown as a product field because organisations are trying to buy protection against the catastrophic effects of a successful ransomware attack. Why try to buy insurance? Well, a single, successful attack can just about wipe out a large organisation, or lead to crippling costs – NotPetya alone led to a total of $10bn in damages.
Ransomware attacks are notoriously difficult to protect against completely. Like any other potentially catastrophic event, insurers stepped in to offer an insurance product. In exchange for a premium, insurers promise to cover many of the damages resulting from a ransomware attack.
Depending on the policy, a ransomware policy could cover loss of income if the attack disrupts operations, or loss of valuable data, if data is erased due to the ransomware event. A policy may also cover you for extortion – in others, it will refund the ransom demanded by the criminal.
The exact payout and terms will of course be defined in the policy document, also called the "fine print." Critically, fine print also contains exclusions, in other words circumstances under which the policy won't pay out. And therein lies the problem.
https://thehackernews.com/2022/06/do-you-have-ransomware-insurance-look.html
The Price of Stolen Info: Everything on Sale on The Dark Web
What is the price for personal information, including credit cards and bank accounts, on the dark web?
Privacy Affairs researchers concluded that criminals using the dark web need only spend $1,115 for a complete set of a person’s account details, enabling them to create fake IDs and forge private documents, such as passports and driver’s licenses.
Access to other information is becoming even cheaper. The Dark Web Price Index 2022 – based on data scanning dark web marketplaces, forums, and websites, revealed:
Credit card details and associated information cost between $17-$120
Online banking login information costs $45
Hacked Facebook accounts cost $45
Cloned VISA with PIN cost $20
Stolen PayPal account details, with minimum $1000 balances, cost $20.
In December 2021, about 4.5 million credit cards went up for sale on the dark web, the study found. The average price ranged from $1-$20.
Scammers can buy full credit card details, including CVV number, card number, associated dates, and even the email, physical address and phone number. This enables them to penetrate the credit card processing chain, overriding any security countermeasures.
https://www.helpnetsecurity.com/2022/06/22/stolen-info-sale-dark-web/
How Companies Are Prioritising Infosec and Compliance
New research conducted by Enterprise Management Associates (EMA), examines the impact of the compliance budget on security strategy and priorities. It describes areas for which companies prioritise information security and compliance, which leaders control information security spending, how compliance has shifted the overall security strategy of the organisation, and the solutions and tools on which organisations are focusing their technology spending.
The findings cover three critical areas of an organisation’s security and compliance posture: information security and IT audit and compliance, data security and data privacy, and security and compliance spending.
One key takeaway is that merging security and compliance priorities addresses regulatory control gaps while improving the organisation’s security posture. Respondents revealed insights on how they handle compliance, who is responsible for compliance and security responsibilities, and what compliance-related security challenges organisations face.
Additional findings:
Companies found the need to shift their information security strategy to address compliance priorities (93%).
Information security and IT compliance priorities are generally aligned (89%).
Existing security tools have to address data privacy considerations going forward (76%).
Managing an organisation’s multiple IT environments and the controls that govern those environments is the greatest challenge in the IT audit and compliance space (39%).
https://www.helpnetsecurity.com/2022/06/24/companies-infosec-compliance-priorities/
Businesses Risk ‘Catastrophic Financial Loss’ from Cyber Attacks, US Watchdog Warns
A US Government watchdog has warned that private insurance companies are increasingly backing out of covering damages from major cyber attacks — leaving businesses facing “catastrophic financial loss” unless another insurance model can be found.
The growing challenge of covering cyber risk is outlined in a new report from the Government Accountability Office (GAO), which calls for a government assessment of whether a federal cyber insurance option is needed.
The report draws on threat assessments from the National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Justice, to quantify the risk of cyber attacks on critical infrastructure, identifying vulnerable technologies that might be attacked and a range of threat actors capable of exploiting them.
Citing an annual threat assessment released by the ODNI, the report finds that hacking groups linked to Russia, China, Iran, and North Korea pose the greatest threat to US infrastructure — along with certain non-state actors like organised cyber criminal gangs.
Given the wide and increasingly skilled range of actors willing to target US entities, the number of cyber incidents is rising at an alarming rate.
Threats
Ransomware
Attackers exploited a Mitel VOIP zero-day to compromise a network Security Affairs
Chinese hackers use ransomware as decoy for cyber espionage (bleepingcomputer.com)
If you don't store valuable data, ransomware is impotent • The Register
Ransomware-as-a-Service: Learn to Enhance Cyber security Approaches (analyticsinsight.net)
Mitigate Ransomware in a Remote-First World (thehackernews.com)
Delivery Firm Yodel Scrambling to Restore Operations Following Cyber attack | SecurityWeek.Com
Black Basta Ransomware Becomes Major Threat in Two Months | SecurityWeek.Com
These hackers are spreading ransomware as a distraction - to hide their cyber spying | ZDNet
Conti ransomware hacking spree breaches over 40 orgs in a month (bleepingcomputer.com)
Conti effectively created an extortion-oriented IT company, says Group-IB - Help Net Security
Conti ransomware finally shuts down data leak, negotiation sites (bleepingcomputer.com)
Conti ransomware group's pulse stops, but did it fake its own death? | Malwarebytes Labs
Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks (darkreading.com)
Cyber attack: Gloucester council services still not back to normal - BBC News
Phishing & Email Based Attacks
Your email is a major source of security risks and it's getting worse | ZDNet
New Phishing Attack Infects Devices with Cobalt Strike- IT Security Guru
Voicemail phishing emails steal Microsoft credentials • The Register
The Risk of Multichannel Phishing Is on the Horizon (darkreading.com)
Cops arrests nine suspected of stealing millions via email • The Register
Cyber criminals Use Azure Front Door in Phishing Attacks - Security Affairs
Microsoft Exchange servers hacked by new ToddyCat APT gang (bleepingcomputer.com)
Cyber attackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign (darkreading.com)
Other Social Engineering
Proofpoint: Social engineering attacks slipping past users (techtarget.com)
Inside a large-scale phishing campaign targeting millions of Facebook users - Help Net Security
Malware
RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer (thehackernews.com)
Organisations Battling Phishing Malware, Viruses the Most (darkreading.com)
This Linux botnet has found a novel way of spreading to new devices | ZDNet
New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts (thehackernews.com)
NSA warns against silly mistake in the fight against Windows malware | TechRadar
Mobile
This Android malware is so dangerous, even Google is worried | TechRadar
Google is notifying Android users targeted by Hermit government-grade spyware | TechCrunch
This phone-wiping Android banking trojan is getting nastier | ZDNet
BRATA Android Malware Group Now Classified As Advanced Persistent Threat - Infosecurity Magazine
Spurred by Roe overturn, senators seek FTC probe of iOS and Android tracking | Ars Technica
Internet of Things – IoT
Data Breaches/Leaks
US Bank Data Breach Impacts Over 1.5 Million Customers - Infosecurity Magazine
CafePress fined $500,000 for breach affecting 23 million users (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers steal $100 million from California cryptocurrency firm - CNN
DARPA study finds blockchain not as decentralised as assumed • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Supply Chain and Third Parties
Cloud/SaaS
Microsoft 365 Users in US Face Raging Spate of Attacks (darkreading.com)
Getting a Better Handle on Identity Management in the Cloud (darkreading.com)
Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service (thehackernews.com)
Identity and Access Management
Risky behaviour reduced when executives put focus on identity security - Help Net Security
Access management issues may create security holes (techtarget.com)
IAM Research: Inadequate Programs Leave Organisations Open to Cyber Attacks - MSSP Alert
Why 84% Of US Firms Hit With Identity-Related Breaches In 2021 – Information Security Buzz
Open Source
Open-source software risks persist, according to new reports | CSO Online
Less Than Half of Organisations Have Open Source Security Policy - Infosecurity Magazine
Blind trust in open source security is hurting us: Report | ZDNet
Training, Education and Awareness
Privacy
Privacy-focused Brave Search grew by 5,000% in a year (bleepingcomputer.com)
Supreme Court's Roe v. Wade reversal sparks calls for strengthening privacy - CyberScoop
Regulations, Fines and Legislation
Do Privacy and Data Protection Regulations Create as Many Problems as They Solve? | SecurityWeek.Com
Law Enforcement Action and Take Downs
Phishing gang behind millions in losses dismantled by police (bleepingcomputer.com)
Euro Police Target Crime Groups Grooming Ukrainian Refugees Online - Infosecurity Magazine
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies | SecurityWeek.Com
Italian spyware firm is hacking into iOS and Android devices, Google says | Computerworld
NSO claims 'more than 5' EU states used its Pegasus spyware • The Register
#InfosecurityEurope2022: Geopolitical Tensions a “Danger” to Cyber security - Infosecurity Magazine
Examples of Cyber Warfare #TrendTalksBizSec (trendmicro.com)
Ukraine deploys a DDoS protection service to survive the cyberwar | VentureBeat
Lithuania warns of rise in DDoS attacks against government sites (bleepingcomputer.com)
Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign (darkreading.com)
Ukrainian cyber security officials disclose two new hacking campaigns - IT Security Guru
Scalper bots out of control in Israel, selling state appointments (bleepingcomputer.com)
Research questions potentially dangerous implications of Ukraine's IT Army - CyberScoop
Lithuania under cyber-attack after ban on Russian railway goodsSecurity Affairs
Nation State Actors
Nation State Actors – Russia
Russia Steps Up Cyber-Espionage Against Ukraine Allies - Infosecurity Magazine
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug | Threatpost
Russian APT28 hacker accused of the NATO think tank hack in Germany - Security Affairs
Russia fines Google for spreading ‘unreliable’ info defaming its army (bleepingcomputer.com)
Nation State Actors – China
Chinese APT 'Bronze Starlight' Uses Ransomware to Disguise Cyberespionage | SecurityWeek.Com
Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor - Security Affairs
Chinese hackers target script kiddies with info-stealer trojan (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc APT
Vulnerability Management
Vulnerabilities
Cisco warns of security holes in its security appliances • The Register
Google Patches 14 Vulnerabilities With Release of Chrome 103 | SecurityWeek.Com
Cisco will not address critical RCE in end-of-life Small Business RV routers - Security Affairs
Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild - Security Affairs
Oracle spent 6 months to fix 'Mega' flaws in the Fusion Middleware - Security Affairs
Researchers criticize Oracle's vulnerability disclosure process (techtarget.com)
Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks (thehackernews.com)
Sector Specific
Financial Services Sector
Flagstar Bank discloses data breach impacting 1.5 million customers (bleepingcomputer.com)
7 Cyber security Best Practices for Financial Services Firms - MSSP Alert
Why Financial Institutions Must Double Down on Open Source Investments (darkreading.com)
SMBs – Small and Medium Businesses
How tool sprawl is becoming a common issue for SMEs - Help Net Security
Middle market companies under attack: Threats coming from all directions - Help Net Security
#InfosecurityEurope2022: How Should SMEs Defend Against Cyber-Risks? - Infosecurity Magazine
Legal
Health/Medical/Pharma Sector
Retail/eCommerce
Magecart attacks are still around. And they are becoming more stealthy | ZDNet
Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign- IT Security Guru
Manufacturing
CNI, OT, ICS, IIoT and SCADA
Reports Published in the Last Week
Other News
Threat Intelligence Services Are Universally Valued by IT Staff (darkreading.com)
Security pros increasingly plan to adopt MDR services in the next 12 months - Help Net Security
Board members and the C-suite need secure communication tools - Help Net Security
Adobe Acrobat may block antivirus tools from monitoring PDF files (bleepingcomputer.com)
7 Ways to Avoid Worst-Case Cyber Scenarios (darkreading.com)
3 threats dirty data poses to the enterprise (techtarget.com)
Data recovery depends on how good your backup strategy is - Help Net Security
Unsecured APIs Could Be Costing Firms $75bn Per Year - Infosecurity Magazine
The Rise, Fall, and Rebirth of the Presumption of Compromise (darkreading.com)
#InfosecurityEurope2022: Are You Prepared For The Next Big Crisis? - Infosecurity Magazine
Ongoing PowerShell security threats prompt a call to action (techtarget.com)
Despite known security issues, VPN usage continues to thrive - Help Net Security
Space-based assets aren’t immune to cyber attacks | CSO Online
Cyber security expert on how $13K of fuel was stolen from station (wtvr.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 April 2022
Black Arrow Cyber Threat Briefing 08 April 2022
-Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report"
-New Android Banking Malware Remotely Takes Control of Your Device
-Network Intrusion Detections Skyrocketing
-Organisations Underestimating the Seriousness Of Insider Threats
-Watch Out For Phishing Emails From Genuine Mailing Lists, Following Mailchimp Hack
-SpringShell Attacks Target About One in Six Vulnerable Orgs
-New Threat Group Underscores Mounting Concerns Over Russian Cyber Threats
-Consumer Fraud Tripled in The Last Two Years
-Borat RAT: Multiple Threat of Ransomware, DDoS and Spyware
-Bank Had No Firewall License, Intrusion or Phishing Protection – Guess The Rest
-Global APT Groups Use Ukraine War for Phishing Lures
-Paying Ransom Doesn’t Guarantee Data Recovery
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report"
CyberEdge Group, a leading research and marketing firm serving the cyber security industry’s top vendors, announced the launch of its ninth annual Cyberthreat Defense Report (CDR). The award-winning CDR is the standard for assessing organisations’ security posture, gauging perceptions of information technology (IT) security professionals, and ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions.
A record 71% of organisations were impacted by successful ransomware attacks last year, according to the 2022 CDR, up from 55% in 2017. Of those that were victimised, nearly two-thirds (63%) paid the requested ransom, up from 39% in 2017.
New Android Banking Malware Remotely Takes Control of Your Device
A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud.
Octo is an evolved Android malware based on ExoCompact, a malware variant based on the Exo trojan that quit the cyber crime space and had its source code leaked in 2018.
The new variant has been discovered by researchers at ThreatFabric, who observed several users looking to purchase it on darknet forums.
Network Intrusion Detections Skyrocketing
A WatchGuard report shows a record number of evasive network malware detections with advanced threats increasing by 33%, indicating a higher level of zero day threats than ever before.
Researchers detected malware threats in EMEA at a much higher rate than other regions of the world in Q4 2021, with malware detections per Firebox at 49%, compared to Americas at 23% and APAC at 29%. The trajectory of network intrusion detections also continued its upward climb with the largest total detections of any quarter in the last three years and a 39% increase quarter over quarter.
Researchers suggest that this may be due to the continued targeting of old vulnerabilities as well as the growth in organisations’ networks. As new devices come online and old vulnerabilities remain unpatched, network security is becoming more complex.
https://www.helpnetsecurity.com/2022/04/08/network-malware-detections/
Organisations Underestimating the Seriousness of Insider Threats
Imperva releases data that shows organisations are failing to address the issue of insider threats during a time when the risk is at its greatest.
New research, conducted by Forrester, found that 59% of incidents in EMEA organisations that negatively impacted sensitive data in the last 12 months were caused by insider threats, and yet 59% do not prioritise insider threats the way they prioritise external threats. Despite the fact that insider events occur more often than external ones, they receive lower levels of investment.
This approach is at odds with today’s threat landscape where the risk of malicious insiders has never been higher. The rapid shift to remote working means many employees are now outside the typical security controls that organisations employ, making it harder to detect and prevent insider threats.
Further, the Great Resignation is creating an environment where there is a higher risk of employees stealing data. This data could be stolen intentionally by people looking to help themselves in future employment, because they are disgruntled and want revenge, or it could be taken unintentionally when a careless employee leaves the business with important information.
https://www.helpnetsecurity.com/2022/04/08/organizations-insider-threats-issue/
Watch Out for Phishing Emails from Genuine Mailing Lists, Following Mailchimp Hack
A Mailchimp hack means that you’ll want to be even more vigilant than usual about phishing emails. Attackers have taken a clever approach to making their emails appear genuine …
When you subscribe to an email list, there’s a decent chance that the emails you received are actually sent by a company called Mailchimp, rather than directly by the company itself. Mailchimp offers companies a range of tools that make it easy to manage email databases, and send marketing emails and newsletters.
Hackers managed to gain access to more than 100 Mailchimp customer accounts, giving them the ability to send emails that would appear to have come from any one of those businesses.
Users will need to be more vigilant when receiving emails and avoid clicking on links in emails, even if they appear genuine.
https://9to5mac.com/2022/04/05/mailchimp-hack-phishing-alert/
SpringShell Attacks Target About One in Six Vulnerable Orgs
Roughly one out of six organisations worldwide that are impacted by the Spring4Shell zero-day vulnerability have already been targeted by threat actors, according to statistics from one cyber security company.
The exploitation attempts took place in the first four days since the disclosure of the severe remote code execution (RCE) flaw, tracked as CVE-2022-22965, and the associated exploit code.
According to Check Point, who compiled the report based on their telemetry data, 37,000 Spring4Shell attacks were detected over the past weekend alone.
New Threat Group Underscores Mounting Concerns Over Russian Cyber Threats
Crowdstrike says Ember Bear is likely responsible for the wiper attack against Ukrainian networks and that future Russian cyber attacks might target the West.
As fears mount over the prospects of a “cyberwar” initiated by the Russian government, the number of identified Russian threat actors also continues to climb. Last week CrowdStrike publicly revealed a Russia-nexus state-sponsored actor that it tracks as Ember Bear.
CrowdStrike says that Ember Bear (also known as UAC-0056, Lorec53, Lorec Bear, Bleeding Bear, Saint Bear) is likely an intelligence-gathering adversary group that has operated against government and military organisations in eastern Europe since early 2021. The group seems “motivated to weaponize the access and data obtained during their intrusions to support information operations (IO) aimed at creating public mistrust in targeted institutions and degrading government ability to counter Russian cyber operations,” according to CrowdStrike intelligence.
Despite its state-sponsored Russia nexus, Ember Bear differs from its better-known kin such as Fancy Bear or Voodoo Bear because CrowdStrike can’t tie it to a specific Russian organisation. Its target profile, assessed intent, and technical tactics, techniques, and procedures (TTPs) are consistent with other Russian GRU cyber operations.
Consumer Fraud Tripled in The Last Two Years
Reported cases of consumer fraud more than tripled in the years 2020-2021 from prior years, finds a new report by Accenture, presenting a growing challenge for public safety agencies to find new strategies to counter the trend.
The report compiled data from eight developed nations (Australia, Canada, France, Germany, Italy, Singapore, the United Kingdom, and the United States) on consumer fraud, defined as any fraud directly targeting citizens and excluding fraud targeting government agencies and companies. Reports of such fraud increased at an estimated 6.8% rate annually during 2013-2019 and then increased to a 22.5% annual growth rate yearly during 2020-2021 in parallel with the large shift of workers and consumers to digital channels and greater use of technology during the pandemic.
https://www.helpnetsecurity.com/2022/04/08/consumer-fraud-tripled/
Borat RAT: Multiple Threat of Ransomware, DDoS and Spyware
A new remote access trojan (RAT) dubbed "Borat" doesn't come with many laughs but offers bad actors a menu of cyberthreats to choose from.
RATs are typically used by cyber criminals to get full control of a victim's system, enabling them to access files and network resources and manipulate the mouse and keyboard. Borat does all this and also delivers features to enable hackers to run ransomware, distributed denial of service attacks (DDoS) and other online assaults and to install spyware, according to researchers at cyber security biz Cyble.
"The Borat RAT provides a dashboard to Threat Actors (TAs) to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim's machine," the researchers wrote in a blog post, noting the malware is being made available for sale to hackers.
Borat – named after the character made famous by actor Sacha Baron Cohen in two comedy films – comes with the standard requisite of RAT features in a package that includes such functions as builder binary, server certificate and supporting modules.
https://www.theregister.com/2022/04/04/borat-rat-ransomware-ddos/
Bank Had No Firewall License, Intrusion or Phishing Protection – Guess the Rest
An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees.
The unfortunate institution is called the Andra Pradesh Mahesh Co-Operative Urban Bank. Its 45 branches and just under $400 million of deposits make it one of India's smaller banks.
It certainly thinks small about security – at least according to Hyderabad City Police, which last week detailed an attack on the Bank that started with over 200 phishing emails being sent across three days in November 2021. At least one of those mails succeeded in fooling staff, resulting in the installation of a Remote Access Trojan (RAT).
Another technology the bank had chosen not to adopt was virtual LANs, so once the RAT went to work the attackers gained entry to the Bank's systems and were able to roam widely – even in its core banking application
https://www.theregister.com/2022/04/05/mahesh_bank_no_firewall_attack/
Global APT Groups Use Ukraine War for Phishing Lures
Security researchers have detected multiple APT campaigns leveraging Ukraine war-themed documents and news sources to lure victims into clicking on spear-phishing links.
Check Point Research said victim locations ranged from South America to the Middle East, with malware downloads designed to perform keylogging and screenshotting and execute commands.
The threat groups in question include El Machete, which is targeting the financial and government sectors in Nicaragua and Venezuela with malicious macro-laden Word documents containing articles on the war.
One of the docs was an article written by the Russian ambassador to Nicaragua titled: “Dark plans of the neo-Nazi regime in Ukraine.”
Another is Lyceum, an Iranian state-linked group targeting the energy sector with emails about war crimes in Ukraine that link to a malicious document hosted elsewhere. Its victims so far have been in Israel and Saudi Arabia, according to Check Point.
One email contained a link to an article from The Guardian hosted on the news-spot[.]live domain, alongside several malicious docs about the war.
https://www.infosecurity-magazine.com/news/global-apt-ukraine-war-phishing/
Paying Ransom Doesn’t Guarantee Data Recovery
OwnBackup announced the findings of a global survey conducted by Enterprise Strategy Group (ESG) that reveals a staggering 79% of respondent organisations have been targeted by ransomware within the past 12 months. Of those organisations, nearly three quarters said the attack was successful, meaning that it disrupted business operations.
Other key findings
· Of the respondents that said their organisation paid a cyber ransom to regain access to data, applications, and/or systems after an attack, only 14% were able to recover all of their data.
· 87% of respondents who made ransom payments said that they experienced additional extortion attempts beyond the initial ransomware demand.
· 31% of respondent organisations targeted by ransomware indicated that application user and permission misconfigurations were the initial point of compromise.
· 87% of respondents are very or somewhat concerned about their backups being infected by ransomware attacks.
https://www.helpnetsecurity.com/2022/04/07/organizations-targeted-by-ransomware/
Threats
Ransomware
March Ransomware Attacks Strike Finance, Government Targets (techtarget.com)
Why Paying The Ransom Isn’t The Answer For Ransomware Victims - Information Security Buzz
Companies Are More Prepared to Pay Ransoms Than Ever Before (tripwire.com)
Conti Ransomware Deployed in IcedID Banking Trojan Attack (techtarget.com)
Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (thehackernews.com)
Notorious Hacking Group FIN7 Adds Ransomware to Its Repertoire - CyberScoop
BlackCat Purveyor Shows Ransomware Operators Have 9 Lives (darkreading.com)
FIN7 Hackers Evolve Toolset, Work with Multiple Ransomware Gangs (bleepingcomputer.com)
LockBit Ransomware Attack Costs CRM Services Provider Over $42 Million - MSSP Alert
Snap-on Discloses Data Breach Claimed by Conti Ransomware Gang (bleepingcomputer.com)
Phishing & Email Based Attacks
Other Social Engineering
Malware
Borat RAT Malware: A 'Unique' Triple Threat That Is Far from Funny | ZDNet
Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware (thehackernews.com)
Malicious Web Redirect Service Infects 16,500 Sites to Push Malware (bleepingcomputer.com)
Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems (thehackernews.com)
Mobile
44 Vulnerabilities Patched in Android With April 2022 Security Updates | SecurityWeek.Com
Samsung Security Flaw Left Phones Exposed for Years (androidpolice.com)
SharkBot Android Malware Continues Popping Up on Google Play | SecurityWeek.Com
Android Apps With 45 Million Installs Used Data Harvesting SDK (bleepingcomputer.com)
New Android Spyware Uses Turla-Linked Infrastructure | SecurityWeek.Com
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Crypto 2022: Hackers Have Nabbed $1.22 Billion Already (yahoo.com)
Malicious Crypto Miners Can Make A Profit In A Few Hours - Help Net Security
Malicious Actors Targeting the Cloud For Cryptocurrency-Mining Activities - Help Net Security
Cryptocurrency-Mining AWS Lambda-Specific Malware Spotted • The Register
MailChimp Breached, Intruders Conducted Phishing Attacks Against Crypto Customers - Security Affairs
Turkey Seeks 40,000-Year Sentences for Alleged Cryptocurrency Exit Scammers | ZDNet
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Traditional Identity Fraud Losses Soar, Totalling $52 Billion in 2021 - Help Net Security
South African and US Officers Swoop on Fraud Gang - Infosecurity Magazine
Insurance
Supply Chain
Cloud
The Importance of Understanding Cloud Native Security Risks - Help Net Security
15 Cyber Security Measures for the Cloud Era - Security Affairs
Privacy
How You’re Still Being Tracked on the Internet - The New York Times (nytimes.com)
Using Google's Chrome Browser? This New Feature Will Help You Fix Your Security Settings | ZDNet
Passwords & Credential Stuffing
Travel
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
Nation State Actors – Russia
The Russian Cyber Attack Threat Might Force a New IT Stance | Computerworld
FBI Operation Aims to Take Down Massive Russian GRU Botnet | TechCrunch
Microsoft Sinkholes Russian Hacking Group's Domains Targeting Ukraine (darkreading.com)
FBI Disrupts Russian Military Hackers, Preventing Botnet Amid Ukraine War | Fox News
Russia (still) Trying To Weaponize Facebook Amid Ukraine War • The Register
Nation State Actors – China
Symantec: Chinese APT Group Targeting Global MSPs | SecurityWeek.Com
Chinese Hackers Are Using VLC Media Player to Launch Malware Attacks (androidpolice.com)
Hacked: Inside the US-China Cyberwar | Cybersecurity | Al Jazeera
China Uses AI Software to Improve Its Surveillance Capabilities | Reuters
Nation State Actors – Misc
Vulnerabilities
CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability (thehackernews.com)
Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug (bleepingcomputer.com)
A Vulnerability in Zyxel Firewall Could Allow for Authentication Bypass (cisecurity.org)
Spring4Shell Patching Is Going Slow but Risk Not Comparable To Log4Shell | CSO Online
Apple Leaves Big Sur, Catalina Exposed to Critical Flaws: Intego | SecurityWeek.Com
A Mirai-Based Botnet Is Exploiting the Spring4Shell Vulnerability - Security Affairs
Steady Rise in Severe Web Vulnerabilities - Help Net Security
ACF WordPress Plugin Vulnerability Affects Up To +2 Million Sites (searchenginejournal.com)
Zero Days Are for Life, Not Just For Christmas. Here’s How to Deal With Them • The Register
Sector Specific
Financial Services Sector
FinTech
Health/Medical/Pharma Sector
Manufacturing
CNI, OT, ICS, IIoT and SCADA
Europe Warned About Cyber Threat to Industrial Infrastructure | SecurityWeek.Com
BlackCat Ransomware Targets Industrial Companies | SecurityWeek.Com
Energy & Utilities
Reports Published in the Last Week
Other News
Okta CEO Says Lapsus$ Hack is 'Big Deal,' Aims to Restore Trust (yahoo.com)
86% of Developers Don't Prioritise Application Security - Help Net Security
Digital Transformation Requires Security Intelligence - Help Net Security
Government Officials: AI Threat Detection Still Needs Humans (techtarget.com)
The Original APT: Advanced Persistent Teenagers – Krebs on Security
How Many Steps Does It Take for Attackers To Compromise Critical Assets? - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.