Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 05 April 2024
Black Arrow Cyber Threat Intelligence Briefing 05 April 2024:
-Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns
-Ransomware Incidents Reported to UK Financial Regulator Doubled
-Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023
-Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023
-AI Abuse and Misinformation Campaigns Threaten Financial Institutions
-Security Teams are ‘Overconfident’ About Handling Next-Gen Threats
-AI Makes Phishing Attacks Accessible to Basic Users
-Cyber Attacks Wreaking Physical Disruption on the Rise
-73% Brace for Cyber Security Impact on Business in Next Two Years
-To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset
-Cyber Security Imperative for Protecting Executives
-The Increasing Role of Cyber Security Experts in Complex Legal Disputes
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns
According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.
Sources: [Help Net Security ] [Dark Reading]
Ransomware Incidents Reported to UK Financial Regulator Doubled
The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.
Sources: [Digital Journal] [Digital Journal]
Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023
According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.
A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.
To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.
Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]
Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023
According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.
The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.
Sources: [Infosecurity Magazine] [Infosecurity Magazine]
AI Abuse and Misinformation Campaigns Threaten Financial Institutions
According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.
Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”
Source: [Help Net Security]
Security Teams are ‘Overconfident’ About Handling Next-Gen Threats
In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.
Source: [CSO Online]
AI Makes Phishing Attacks Accessible to Basic Users
One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.
Source: [The Economic Times]
Cyber Attacks Wreaking Physical Disruption on the Rise
According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.
Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.
Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.
Source: [Dark Reading]
73% Brace for Cyber Security Impact on Business in Next Two Years
A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.
Source: [Help Net Security]
To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset
2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.
Source: [IBTimes]
Cyber Security Imperative for Protecting Executives
The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.
Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.
Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.
Source: [Forbes]
The Increasing Role of Cyber Security Experts in Complex Legal Disputes
Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.
Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.
Source: [JDSupra]
Governance, Risk and Compliance
Ransomware incidents reported to UK financial regulator have doubled - Digital Journal
AI abuse and misinformation campaigns threaten financial institutions - Help Net Security
The Big Question: Are SMEs now at the forefront of cyber risks? - Emerging Risks Media Ltd
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week
Security teams are ‘overconfident’ about handling next-gen threats | CSO Online
Banks told to expand risk management to cover AI (finextra.com)
Corporations With Cyber Governance Create 4X More Value (darkreading.com)
Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ
73% brace for cyber security impact on business in the next year or two - Help Net Security
Businesses overestimating their skills amid cyber security crisis, survey reveals (holyrood.com)
Why your data isn’t as safe as you think and what it could cost you - IT Security Guru
Unspoken Battle: Cyber Security Imperative For Protecting Executives (forbes.com)
Businesses must prioritise prevention to lock out online threats (yahoo.com)
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Lessons from the World's Costliest Corporate Cyber Attacks - Management Today
Three trends set to drive cyber attacks in 2024 (networkingplus.co.uk)
Why Cyber Security Is a Whole-of-Society Issue (darkreading.com)
Instilling the Hacker Mindset Organisationwide (darkreading.com)
How CISOs Can Make Cyber Security a Long-Term Priority for Boards (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Cyber security incidences surge in the UK financial services sector - Digital Journal
Ransomware attacks rise by 46% in February 2024, finds NCC Group (securitybrief.co.nz)
RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Trend Micro: LockBit ransomware gang's comeback is failing | TechTarget
Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)
Ransomware Victims
Ransomware attacks ravaged municipal governments in March | TechTarget
NHS Scotland confirms ransomware attackers leaked patients' data - Help Net Security
Yacht retailer MarineMax discloses data breach after cyber attack (bleepingcomputer.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Ransomware gang leaks UK city council’s confidential files • The Register
Omni Hotels confirms cyber attack behind ongoing IT outage (bleepingcomputer.com)
World’s second-largest lens-maker blinded by cyber incident • The Register
Phishing & Email Based Attacks
This new phishing attack targets iPhone and Android alike via RCS | TechRadar
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
$1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)
Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff – POLITICO
Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)
Phishing Attacks Targeting Political Parties, Germany Warns (govinfosecurity.com)
A phish by any other name should still not be clicked – Computerworld
Google now blocks spoofed emails for better phishing protection (bleepingcomputer.com)
New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (thehackernews.com)
Microsoft Teams phishing attacks and how to prevent them | TechTarget
Artificial Intelligence
Banks told to expand risk management to cover AI (finextra.com)
AI abuse and misinformation campaigns threaten financial institutions - Help Net Security
22% of employees admit to breaching company rules with GenAI - Help Net Security
6 Prompts You Don't Want Employees Putting in Microsoft Copilot (bleepingcomputer.com)
Microsoft Copilot Blocked on US Congress Devices Over Security Concerns | Cryptopolitan
Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)
Microsoft Announces New Safety System to Filter Malicious AI Output | Extremetech
Microsoft GM on AI and elections: 'There will be fakes' • The Register
The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)
Chinese hackers turn to AI to meddle in elections | CyberScoop
Security and AI occupy SME thoughts | Microscope (computerweekly.com)
Malware
Escalating malware tactics drive global cyber crime epidemic - Help Net Security
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)
TheMoon Malware Rises Again with Malicious Botnet for Hire (darkreading.com)
Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (thehackernews.com)
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (thehackernews.com)
Botnets: The uninvited guests that just won’t leave | CSO Online
Detecting Windows-based Malware Through Better Visibility (thehackernews.com)
Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar
Europe subjected to Mispadu trojan attacks | SC Media (scmagazine.com)
YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)
The Biggest Takeaways from Recent Malware Attacks (bleepingcomputer.com)
Thousands of Australian Businesses Targeted With RAT (darkreading.com)
Mobile
This new phishing attack targets iPhone and Android alike via RCS | TechRadar
2 wireless protocols expose mobile users to spying — the FCC wants to fix that - Nextgov/FCW
Location tracking and the battle for digital privacy - Help Net Security
How and why to enable Stolen Device Protection on your iPhone (idownloadblog.com)
Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Porsche Kills Two More Models Due to Cyber Security Regulations - autoevolution
UK Encouraged to Prioritise Cyber Security with Electric Vehicle Charging Points - Electrical Times
Data Breaches/Leaks
Highly sensitive files mysteriously disappeared from EUROPOL headquarters (securityaffairs.com)
Almost 2.9M impacted by Harvard Pilgrim Health Care breach | SC Media (scmagazine.com)
Ivanti-linked breach of CISA potentially affected more than 100,000 individuals | CyberScoop
Prudential Insurance says data of 36,000 exposed during February cyber attack (therecord.media)
Hotel Self Check-In Kiosks Exposed Room Access Codes - Security Week
Nearly 1M medical records feared stolen from City of Hope • The Register
SurveyLama data breach exposes info of 4.4 million users (bleepingcomputer.com)
Cyber criminals steal data of around 700,000 Apotheka pharmacy customers | News | ERR
PandaBuy data breach allegedly impacted +1.3M customers (securityaffairs.com)
OWASP discloses breach due to a Wiki web server misconfig • The Register
US cancer center data breach exposes info of 827,000 patients (bleepingcomputer.com)
Organised Crime & Criminal Actors
Escalating malware tactics drive global cyber crime epidemic - Help Net Security
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week
Rise of non-tech hackers: new era of cyber threats - VnExpress International
India rescuing citizens forced into cyber fraud schemes in Cambodia | Reuters
Cyber criminal adoption of browser fingerprinting - Help Net Security
With just $700 and a Raspberry Pi — you too can become a cyber criminal | TechRadar
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX founder Sam Bankman-Fried sentenced to 25 years for crypto fraud (cnbc.com)
$1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)
Insider Risk and Insider Threats
Human risk is the top cyber threat for IT teams - Help Net Security
Instilling the Hacker Mindset Organisation wide (darkreading.com)
Insurance
Can cyber insurance help secure business? | Mint (livemint.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Supply Chain and Third Parties
Cloud/SaaS
How much does cloud-based identity expand your attack surface? - Help Net Security
Who owns your data? SaaS contract security, privacy red flags | CSO Online
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
Identity and Access Management
Linux and Open Source
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking (thehackernews.com)
Red Hat warns of backdoor in XZ tools used by most Linux distros (bleepingcomputer.com)
A new XZ backdoor scanner will be able to safeguard any Linux binary from threats (msn.com)
What we know about the xz Utils backdoor that almost infected the world | Ars Technica
Malicious xz backdoor reveals fragility of open source • The Register
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)
German state switches to LibreOffice, promises Windows move • The Register
Passwords, Credential Stuffing & Brute Force Attacks
Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)
American fast-fashion firm Hot Topic hit by credential stuffing attacks (securityaffairs.com)
Social Media
WhatsApp was down in Meta’s second big outage this year | TechCrunch
YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)
Malvertising
Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar
New Chrome feature aims to stop hackers from using stolen cookies (bleepingcomputer.com)
Training, Education and Awareness
Human risk is the top cyber threat for IT teams - Help Net Security
Instilling the Hacker Mindset Organisation wide (darkreading.com)
Regulations, Fines and Legislation
Ransomware incidents reported to UK financial regulator have doubled - Digital Journal
EU's reimagined NIS 2 cyber security vision to go live (electronicspecifier.com)
6 business benefits of data protection and GDPR compliance | TechTarget
Treasury accuses banks of 'insufficient data sharing' on fraud | American Banker
A CISO's Guide to Materiality and Risk Determination (darkreading.com)
Models, Frameworks and Standards
Using the NIST CSF for Strong Cyber Security Compliance | NAVEX - JDSupra
NIST And CISA: 13 Must-Review Resources For SMBs (forbes.com)
Are businesses prepared for the CSF 2.0 challenge? - Digital Journal
Backup and Recovery
World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)
Data protection vs. data backup: How are they different? | TechTarget
Data Protection
6 business benefits of data protection and GDPR compliance | TechTarget
How to conduct a data privacy audit, step by step | TechTarget
Data protection vs. data backup: How are they different? | TechTarget
Careers, Working in Cyber and Information Security
The Complexity and Need to Manage Mental Well-Being in the Security Team - Security Week
Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ
Unlocking Cyber Security Success: The Importance of Certifications - ClearanceJobs
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Are you okay? Understanding the world of a CISO | CSO Online
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Wars prompt questions for facial recognition providers, and obscure the answers | Biometric Update
UN Peace Operations Under Fire from State-Sponsored Hackers (darkreading.com)
Nation State Actors
China
UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal – POLITICO
Pulling the Curtain Back on China’s Cyberespionage (informationweek.com)
MPs challenge government claims China cyber attack was unsuccessful (ft.com)
Chinese hackers turn to AI to meddle in elections | CyberScoop
UK, Czech ministers among China’s hacking targets – POLITICO
Security fears over supercomputer deal with Chinese firm Lenovo (thetimes.co.uk)
Russia
Ukraine gives award to foreign vigilantes for hacks on Russia - BBC News
STA: Russian hackers take responsibility for cyber attack on Slovenia
Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny | CNN Politics
Russian network that 'paid European politicians' busted, authorities claim - BBC News
Russia charges suspects behind theft of 160,000 credit cards (bleepingcomputer.com)
Iran
Iran's Evolving Cyber Enabled Influence Operations to Support Hamas (darkreading.com)
Satellite Cyber Security, Iran, and the Israel-Hamas War | Geopolitical Monitor
North Korea
Vulnerability Management
CVE and NVD - A Weak and Fractured Source of Vulnerability Truth - Security Week
Attack Surface Management vs. Vulnerability Management (thehackernews.com)
Vulnerabilities
Are You Affected by the Backdoor in XZ Utils? (darkreading.com)
Red Hat issues urgent alert for Fedora Linux users due to malicious code (betanews.com)
Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)
Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)
Cisco addressed high-severity flaws in IOS and IOS XE software (securityaffairs.com)
Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure (thehackernews.com)
Apple GoFetch was caused by an obsession with speed • The Register
Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! - Security Week
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (thehackernews.com)
Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems - Security Week
Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)
Splunk Patches Vulnerabilities in Enterprise Product - Security Week
JetBrains fixes 26 'security problems,' offering no details • The Register
Tools and Controls
RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)
New XZ backdoor scanner detects implant in any Linux binary (bleepingcomputer.com)
The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)
How much does cloud-based identity expand your attack surface? - Help Net Security
How Pentesting-as-a-Service can Reduce Overall Security Costs (bleepingcomputer.com)
Building a cyber security risk assessment template - Security Boulevard
Microsoft unveils safety and security tools for generative AI | InfoWorld
The Biggest Mistake Security Teams Make When Buying Tools (darkreading.com)
World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
Can cyber insurance help secure business? | Mint (livemint.com)
71% Website Vulnerable: API Security Becomes Prime Target for Hackers - Security Boulevard
Old Technology, New Tricks: Why DNS Is Still A Major Security Target (forbes.com)
Cyber Risk Management: A Beginner's Guide - Security Boulevard
Microsoft Entra Recommendations adds several more for better user security - Neowin
A CISO's Guide to Materiality and Risk Determination (darkreading.com)
Attack Surface Management vs. Vulnerability Management (thehackernews.com)
Why a Cloud Security Platform Approach is Critical | Trend Micro (US)
The Importance Of Physical Cyber Security Testing (forbes.com)
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Human risk is the top cyber threat for IT teams - Help Net Security
Data protection vs. data backup: How are they different? | TechTarget
SIEM Implementation: Strategies and Best Practices | MSSP Alert
Is Windows Defender All the Antivirus Protection You Need? (makeuseof.com)
Other News
Cyber Attacks Wreaking Physical Disruption on the Rise (darkreading.com)
Cyber Safety Review Board: Microsoft security culture 'inadequate' (geekwire.com)
Microsoft slammed for lax infosec that led to Exchange crack • The Register
Infosec professionals praise CSRB report on Microsoft breach | TechTarget
76% of consumers don't see themselves as cyber crime targets - Help Net Security
Shielding the lifelines: Protecting energy and infrastructure from cyber threats (betanews.com)
Cyber Security Statistics In 2024: Is Your Law Firm Protected? - Above the Law
Sellafield nuclear waste dump faces prosecution over cyber security failures (bitdefender.com)
Australia Doubles Down On Cyber Security After Attacks (darkreading.com)
Furry Hackers Use Church's Money To Buy Inflatable Sea Lions (dailydot.com)
Windows 10 Support Deadline: Your Guide to Extended Security Updates (ESU) (mspoweruser.com)
Healthcare's cyber resilience under siege as attacks multiply - Help Net Security
Rise of non-tech hackers: new era of cyber threats - VnExpress International
Why Cultural Institutions Are Rich Targets for Cyber Attackers (informationweek.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 November 2023
Black Arrow Cyber Threat Intelligence Briefing 17 November 2023:
-Cyber Resilience Requires Maturity, Persistence & Board Engagement
-Security is a Process, Not a Tool
-46% of SMBs and Enterprises Have Experienced a Ransomware Attack
-Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
-67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
-The Persistent Menace: Understanding And Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
-Financial Services still Stubbornly Vulnerable to Cyber Disruption
-Worlds Biggest Bank Hit by Ransomware, Workers Forced to Trade With USB Sticks
-NCSC Warns UK Over Significant Threat to Critical Infrastructure
-Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
-Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
-Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Resilience Requires Maturity, Persistence & Board Engagement
Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.
Source: [Dark Reading]
Security is a Process, not a Tool
The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.
Source: [Dark Reading]
46% of SMBs and Enterprises Have Experienced a Ransomware Attack
A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.
Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.
Source: [Security Magazine] [IT Business]
Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.
Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.
Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.
Source: [welivesecurity]
67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.
Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.
Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.
Sources: [Tech Radar] [the HR Director]
The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.
This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.
Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups. Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Forbes] [Infosecurity Magazine] [ITPro]
Financial Services Still Stubbornly Vulnerable to Cyber Disruption
A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.
According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.
Source: [FTAdviser]
World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks
The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.
Sources: [SC Media] [Bit Defender]
NCSC Warns UK Over Significant Threat to Critical Infrastructure
The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.
The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.
They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.
For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.
This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.
Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]
Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.
Sources: [Infosecurity Magazine] [Bleeping Computer]
Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).
Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.
Source: [TechRadar]
Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.
It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CSO Online]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
29% of organisations cite data loss as top security breach result | Security Magazine
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)
Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar
6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
Should cyber security overconfidence be on your threat radar? | TechRadar
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Every Business Owner Should Be Thinking About Improving Online Security | Inc.com
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)
How to withstand the onslaught of cyber security threats - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Law practices and government agencies experience the largest ransomware spikes - Digital Journal
Orgs still losing logs, powerless to speedy ransomware • The Register
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine
Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
The Persistent Menace: Understanding And Combating Ransomware (forbes.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Ransomware tracker: The latest figures [November 2023] (therecord.media)
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)
Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Uncovering the ransomware threat from global supply chains | ITPro
Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Success eludes the International Counter Ransomware Initiative - Help Net Security
New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)
How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)
Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)
New approaches to fighting ransomware are emerging | Mimecast
FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK
FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)
FBI pumping 'significant' resources into Scattered Spider • The Register
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)
It ain’t what you store, it’s the way you restore it. • The Register
Ransomware Victims
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
How a cyber attack crippled the world's largest bank for hours | Euronews
ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)
FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)
Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)
Tri-City Medical Center cyber attack impacting patient care (10news.com)
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
LockBit leaks Boeing files after failed ransom negotiations • The Register
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
British Library’s Halloween cyber scare was ransomware | Computer Weekly
Royal Mail ransomware recovery to cost at least $12 million • The Register
9 million patients had data stolen after US medical transcription firm hacked | TechCrunch
Clorox CISO flushes self after multimillion-dollar attack • The Register
Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)
Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News
Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)
Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week
Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)
Stellantis production affected by cyber attack at auto supplier - The Columbian
Phishing & Email Based Attacks
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)
Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)
Artificial Intelligence
UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)
UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK
AI disinformation campaigns pose major threat to 2024 elections - Help Net Security
Microsoft blocks internal access to ChatGPT over security • The Register
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED
Mitigating Deepfake Threats in the Corporate World | MSSP Alert
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)
How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker
Malware
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Infostealers and the high value of stolen data - Help Net Security
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
Ducktail Malware Targets the Fashion Industry (darkreading.com)
Mobile
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
How to spot a fake data blocker that could hack your computer in seconds | ZDNET
Denial of Service/DoS/DDOS
Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online
How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)
Internet of Things – IoT
How to protect your organisation from IoT malware | TechTarget
Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)
Data Breaches/Leaks
Infostealers and the high value of stolen data - Help Net Security
29% of organisations cite data loss as top security breach result | Security Magazine
McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)
Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)
Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)
Fourth time unlucky: Okta hit by new cyber attack - Digital Journal
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
The real cost of healthcare cyber security breaches - Help Net Security
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)
Samsung warns some customers their data may have been stolen by hackers | TechRadar
Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)
Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)
Morgan Stanley fined over computers with personal data (cnbc.com)
Samsung says hackers accessed customer data during year-long breach | TechCrunch
A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED
Organised Crime & Criminal Actors
Russian admits building now-dismantled IPStorm proxy botnet • The Register
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ethereum hacked to steal millions from users across the world | TechRadar
Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)
Insider Risk and Insider Threats
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Insurance
Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News
Supply Chain and Third Parties
Uncovering the ransomware threat from global supply chains | ITPro
How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)
Cloud/SaaS
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
Traditional cloud security isn't up to the task - Help Net Security
Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security
Identity and Access Management
Encryption
The new frontier in online security: Quantum-safe cryptography (techxplore.com)
In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica
TETRA encryption algorithms entering the public domain • The Register
Passwords, Credential Stuffing & Brute Force Attacks
70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)
Google Workspace security flaws could see hackers easily snaffle your password | TechRadar
Stop using weak passwords for streaming services - it's riskier than you think | ZDNET
The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot
Social Media
Meta and YouTube face criminal surveillance complaints • The Register
How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)
Malvertising
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
Training, Education and Awareness
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Regulations, Fines and Legislation
EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)
Meta and YouTube face criminal surveillance complaints • The Register
SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)
Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Clorox CISO flushes self after multimillion-dollar attack • The Register
Morgan Stanley fined over computers with personal data (cnbc.com)
White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop
Models, Frameworks and Standards
What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra
Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security
Backup and Recovery
Data Protection
Web browsing data collected in more detail than previously known, report finds (ft.com)
Online ad auction data harms national security – claim • The Register
Careers, Working in Cyber and Information Security
The challenges and opportunities of working in cyber security | TechRadar
How US SEC legal actions put CISOs at risk and what to do about it | CSO Online
Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)
Law Enforcement Action and Take Downs
Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)
Russian admits building now-dismantled IPStorm proxy botnet • The Register
European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity
Cyber Warfare and Cyber Espionage
NCSC Annual Review on 'state-aligned actors' | Professional Security
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com
Nation State Actors
China
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
ICBC/ransomware: China’s cyber security industry moves out of the shadows
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Labour warns against watering down of UK’s takeover screening powers
Russia
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)
Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert
EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)
Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)
Iran
North Korea
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)
Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerabilities
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)
Adobe Releases Security Updates for Multiple Products | CISA
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week
Fortinet Releases Security Updates for FortiClient and FortiGate | CISA
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)
SAP Patches Critical Vulnerability in Business One Product - Security Week
Critical flaw fixed in SAP Business One product (securityaffairs.com)
Citrix Releases Security Updates for Citrix Hypervisor | CISA
Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)
An email vulnerability let hackers steal data from governments around the world (engadget.com)
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)
Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr
Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)
Tools and Controls
Building resilience to shield your digital transformation from cyber threats - Help Net Security
Against the Clock: Cyber Incident Response Plan (trendmicro.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Web Application Attacks | Types of Web Application Attacks | Mimecast
Traditional cloud security isn't up to the task - Help Net Security
National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
NCSC backs use of security.txt for cyber resilience | UKAuthority
New approaches to fighting ransomware are emerging | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
The new imperative in API security strategy - Help Net Security
How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)
Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)
Threat Intel: To Share or Not to Share is Not the Question - Security Week
As perimeter defences fall, the identify-first approach steps into the breach | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN
How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics
Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs
Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)
Kubernetes adoption creates new cyber security challenges - Help Net Security
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Hundreds of websites cloned to run ads for Chinese gambling • The Register
AI helps leaders optimize costs and mitigate risks - Help Net Security
It ain’t what you store, it’s the way you restore it. • The Register
Reports Published in the Last Week
Other News
'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT
National security at risk from web browsing data collection, report finds (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Collaborative strategies are key to enhanced ICS security - Help Net Security
Web Application Attacks | Types of Web Application Attacks | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 20 October 2023
Black Arrow Cyber Threat Intelligence Briefing 20 October 2023:
-Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment
-Cyber Security Investments Show Mature Business Mindset
-SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High
-Phishing Attacks Reach Record Highs as Banks, Financial Services Remain Top Targets with HR Remaining the Most Effective Phishing Lure
-Cyber Attacks are a Matter of When not if, The Best Time to Deal With Them is Before They Happen
-Lloyd's Of London Warns Of Worst-Case-Scenario Cyber Attack
-20,000 Britons Approached By Chinese Agents On LinkedIn, Says MI5 Head
-Ransomware - All it Takes is One Employee Mistake, Criminals are Aiming at Third-Party Vendors
-39% of Individuals Use the Same Password for Multiple Accounts
-Why Fourth-Party Risk Management Is a Must-Have
-AI Adoption Surges But Security Awareness Lags Behind
-UK watchdog fines Equifax £11 million for role in cyber breach
-Why Boards Must Understand and Govern Cyber Security Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment
A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.
Sources: [PR Newswire] [TechRadar]
Cyber Security Investments Show Mature Business Mindset
Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.
Source: [Insider Media] [Compare the Cloud]
SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High
Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.
SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).
Source: (IT Security Guru)
Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure
Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.
In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.
Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]
Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen
Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.
Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Euronews] [The Times] [AI-CIO]
Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack
In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.
The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.
Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]
20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head
An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.
A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.
Sources: [Computer Weekly] [Tech Monitor] [Guardian]
Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors
According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.
Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.
Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.
Sources: [Security Affairs] [Claims Journal]
39% of Individuals Use the Same Password for Multiple Accounts
According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.
Source: [Security Magazine]
Why Fourth-Party Risk Management Is a Must-Have
Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.
Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.
Source: [Tech Target]
AI Adoption Surges but Security Awareness Lags Behind
A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.
Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.
Source: [Infosecurity Magazine]
UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach
Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six weeks after their parent company discover the hack.
Source: [Reuters]
Why Boards Must Understand and Govern Cyber Security Risk
The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Forbes]
Governance, Risk and Compliance
Many cyber bosses just aren't confident in their company's defences | TechRadar
SMBs seek help as cyber threats reach an all-time high - Help Net Security
SMBs seek cyber training, support as attack risk surges | CIO Dive
The real impact of the cyber security poverty line on small organisations - Help Net Security
Cyber security investments show mature business mindset, says IT expert | Insider Media
Is Cyber security Finally Becoming a Business Enabler? - Compare the Cloud
The best time to deal with cyber attacks is before they happen (thetimes.co.uk)
Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)
Over 70% of firms hit by cyber attack in last 12 months (rte.ie)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
Getting ready for NIS2 with strong identity controls | ITPro
10 Ways Boards Are Setting Their Companies Up For Cyber security Failure (forbes.com)
NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)
AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)
Cyber attacks to cost $23 trillion in 2027: US official | ABS-CBN News
How Cyber security Provides the Green Light for Business Innovation (govinfosecurity.com)
Essential cyber hygiene: Making cyber defence cost effective - Help Net Security
The Need for a Cyber security-Centric Business Culture (darkreading.com)
The double-edged sword of heightened regulation for financial services - Help Net Security
Report: Cyber attacks No. 1 cause of downtime and data loss | Security Magazine
Will CISOs Become Personally Liable for Breach Response? (inforisktoday.com)
Keeping control in complex regulatory environments - Help Net Security
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
7 risk mitigation strategies to protect business operations | TechTarget
How to go from collecting risk data to actually reducing risk? - Help Net Security
SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra
Regulations are still necessary to compel adoption of cyber security measures | ZDNET
CISOs and board members are finding a common language - Help Net Security
IT Disaster Recovery Best Practices: Preparing For The Worst (informationsecuritybuzz.com)
When And How To Hire A vCISO For Your Company's Cyber security Program (forbes.com)
18 Factors And Metrics To Show The Value Of Cyber security Initiatives (forbes.com)
Improve your cyber threat understanding with geopolitical context | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats? (thehackernews.com)
Ransomware realities in 2023: one employee mistake can cost a company millions (securityaffairs.com)
Ransomware Criminals Aiming at Third-Party Vendors in Hunt for ‘Big Game’ (claimsjournal.com)
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure (darkreading.com)
Giant health insurer struck by ransomware didn't have antivirus protection (malwarebytes.com)
CISA shares vulnerabilities, misconfigs used by ransomware gangs (bleepingcomputer.com)
What Are the Legal Implications of Paying Ransomware Demands? | HackerNoon
63% of organisations restore data after a ransomware attack | Security Magazine
Black Basta ransomware is out and about, again. (thecyberwire.com)
Ukrainian activists hack Trigona ransomware gang, wipe servers (bleepingcomputer.com)
Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire
Scammers are targeting plastic surgery clinics with extortion scams | TechRadar
BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks (bleepingcomputer.com)
Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)
Ransomware Victims
Lockbit ransomware gang demanded an 80 million ransom to CDW (securityaffairs.com)
Alphv gang stole 5TB of data from Morrison Community Hospital (securityaffairs.com)
Kansas Supreme Court Probes Potential Ransomware Attack (govinfosecurity.com)
KwikTrip all but says IT outage was caused by a cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
More than 95 per cent of phishing attacks target the banking and finance sectors (bizhub.vn)
Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE
VIPRE finds 233.9 million malicious emails detected in Q3 2023 (securitybrief.co.nz)
Make sure that email from HR is legit - it could be another phishing scam | TechRadar
Human resources emails remain top phishing targets - SiliconANGLE
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)
Artificial Intelligence
AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge (thehackernews.com)
AI-generated cyber attacks pose new risk to key UK infrastructure, experts warn | The Independent
North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar
Generative AI is scaring CISOs – but adoption isn’t slowing down | CSO Online
Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online
2FA/MFA
Malware
Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE
DarkGate malware spreads through compromised Skype accounts (bleepingcomputer.com)
BLOODALCHEMY provides backdoor to ASEAN secrets • The Register
Discord still a hotbed of malware activity — Now APTs join the fun (bleepingcomputer.com)
Researchers warn of increased malware delivery via fake browser updates - Help Net Security
Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)
Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica
Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)
Beware - that Google Chrome update alert might actually just be malware | TechRadar
Mobile
SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls (thehackernews.com)
The top 9 mobile security threats and how you can avoid them | ZDNET
Hackers exploit security flaw to target iOS 17 iPhones with 'notification attack' | Macworld
Google Play Protect adds real-time scanning to fight Android malware (bleepingcomputer.com)
Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Inadequate IoT protection can be a costly mistake - Help Net Security
Israelis told to secure their home security cameras against hackers • Graham Cluley
Logistics Matters - Alert: How hackers use printers to gain access
Data Breaches/Leaks
UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters
Casio discloses data breach impacting customers in 149 countries (bleepingcomputer.com)
530K people's info stolen from cloud PC gaming's Shadow • The Register
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)
Hackers stole a million people's DNA. But what will they do with it? | Tech News | Metro News
23AndMe Hacker Leaks New Tranche of Stolen Data (darkreading.com)
Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)
Lost and Stolen Devices: A Gateway to Data Breaches and Leaks - SecurityWeek
Twitter glitch allows CIA informant channel to be hijacked - BBC News
Care provider under fire over response to cyber attack (thetimes.co.uk)
Organised Crime & Criminal Actors
Cyber attacks -- where they come from and the tactics they use (betanews.com)
Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online
Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)
Single Sign On and the Cyber crime Ecosystem (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Employees leaving businesses open to cyber attack – QBE research - CIR Magazine
Why disaffected employees are your greatest cyber security risk | Federal News Network
Ex-Navy IT head gets 5 years for selling people’s data on darkweb (bleepingcomputer.com)
Insurance
How MOVEit Is Likely to Shift Cyber Insurance Calculus (darkreading.com)
How Data Changes the Cyber Insurance Market Outlook (darkreading.com)
What to Look for in Cyber Insurance Coverage | Proofpoint US
Supply Chain and Third Parties
Identity and Access Management
Encryption
Linux and Open Source
Open To Attack: The Risks Of Open-Source Software Attacks (informationsecuritybuzz.com)
Can open source be saved from the EU's Cyber Resilience Act? • The Register
Report Finds Few Open Source Projects are Actively Maintained - Slashdot
Passwords, Credential Stuffing & Brute Force Attacks
IT Admins Are Just as Guilty For Weak Password Use- IT Security Guru
Over 40,000 admin portal accounts use 'admin' as a password (bleepingcomputer.com)
39% of individuals use the same password for multiple accounts | Security Magazine
Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)
Passkeys Are Cool, But They Aren't Enterprise-Ready (darkreading.com)
A worrying amount of corporate IDs still aren't properly protected | TechRadar
Social Media
Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)
Twitter glitch allows CIA informant channel to be hijacked - BBC News
Malvertising
Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)
Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica
Clever malvertising attack uses Punycode to look like KeePass's official website (malwarebytes.com)
Training, Education and Awareness
Regulations, Fines and Legislation
UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters
One year left for companies to implement NIS2 cyber security directive (wbj.pl)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)
Can open source be saved from the EU's Cyber Resilience Act? • The Register
Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky (darkreading.com)
The double-edged sword of heightened regulation for financial services - Help Net Security
Top US Cyber Agency Pushing Toward First Hack Reporting Rule (bloomberglaw.com)
Keeping control in complex regulatory environments - Help Net Security
UN cyber crime treaty: A menace in the making – EURACTIV.com
SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra
Models, Frameworks and Standards
One year left for companies to implement NIS2 cyber security directive (wbj.pl)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)
NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)
Backup and Recovery
Principles for ransomware-resistant cloud backups - NCSC.GOV.UK
63% of organisations restore data after a ransomware attack | Security Magazine
Data Protection
Careers, Working in Cyber and Information Security
Over half of cyber security pros say they want to switch jobs (betanews.com)
Compelling Reasons Why You Should Study Cyber Security - Minutehack
Your guide to landing a job in cyber security (fastcompany.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats
Misc Nation State/Cyber Warfare
‘Only a matter of time’ before cyber attacks are viewed as acts of war: Ex-NSA chief
Five Eyes issues five tips on thwarting nation state threats | Computer Weekly
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure (thehackernews.com)
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
The evolution of deception tactics from traditional to cyber warfare - Help Net Security
Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)
Government officials debate effectiveness of multilateral relations in cyber security | ZDNET
Defence leaders recognise need to adapt to win in ‘information battlespace’ | BAE Systems
Geopolitical Threats/Activity
How Cyber attacks Could Affect the Israel-Hamas War (govinfosecurity.com)
Israelis told to secure their home security cameras against hackers • Graham Cluley
Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)
Pro-Israeli Hacktivist Group Predatory Sparrow Reappears (darkreading.com)
AI-Powered Israeli 'Cyber Dome' Defence Operation Comes to Life (darkreading.com)
Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)
Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)
Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems (darkreading.com)
China
Mandia: China replaces Russia as top cyber threat | CyberScoop
FBI boss slams ‘unprecedented’ Chinese cyberespionage and IP theft | SC Media (scmagazine.com)
Five Eyes warn of growing threat of IP 'theft' by China's hackers (techmonitor.ai)
20,000 Britons approached by Chinese agents on LinkedIn, says MI5 head | MI5 | The Guardian
Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration (thehackernews.com)
BLOODALCHEMY provides backdoor to ASEAN secrets • The Register
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)
Huawei wants to know why EU labelled it high security risk • The Register
Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw (thehackernews.com)
Russia
Mandia: China replaces Russia as top cyber threat | CyberScoop
Russia-based Wizard Spider is Top Threat Group: Netskope Report | MSSP Alert
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
Russian Sandworm hackers breached 11 Ukrainian telcos since May (bleepingcomputer.com)
Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)
Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)
Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)
Iran
Iranian hackers lurked in Middle Eastern govt network for 8 months (bleepingcomputer.com)
Hamas-linked app offers window into cyber infrastructure, possible links to Iran | CyberScoop
North Korea
Vulnerability Management
Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)
Microsoft Needs to Get Serious About Its Windows 10 Upgrade Problem (pcmag.com)
Vulnerabilities
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 - SecurityWeek
Cisco working on fix for critical IOS XE zero-day | TechTarget
Oracle Patches 185 Vulnerabilities With October 2023 CPU - SecurityWeek
Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms (thehackernews.com)
Juniper Networks Patches Over 30 Vulnerabilities in Junos OS - SecurityWeek
Hackers exploit critical flaw in WordPress Royal Elementor plugin (bleepingcomputer.com)
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software (thehackernews.com)
Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
Tools and Controls
Well-informed employees act as 1st line of defence against cyber threats
SMBs seek cyber training, support as attack risk surges | CIO Dive
Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)
Essential cyber hygiene: Making cyber defence cost effective - Help Net Security
Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)
Improve your cyber threat understanding with geopolitical context | CSO Online
Why Zero Trust Is the Cloud Security Imperative (darkreading.com)
3 Essential Steps to Strengthen SaaS Security (darkreading.com)
Google Authenticator synchronization raises MFA concerns | TechTarget
Email Security Best Practices for Phishing Prevention (trendmicro.com)
What to Look for in Cyber Insurance Coverage | Proofpoint US
How to go from collecting risk data to actually reducing risk? - Help Net Security
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
OSINT isn't immediate ground truth--it's the result of analysis. (thecyberwire.com)
How Data Changes the Cyber Insurance Market Outlook (darkreading.com)
What is Structured Threat Information eXpression (STIX)? (techtarget.com)
Other News
SMBs Struggle to Keep Pace with Cyber Security Threats - IT Security Guru
Many SMBs really don't know exactly what security tools they need | TechRadar
Hackers Hit The IT Industry: 12 Companies Targeted In 2023 | CRN
What the Hollywood Writers Strike Resolution Means for Cyber security (darkreading.com)
Progress gets SEC subpoena over MOVEit breach – and more! • The Register
Cyber attacks on healthcare organisations affect patient care - Help Net Security
Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)
Thinking about the phrase 'cyber security' | Microscope (computerweekly.com)
Space industry group turns up volume on satellite vulnerabilities - SpaceNews
5 Tips for Improving Security in Public Sector (govinfosecurity.com)
Marketers Must Make Cyber security A Priority Every Day (forbes.com)
UK at risk of massive security breach from national HMRC IT meltdown | The Independent
UK warns nuclear power plant operator of cyber security failings (therecord.media)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 16 December 2022
Black Arrow Cyber Threat Briefing 16 December 2022:
-Executives Take More Cyber Security Risks Than Office Workers
-CISO Role is Diversifying from Technology to Leadership & Communication Skills
-How Emerging AIs, Like ChatGPT, Can Turn Anyone into a Ransomware and Malware Threat Actor
-Cyber Security Drives Improvements in Business Goals
-Incoming FCA Chair Says Crypto Firms Facilitate Money Laundering
-Managing Cyber Risk in 2023: The People Element
-What We Can't See Can Hurt Us
-Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online
-When Companies Compensate the Hackers, We All Foot the Bill
-HSE Cyber-Attack Costs Ireland $83m So Far
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Executives Take More Cyber Security Risks Than Office Workers
IT software company Ivanti worked with cyber security experts and surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand the perception of today’s cybersecurity threats and to find out how companies are preparing for yet-unknown future threats.
The report revealed that despite 97% of leaders and security professionals reporting their organisation is as prepared, or more prepared, to defend against cybersecurity attacks than they were a year ago, one in five wouldn’t bet a chocolate bar that they could prevent a damaging breach.
In fact, the study finds that organisations are racing to fortify against cyber attacks, but the industry still struggles with a reactive, checklist mentality. This is most pronounced in how security teams are prioritising patches. While 92% of security professionals reported they have a method to prioritise patches, they also indicated that all types of patches rank high – meaning none do.
“Patching is not nearly as simple as it sounds,” said Ivanti. “Even well-staffed, well-funded IT and security teams experience prioritisation challenges amidst other pressing demands. To reduce risk without increasing workload, organisations must implement a risk-based patch management solution and leverage automation to identify, prioritise, and even address vulnerabilities without excess manual intervention”.
Cyber security insiders view phishing, ransomware, and software vulnerabilities as top industry-level threats for 2023. Approximately half of respondents indicated they are “very prepared” to meet the growing threat landscape including ransomware, poor encryption, and malicious employees, but the expected safeguards such as deprovisioning credentials is ignored a third of a time and nearly half of those surveyed say they suspect a former employee or contractor still has active access to company systems and files.
The report also revealed that leaders engage in more dangerous behaviour and are four times more likely to be victims of phishing compared to office workers.
Additionally:
More than 1 in 3 leaders have clicked on a phishing link
Nearly 1 in 4 use easy-to-remember birthdays as part of their password
They are much more likely to hang on to passwords for years
And they are 5x more likely to share their password with people outside the company.
One survey taker shared, “We’ve experienced a few advanced phishing attempts and the employees were totally unaware they were being targeted. These types of attacks have become so much more sophisticated over the last two years – even our most experienced staff are falling prey to it.”
To cope with a rapidly expanding threat landscape, organisations must move beyond a reactive, rules-based approach.
CISO Role is Diversifying from Technology to Leadership & Communication Skills
The role of chief information security officer (CISO), a relatively new executive position, is undergoing some significant changes and an archetype has yet to emerge, a new global report from Marlin Hawk, an executive recruiting and leadership consultant, said.
CISOs are still more likely to serve on advisory boards or industry bodies than on the board of directors. Only 13% of the global CISOs analysed are women; approximately 20% are non-white. Each diversity dimension analysed is down one percentage point year-on-year.
According to James Larkin, managing partner at Marlin Hawk, “Today’s CISOs are taking up the mantle of responsibilities that have traditionally fallen solely to the chief information officer (CIO), which is to act as the primary gateway from the tech department into the wider business and the outside marketplace. This widening scope requires CISOs to be adept communicators to the board, the broader business, as well as the marketplace of shareholders and customers. By thriving in the ‘softer’ skill sets of communication, leadership, and strategy, CISOs are now setting the new industry standards of today and, I predict, will be progressing into the board directors of tomorrow.”
The job does not come without its downsides. For one, according to the search firm, many CISOs change roles and leave their jobs. Their skillset may not be adequate or new leaders get appointed to the job, they lack the necessary internal support, or their company may not have the required commitment to cyber security to make the job effective.
Key findings from the report include:
45% of global CISOs have been in their current role for two years or less, down from 53% in 2021, with 18% turnover year-on-year. While there is still a lot of movement in the CISO seat, there is potentially some stabilisation emerging.
Approximately 62% of global CISOs were hired from another company, indicating a slight increase in the number of CISOs hired internally (38% were hired internally compared to 36% in 2021) but a large gap remains in appropriate successors.
36% of CISOs analysed with a graduate degree received a higher degree in business administration or management. This is down 10% from last year (46% in 2021). Conversely, there has been an increase to 61% of CISOs receiving a higher degree in STEM subjects (up from 46% in 2021).
How Emerging AIs, Like ChatGPT, Can Turn Anyone into a Ransomware and Malware Threat Actor
Ever since OpenAI launched ChatGPT at the end of November, commentators on all sides have been concerned about the impact AI-driven content-creation will have, particularly in the realm of cybersecurity. In fact, many researchers are concerned that generative AI solutions will democratise cyber crime.
With ChatGPT, any user can enter a query and generate malicious code and convincing phishing emails without any technical expertise or coding knowledge.
While security teams can also leverage ChatGPT for defensive purposes such as testing code, by lowering the barrier for entry for cyber attacks, the solution has complicated the threat landscape significantly. From a cyber security perspective, the central challenge created by OpenAI’s creation is that anyone, regardless of technical expertise, can create code to generate malware and ransomware on-demand.
Whilst it can be used for good to assist developers in writing code for good, it can (and already has) been used for malicious purposes. Examples including asking the bot to create convincing phishing emails or assist in reverse engineering code to find zero-day exploits that could be used maliciously instead of reporting them to a vendor.
ChatGPT does have inbuilt guardrails designed to prevent the solution from being used for criminal activity. For instance, it will decline to create shell code or provide specific instructions on how to create shellcode or establish a reverse shell and flag malicious keywords like phishing to block the requests.
The problem with these protections is that they’re reliant on the AI recognising that the user is attempting to write malicious code (which users can obfuscate by rephrasing queries), while there’s no immediate consequences for violating OpenAI’s content policy.
https://venturebeat.com/security/chatgpt-ransomware-malware/
Cyber Security Drives Improvements in Business Goals
Cyber threats should no longer be viewed as just an IT problem, but also a business problem, Deloitte said in its latest Future of Cyber study. Operational disruption, loss of revenue, and loss of customer trust are the top three significant impacts of cyber incidents. More than half, or 56%, of respondents told Deloitte they suffered related consequences to a moderate or large extent.
In 2021, the top three negative consequences from cyber incidents and breaches were operational disruption, which includes supply chain and the partner ecosystem, intellectual property theft, and a drop in share price. While operational disruption remained the top concern in 2022, loss of revenue and loss of customer trust and negative brand impact moved up in importance. Intellectual property theft and drop in share price dropped to eighth and ninth (out of ten) in ranking. Losing funding for a strategic initiative, loss of confidence in the integrity of the technology, and impact on employee recruitment and retention moved up in ranking in 2022. Respondents were also asked to mark two consequences they felt would be most important in 2023: Operational disruption and loss of revenue topped the list.
"Today, cyber means business, and it is difficult to overstate the importance of cyber as a foundational and integral business imperative," Deloitte noted in its report. "It [cyber] should be included in every functional area, as an essential ingredient for success—to drive continuous business value, not simply mitigate risks to IT."
Deloitte categorised organisations' cyber security maturity based on their adoption of cyber planning, risk management, and board engagement. Risk management included activities such as industry benchmarking, incident response, scenario planning, and qualitative and quantitative risk assessment.
Whether or not the organisation adopted any of these three practices hinged on stakeholders recognising the importance of cyber responsibility and engagement across the whole organisation, Deloitte said in its report. Examples included having a governing body that comprises IT and senior business leaders to oversee the cyber program, conducting incident-response scenario planning and simulation at the organisational and/or board level, regularly providing cyber updates to the board to secure funding, and conducting regular cyber awareness training for all employees.
https://www.darkreading.com/edge-threat-monitor/cybersecurity-drives-improvements-in-business-goals
Incoming FCA Chair Says Crypto Firms Facilitate Money Laundering
The man who will lead UK efforts to regulate cryptocurrency firms issued a stark condemnation of the sector on Wednesday, telling MPs that in his experience crypto platforms were “deliberately evasive”, facilitated money laundering at scale and created “massively untoward risk”.
The comments from Ashley Alder, the incoming chair of the Financial Conduct Authority, suggest that crypto firms hoping to build businesses in the UK will face an uphill battle when the FCA assumes new powers to regulate broad swaths of the sector.
They also put Alder, who will become FCA chair in February, on a potential collision course with the government’s aspiration to create a high quality crypto hub that fosters innovation, a vision ministers have remained loyal to even as the global crypto market lurches from crisis to crisis, epitomised by the collapse of FTX. The FCA declined to comment on whether their incoming chair’s views were at odds with those of the government.
Alder comments came during a sometimes terse appointment hearing with the cross-party Treasury select committee, where he faced sustained criticism for appearing virtually from Hong Kong and for his lack of familiarity with some parts of the UK market place and its accountability structures.
https://www.ft.com/content/7bf0a760-5fb5-4146-b757-1acc5fc1dee5
Managing Cyber Risk in 2023: The People Element
2022 has had many challenges from cyber war between Russia and Ukraine, continuing ransomware attacks, and a number of high-profile vulnerabilities and zero day attacks. With the attack surface constantly expanding, CISOs and security leaders are acutely aware of the need to minimise risk across people, processes, and technology.
Top infrastructure risk: people
It’s common knowledge that it’s not if, but when, your organisation will be the target of a cyber attack. CISOs and security leaders seem to share the same opinion—according to Trend Micro’s latest Cyber Risk Index (CRI) (1H’2022), 85% of 4,100 respondents across four global regions said its somewhat to very likely they will experience a cyber attack in the next 12 months. More concerning was 90% of respondents had at least one successful cyber attack in the past 12 months.
The CRI (1H’2022) also found that CISOs, IT practitioners, and managers identified that most organisations’ IT security objectives are not aligned with the business objectives, which could cause challenges when trying to implement a sound cyber security strategy.
It’s important to note that while ideal, avoiding a cyber attack isn’t the main goal—companies need to address critical challenges across their growing digital attack surface to enable faster detection and response, therefore minimising cyber risk.
While it's commonly assumed that security efforts should be largely focused on protecting critical servers and infrastructure, the human attack vector shouldn’t be so quickly forgotten.
https://www.trendmicro.com/en_us/ciso/22/e/managing-cyber-risk.html
What We Can't See Can Hurt Us
In speaking with security and fraud professionals, visibility remains a top priority. This is no surprise, since visibility into the network, application, and user layers is one of the fundamental building blocks of both successful security programs and successful fraud programs. This visibility is required across all environments — whether on-premises, private cloud, public cloud, multicloud, hybrid, or otherwise.
Given this, it is perhaps a bit surprising that visibility in the cloud has lagged behind the move to those environments. This occurred partially because few options for decent visibility were available to businesses as they moved to the cloud. But it also partially happened because higher priority was placed on deploying to the cloud than on protecting those deployments from security and fraud threats.
This is unfortunate, since what we can't see can hurt us. That being said, cloud visibility is becoming a top priority for many businesses. There are a few areas where many businesses are looking for visibility to play a key role, including Compliance, Monitoring, Investigation, Response, API Discovery, Application Breaches, and Malicious User Detection.
Organisation have been a bit behind in terms of ensuring the requisite visibility into cloud environments. Whilst time has been lost, it does seem that gaining visibility into the network, application, and user layers is now a priority for many businesses. This is a positive development, as it enables those businesses to better mitigate the risks that operating blindly creates.
https://www.darkreading.com/edge-articles/what-we-can-t-see-can-hurt-us
Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online
Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cyber security incident.
On Saturday last week, a threat actor named 'UberLeaks' began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches. The leaked data includes numerous archives claiming to be source code associated with mobile device management platforms (MDM) used by Uber and Uber Eats and third-party vendor services.
The threat actor created four separate topics, allegedly for Uber MDM at uberhub.uberinternal.com and Uber Eats MDM, and the third-party Teqtivity MDM and TripActions MDM platforms. Each post refers to a member of the Lapsus$ hacking group who is believed to be responsible for numerous high-profile attacks, including a September cyber attack on Uber where threat actors gained access to the internal network and the company's Slack server.
News outlet BleepingComputer has been told that the newly leaked data consists of source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses, and other corporate information. One of the documents seen by BleepingComputer includes email addresses and Windows Active Directory information for over 77,000 Uber employees.
While BleepingComputer initially thought this data was stolen during the September attack, Uber told BleepingComputer it believes it is related to a security breach on a third-party vendor.
When Companies Compensate the Hackers, We All Foot the Bill
Companies are always absorbing costs that are seen as par for the course of budget planning: maintenance, upgrades, office supplies, wastage, shrinkage, etc. These costs ratchet up the price of a company's products and are then passed on to the consumer. Breaches in cyber security and paying out ransoms to hackers should be outside of this remit, and yet more than half of all companies admit to transferring the costs of data breaches on to consumers. Careless or ill-informed employees and other weaknesses in a company's protections lead to catastrophic losses to businesses of around $1,797,945 per minute — and the consumers are paying it off.
If a company estimates the recovery costs from a ransomware attack to exceed the requested payment from the hacker, then it feels like a no-brainer — they're better off just cutting their losses and giving in to the cyber criminal's demands. The issue is that this creates an unvirtuous circle of paying the hacker, which enforces nefarious behaviour and empowers hackers to increase the number and volume of ransoms.
When it comes to ransomware, 32% of companies pay off hackers, and, of that percentage, the average company only retrieves about 65% of its data. Giving in to hackers is counterintuitive. On an even more disturbing note, one study found that 80% of companies that paid a ransom were targeted a second time, with about 40% paying again and a majority of that 40% paying a higher ransom the second time round. This is ludicrous. With 33% of companies suspending operations following an attack, and nearly 40% resorting to laying off staff, it comes as no surprise that the downstream costs are picked up to some extent by the consumer.
As for smaller companies, about 50% of US small businesses don't have a cyber security plan in place, despite the fact that small businesses are three times more likely to be targeted by cyber criminals than larger companies. An average breach costs these companies around $200,000 and has put many out of business. It isn't simply the cost passed on to consumers, it's also the intangible assets, such as brand reputation.
When data is leaked and a site goes down, customers become rightly anxious when their information is sold to the highest bidder on the Dark Web. To safeguard against this, companies of all sizes should exploit automated solutions while training every single member of staff to recognise and report online threats. Paying a ransom does not guarantee the return of data, and for a smaller business, losing valuable customer information could cause long-term damage way beyond the initial attack.
Cyber security professionals, governments, and law enforcement agencies all advise companies to avoid paying the hackers' ransoms. This strategy is affirmed by the success businesses have had in retrieving the stolen data and turning the lights back on — 78% of organisations who say they did not pay a ransom were able to fully restore systems and data without the decryption key. This evidently is not enough to reassure companies who, at the click of a dangerous email being opened, have lost sensitive information and access to their systems and are desperate to get back online. There are many preventative techniques businesses can take advantage of before it even gets to that stage.
HSE Cyber-Attack Costs Ireland $83m So Far
The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m).
The figures come from a letter from HSE’s chief information officer, seen by The Irish Times. This comes months after the Department of Health suggested in February the attack could end up costing up to €100m ($104m). The letter confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) until October of this year.
Ireland has a very capable national cyber security centre and a well-oiled CSIRT team that engages the public/private sector. If the cost does continue to escalate to €100m, that is the equivalent to everyone in the Republic of Ireland having been defrauded by €20. According to The Irish Times, the costs were said to be “enormous,” and the government has been asked to complete a comprehensive assessment of the impact caused by the breach.
The cyber-attack, believed to have been conducted by Russia-based state actors, was reportedly caused by a malicious Microsoft Excel file delivered via a phishing email. According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later. A total of roughly 100,000 people had their personal data stolen during the cyber-attack.
Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices.
https://www.infosecurity-magazine.com/news/hse-cyber-attack-ireland-dollar83m/
Threats
Ransomware, Extortion and Destructive Attacks
HSE Cyber-Attack Costs Ireland $83m So Far - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware-hit Rackspace email outage enters 12th day • The Register
The Dark Web is Getting Darker - Ransomware Thrives on Illegal Markets (bleepingcomputer.com)
Rash of New Ransomware Variants Springs Up in the Wild (darkreading.com)
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks | SecurityWeek.Com
Preventing a ransomware attack with intelligence: Strategies for CISOs - Help Net Security
LockBit ransomware crew claims attack on California Department of Finance - CyberScoop
When Companies Compensate the Hackers, We All Foot the Bill (darkreading.com)
Clop ransomware uses TrueBot malware for access to networks (bleepingcomputer.com)
TrueBot infections were observed in Clop ransomware attacks - Security Affairs
Play ransomware claims attack on Belgium city of Antwerp (bleepingcomputer.com)
Brooklyn hospital network victim of cyber hack crash (msn.com)
Cyber security Experts Uncover Inner Workings of Destructive Azov Ransomware (thehackernews.com)
Cybereason warns of rapid increase in Royal ransomware | TechTarget
New Royal ransomware group evades detection with partial encryption | CSO Online
How ChatGPT can turn anyone into a ransomware and malware threat actor | VentureBeat
Check Point classifies Azov as wiper, not ransomware | TechTarget
Phishing & Email Based Attacks
Open-source repositories flooded by 144,000 phishing packages (bleepingcomputer.com)
Phishing attack uses Facebook posts to evade email security (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Malware
Microsoft digital certificates have once again been abused to sign malware | Ars Technica
Hackers target Japanese politicians with new MirrorStealer malware (bleepingcomputer.com)
Zscaler: Nearly 90% of Cyber attacks Now Use Encrypted Channels, Malware Tops - MSSP Alert
Crooks use HTML smuggling to spread QBot malware via SVG files - Security Affairs
A clever trick turns antivirus software into unstoppable data wiping scourges | TechSpot
How ChatGPT can turn anyone into a ransomware and malware threat actor | VentureBeat
Mobile
Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims (thehackernews.com)
Why You Should Enable Apple’s New iOS 16.2 Security Feature | Reviews by Wirecutter (nytimes.com)
Xnspy stalkerware spied on thousands of iPhones and Android devices | TechCrunch
Internet of Things – IoT
3.5m IP cameras exposed, with US in the lead - Security Affairs
Are robots too insecure for lethal use by law enforcement? | CSO Online
10 Ways Doorbell Cameras Pose a Threat to Privacy and Security - Listverse
Data Breaches/Leaks
Uber suffers new data breach after attack on vendor, info leaked online (bleepingcomputer.com)
Twitter confirms recent user data leak is from 2021 breach (bleepingcomputer.com)
HR platform Sequoia says hackers accessed customer SSNs and COVID-19 data | TechCrunch
Australia's Telstra suffers privacy breach, 132,000 customers impacted | Reuters
Unauthorised server access caused AirAsia data leak: Fahmi | Malaysia | The Vibes
FBI's InfraGard Cyber security Program Breached by Hackers (gizmodo.com)
Aussie Data Breaches Surge 489% in Q4 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Uber staff information leaks after IT supply chain attack • The Register
TPG Telecom joins list of hacked Australian companies, shares slide | Reuters
How companies can avoid costly data breaches - Help Net Security
Hackers leak personal info allegedly stolen from 5.7M Gemini users (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Incoming FCA chair says crypto firms facilitate money laundering | Financial Times (ft.com)
Britons lose life savings to ‘Ali Baba and the cryptocurrency scammers’ | News | The Times
DOJ divided over charging Binance for alleged crypto crimes, report says | Ars Technica
Facebook Asks Lawmakers Not to Regulate Crypto Too Harshly Just Because of All the Fraud (vice.com)
The amateur sleuths who helped to bring down Sam Bankman-Fried - New Statesman
Hackers leak personal info allegedly stolen from 5.7M Gemini users (bleepingcomputer.com)
Insider Risk and Insider Threats
Executives take more cyber security risks than office workers - Help Net Security
Managing Cyber Risk in 2023: The People Element (trendmicro.com)
Fraud, Scams & Financial Crime
Britons lose life savings to ‘Ali Baba and the cryptocurrency scammers’ | News | The Times
Restaurant closes after fraudsters posing as officials steal thousands | News | The Times
Woman gets 66 months in prison for role in $3.3 million ID fraud op (bleepingcomputer.com)
Patrick Giblin conned women all over the US. Now he's going to prison for 5 years | CNN
UK arrests five for selling dodgy point of sale software • The Register
The amateur sleuths who helped to bring down Sam Bankman-Fried - New Statesman
8 charged with conspiracy to commit securities fraud • The Register
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
Uber staff information leaks after IT supply chain attack • The Register
Report highlights serious cyber security issues with US defence contractors | CSO Online
Software Supply Chain
How Naming Can Change the Game in Software Supply Chain Security (darkreading.com)
Microsoft digital certificates have once again been abused to sign malware | Ars Technica
Denial of Service DoS/DDoS
FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms (thehackernews.com)
Prosecutors charge 6 people for allegedly waging massive DDoS attacks | Ars Technica
‘Booter’ sites taken down in global cyber crime bust (gbnews.uk)
Microsoft discovers Windows/Linux botnet used in DDoS attacks | Ars Technica
Cloud/SaaS
Microsoft launches EU 'data boundary' from next year • The Register
HR platform Sequoia says hackers accessed customer SSNs and COVID-19 data | TechCrunch
Lego fixes dangerous API vulnerability in BrickLink service | TechTarget (computerweekly.com)
Data Destruction Policies in the Age of Cloud Computing (darkreading.com)
Hybrid/Remote Working
Encryption
Zscaler: Nearly 90% of Cyber attacks Now Use Encrypted Channels, Malware Tops - MSSP Alert
The FBI Says Apple’s New Encryption Is “Deeply Concerning” (futurism.com)
Over 85% of Attacks Hide in Encrypted Channels - Infosecurity Magazine (infosecurity-magazine.com)
Privacy advocates are aghast at UK’s anti-encryption plans (thenextweb.com)
API
Open Source
Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities (thehackernews.com)
Open-source repositories flooded by 144,000 phishing packages (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
TikTok may push potentially harmful content to teens within minutes, study finds | CNN Business
Meta warns spyware still being used to target people on social media | Meta | The Guardian
Elon Musk Bans Journalists From Twitter After Reinstating Nazis (gizmodo.com)
Russian disinformation rampant on far-right social media platforms - CyberScoop
HowTo: Fight Cyber-Threats in the Metaverse - Infosecurity Magazine
US politicians propose TikTok ban over China security concerns (telegraph.co.uk)
Training, Education and Awareness
Keep Your Grinch at Bay: Here's How to Stay Safe Online this Holiday Season (thehackernews.com)
Remote Work Cyber security Requires a Change in Mindset (informationsecuritybuzz.com)
Parental Controls and Child Safety
TikTok may push potentially harmful content to teens within minutes, study finds | CNN Business
Microsoft Teams is a vector for child sexual abuse material • The Register
Cyber Bullying, Cyber Stalking and Sextortion
Xnspy stalkerware spied on thousands of iPhones and Android devices | TechCrunch
Proposed law offers support to tech-enabled abuse survivors • The Register
Regulations, Fines and Legislation
Privacy concerns are limiting data usage abilities - Help Net Security
European Commission takes step toward approving EU-US data privacy pact | Computerworld
Governance, Risk and Compliance
Managing Cyber Risk in 2023: The People Element (trendmicro.com)
Executives take more cyber security risks than office workers - Help Net Security
Cyber security Drives Improvements in Business Goals (darkreading.com)
Compliance Is Not Enough: How to Manage Your Customer Data (darkreading.com)
5 tips for building a culture of cyber security accountability - Help Net Security
Data Destruction Policies in the Age of Cloud Computing (darkreading.com)
What CISOs consider when building up security resilience - Help Net Security
CISO Role is Diversifying From Technology to Leadership & Communication Skills - MSSP Alert
Models, Frameworks and Standards
Why PCI DSS 4.0 Should Be on Your Radar in 2023 (thehackernews.com)
PCI Secure Software Standard version 1.2 sets out new payment security requirements | CSO Online
Backup and Recovery
Why Your MSSP Should Offer Backup-as-a-Service (BaaS) - MSSP Alert
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms (thehackernews.com)
Prosecutors charge 6 people for allegedly waging massive DDoS attacks | Ars Technica
8 charged with conspiracy to commit securities fraud • The Register
Privacy, Surveillance and Mass Monitoring
Privacy advocates are aghast at UK’s anti-encryption plans (thenextweb.com)
Apple should pay €6m for tracking users – French official • The Register
European Commission takes step toward approving EU-US data privacy pact | Computerworld
Privacy concerns are limiting data usage abilities - Help Net Security
Artificial Intelligence
Are robots too insecure for lethal use by law enforcement? | CSO Online
How ChatGPT can turn anyone into a ransomware and malware threat actor | VentureBeat
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government | Mandiant
Reassessing cyberwarfare. Lessons learned in 2022 | Securelist
As Wiretap Claims Rattle Government, Greece Bans Spyware | SecurityWeek.Com
Ex-Twitter Worker Gets Prison Time in Saudi 'Spy' Case | SecurityWeek.Com
Reassessing cyberwarfare. Lessons learned in 2022 | Securelist
Nation State Actors
Nation State Actors – Russia
Seven accused of smuggling out US military tech for Moscow • The Register
Neo-Nazi Russian militia appeals for intelligence on Nato member states | Ukraine | The Guardian
NSA cyber director warns of Russian digital assaults on global energy sector - CyberScoop
Russian disinformation rampant on far-right social media platforms - CyberScoop
Nation State Actors – China
NSA Outs Chinese Hackers Exploiting Citrix Zero-Day | SecurityWeek.Com
US politicians propose TikTok ban over China security concerns (telegraph.co.uk)
Hackers target Japanese politicians with new MirrorStealer malware (bleepingcomputer.com)
US to add Chinese chipmaker to trade blacklist | Financial Times (ft.com)
AIIMS cyber attack suspected to have originated in China, Hong Kong - Rediff.com India News
Spies and Lies by Alex Joske — inside China’s intelligence operation | Financial Times (ft.com)
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerability Management
Transitive Dependencies Account for 95% of Bugs - Infosecurity Magazine (infosecurity-magazine.com)
24% of technology applications contain high-risk security flaws - Help Net Security
Vulnerabilities
Hackers exploit critical Citrix ADC and Gateway zero day, patch now (bleepingcomputer.com)
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com
Adobe Patches 38 Flaws in Enterprise Software Products | SecurityWeek.Com
VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest - Security Affairs
Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities (thehackernews.com)
Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks (bleepingcomputer.com)
Transitive Dependencies Account for 95% of Bugs - Infosecurity Magazine (infosecurity-magazine.com)
Citrix Releases Security Updates for Citrix ADC, Citrix Gateway | CISA
Security Flaw in Atlassian Products Affecting Multiple Companies (darkreading.com)
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware – Naked Security (sophos.com)
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks | SecurityWeek.Com
New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products (thehackernews.com)
Apple patches everything, finally reveals mystery of iOS 16.1.2 – Naked Security (sophos.com)
Apple fixed the tenth actively exploited zero-day this year - Security Affairs
High-Severity Memory Safety Bugs Patched With Latest Chrome 108 Update | SecurityWeek.Com
Top 5 Web App Vulnerabilities and How to Find Them (thehackernews.com)
Severe vulnerabilities found in most industrial controllers - The Washington Post
Akamai WAF bypassed via Spring Boot to trigger RCE | The Daily Swig (portswigger.net)
Tools and Controls
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com
Why Your MSSP Should Offer Backup-as-a-Service (BaaS) - MSSP Alert
Data Destruction Policies in the Age of Cloud Computing (darkreading.com)
Other News
Cyber Threats Loom as 5B People Prepare to Watch World Cup Final (darkreading.com)
Tech companies must start sharing intelligence to avert global conflicts | Financial Times (ft.com)
Microsoft Defender, Avast, AVG turned against Windows to permanently delete files - Neowin
Analysis Shows Attackers Favour PowerShell, File Obfuscation (darkreading.com)
Automated Cyber campaign Creates Masses of Bogus Software Building Blocks (darkreading.com)
12 types of wireless network attacks and how to prevent them | TechTarget
FuboTV says World Cup streaming outage caused by a cyber attack (bleepingcomputer.com)
MTTR “not a viable metric” for complex software system reliability and security | CSO Online
Low-code/no-code security risks climb as tools gain traction | TechTarget
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Cyber Weekly Flash Briefing for 28 February 2020 –authenticator codes nabbed on Android, Cisco and Chrome critical vulns, FCA data breach, online backups not good enough
Cyber Weekly Flash Briefing for 28 February 2020 – authenticator codes nabbed on Android, Cisco and Chrome critical vulns, FCA data breach, online backups not good enough
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Android malware can steal Google Authenticator 2FA codes
A new version of the "Cerberus" Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts.
Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that's used as a two-factor authentication (2FA) layer for many online accounts.
Google launched the Authenticator mobile app in 2010. The app works by generating six to eight-digits-long unique codes that users must enter in login forms while trying to access online accounts.
Google launched Authenticator as an alternative to SMS-based one-time passcodes. Because Google Authenticator codes are generated on a user's smartphone and never travel through insecure mobile networks, online accounts who use Authenticator codes as 2FA layers are considered more secure than those protected by SMS-based codes.
Read the full article here: https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/
Cisco patches incoming to address Kr00k vulnerability impacting routers, firewall products
Cisco is working on a set of patches to address a recently-disclosed vulnerability that can be exploited to intercept Wi-Fi network traffic.
The vulnerability, tracked as CVE-2019-15126, has been nicknamed "Kr00k" and was disclosed at the by researchers on Wednesday.
Kr00k is a vulnerability that permits attackers to force Wi-Fi systems into disassociative states, granting the opportunity to decrypt packets sent over WPA2 Personal/Enterprise Wi-Fi channels.
All Wi-Fi enabled devices operating on Broadcom or Cypress Wi-Fi chipsets are impacted
Google Patches Chrome Browser Zero-Day Bug, Under Attack
Google patches zero-day bug tied to memory corruptions found inside the Chrome browser’s open-source JavaScript and Web Assembly engine, called V8.
Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild. The flaw affects versions of Chrome running on the Windows, macOS and Linux platforms.
The zero-day vulnerability, tracked as CVE-2020-6418, is a type of confusion bug and has a severity rating of high. Google said the flaw impacts versions of Chrome released before version 80.0.3987.122. The bug is tied to Chrome’s open-source JavaScript and Web Assembly engine, called V8.
Read the full article here: https://threatpost.com/google-patches-chrome-browser-zero-day-bug-under-attack/153216/
Ransomware victims thought their backups were safe. They were wrong
Ransomware victims are finding out too late that their vital backups are online and also getting encrypted by crooks, warns cyber security agency.
The UK's cyber security agency has updated its guidance on what to do after a ransomware attack, following a series of incidents where organisations were hit with ransomware, but also had their backups encrypted because they had left them connected to their networks.
Keeping a backup copy of vital data is a good way of reducing the damage of a ransomware attack: it allows companies to get systems up and running again without having to pay off the crooks. But that backup data isn't much good if it's also infected with ransomware -- and thus encrypted and unusable -- because it was still connected to the network when the attack took place.
The UK's National Cyber Security Centre (NCSC) said it has now updated its guidance by emphasising offline backups as a defence against ransomware.
Read the full article here: https://www.zdnet.com/article/ransomware-victims-thought-their-backups-were-safe-they-were-wrong/
Data breach at City watchdog FCA exposes records of thousands of complainants
The records of 1,600 people who complained to the City watchdog have been exposed following a major data breach at the regulator.
The Financial Conduct Authority (FCA) mistakenly published the personal records of complainants on its website, where anyone could access the information.
The data was visible between November 2019 and February 2020 and included the records of people who made a complaint between January 2018 and July 2019.
This leaked information included the name of the complainant, the company they represent, the status of the complaint and other information. In some instances addresses and telephone numbers were also visible.
Certain media outlets disclosed that the list contained the names of several high-profile individuals.
Read more here: https://www.telegraph.co.uk/money/consumer-affairs/data-breach-city-watchdog-exposes-records-thousands-complainants/
Hackers are getting better at tricking people into handing over passwords — here's what to look out for, according to experts
Hackers don't break in, they log in.
That mantra, often repeated by security experts, represents a rule of thumb: The vast majority of breaches are the result of stolen passwords, not high-tech hacking tools.
These break-ins are on the rise. Phishing scams — in which attackers pose as a trustworthy party to trick people into handing over personal details or account information — were the most common type of internet crime last year, according to a recent FBI report. People lost more than $57.8 million in 2019 as the result of phishing, according to the report, with over 114,000 victims targeted in the US.
And as phishing becomes more profitable, hackers are becoming increasingly sophisticated in the methods they use to steal passwords, according to Microsoft's Security Research team.
Most of the attackers have now moved to phishing because it's easy
Read the full article here: https://www.businessinsider.com/phishing-scams-getting-more-sophisticated-what-to-look-out-for-2020-2?r=US&IR=T
Government authorities fail to train employees on ransomware detection, prevention
New research suggests that the majority of state and local governments are not rising to the challenge of mitigating ransomware threats. (and it’s not just Government)
The majority of state and local government agencies are failing to prepare their employees to spot cyber attacks or teach them how to handle ransomware incidents in the workplace, new research suggests.
On Thursday, IBM Security released the results of a new study, conducted on its behalf by The Harris Poll, containing responses from close to 700 US local and state employees in IT, education, emergency services, and security departments.
The research, taking place between January and February this year, reveals that only 38% of local and state employees have received any training in general ransomware prevention, which may include learning how to spot phishing attempts, the threat of social engineering, and basic security hygiene in the workplace.