Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Social Engineering is the Biggest Cyber Threat, as Study Finds Most Workers Have Clicked on a Suspicious Email Link

According to a recent report, half of office workers have clicked on a link or attachment within a suspicious email sent to their work address within the last 12 months, and of those that interacted with the email, half of them claimed to be confident in their ability to identify phishing emails.

With 68% of breaches involving the human element, your organisation must be cognisant of its employees. Hackers know that no matter what your tech stack is, you will always have employees and where there is an employee, there is a way into your organisation. It is far cheaper to exploit an employee who already has the access you require, than to develop a new exploit. It only takes one human to make a mistake by granting access to an attacker.  

When it came to training, only 41% of respondents said their employer had provided formal cyber security awareness training and 79% said their previous training is not sufficient to keep pace with modern cyber threats.

Source: [HackerNoon] [BusinessPlus]

Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor

A recent report commissioned by BT reveals that 86% of UK business leaders suffer from 'tech-related stress,' particularly concerning AI and cyber security, a phenomenon they have termed as 'Bytmares.' The report found that 59% of business leaders worry about the rapid and relentless pace of tech advancement, and whether appropriate controls are in place to protect it.

According to a different survey, 74% of business leaders view cyber security incidents as the main disruptive threat to their organisations either currently or over the next twelve months. This was followed by cloud computing, internet of things and artificial intelligence.

These findings highlight the critical importance of robust cyber security measures in today’s interconnected world. As organisations increasingly rely on digital infrastructure, safeguarding sensitive data and systems becomes paramount. Cyber threats can disrupt operations, compromise customer trust, and result in financial losses. Remember, cyber security is not just an IT concern; it is a strategic imperative for every organisation.

Sources: [Beta News] [Telecoms] [Verdict]

ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before

A recent update from the UK’s Information Commissioner’s Office (ICO) has revealed that ransomware attacks in the UK have surpassed all previous years, up 52% from the previous year. The report found that finance, retail and education sectors are suffering the most incidents.

The leading causes of breaches include phishing, brute force attacks, errors and supply chain attacks. The ICO noted that many organisations still neglect basic cyber security measures and has called for enhanced efforts to combat the escalating threat, emphasising the importance of foundational controls.

Sources: [Tech Monitor] [Government Business] [The Record Media] [Tech Monitor]

Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks

The latest Verizon Business Data Breach Investigations Report (DBIR) highlights that employee error is the leading cause of cyber security incidents in the EMEA region, accounting for 49% of cases. The top reasons for these incidents are “miscellaneous errors, system intrusion, and social engineering,” making up 87% of all breaches. Hackers primarily target personal information (64%), internal data (33%), and login credentials (20%). Despite zero-day vulnerabilities being a significant threat, with exploitation rising to 14% of breaches, the report emphasises the critical need for ongoing employee training and awareness to mitigate these risks.

Source: [TechRadar]

Why Cyber Insurance isn’t a Substitute for Cyber Risk Management

While cyber insurance can be beneficial in mitigating financial loss from cyber attacks, it is not a substitute for comprehensive cyber risk management. Many firms with cyber insurance have still fallen victim to attacks, highlighting that cyber insurance primarily transfers residual risk. Effective cyber risk management includes conducting proper risk assessments and implementing robust cyber security controls. Cyber insurance cannot resolve issues like business disruption, breach of client confidentiality, and compliance with legal obligations; this stresses the need for proactive measures and independent assurance to protect against cyber threats.

Source: [ Law Society of Scotland]

China Presents Defining Challenge to Global Cyber Security, Says GCHQ

A recent speech by the new director of the UK’s GCHQ highlighted China's growing cyber threat, describing it as an "epoch-defining challenge." She warned that China's destabilising actions undermine global internet security. The current head of the UKs’ NCSC echoed these concerns, pointing to the Chinese state-sponsored hacking group Volt Typhoon which has infiltrated critical sectors like energy and transportation. The National Cyber Director at the White House added that China’s cyber capabilities pose a significant threat to global infrastructure, particularly in crisis scenarios, as Chinese hackers increasingly use sophisticated techniques to pre-position within networks.

Source: [Infosecurity Magazine]

Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign

Since April, millions of phishing emails have been sent through a botnet known as “Phorpiex” to conduct a large-scale LockBit Black ransomware campaign. In a warning from New Jersey’s Cybersecurity and Communications Integration Cell, it was explained that the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The emails are sent from 1,500 unique IP addresses worldwide.

Sources: [Bleeping Computer]

Global Financial Stability at Risk Due to Cyber Threats, IMF warns

A new International Monetary Fund (IMF) report highlights the severe threat cyber attacks pose to global financial stability, revealing that nearly 20% of reported cyber incidents in the past two decades targeted the financial sector, causing $12 billion in direct losses. Since 2020, these attacks have led to an estimated $2.5 billion in direct losses. The report underscores that cyber incidents threaten financial institutions' operational resilience, potentially leading to funding challenges and reputational damage. The IMF calls for bolstered cyber security measures, including stress testing, information-sharing arrangements, and enhanced national cyber security strategies to mitigate these growing risks.

Source: [World Economic Forum]

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

An ongoing social engineering campaign that is bombarding enterprises with spam calls and emails has been uncovered. The campaign involves a threat actor overwhelming a user’s email with junk, followed by a call offering to assist in removing the junk. From here, the threat actor aims to convince the victim to download remote monitoring and management software such as AnyDesk or Microsoft’s built in Quick Assist feature to allow the attacker remote access to the victim’s machine.

Source: [The Hacker News]

Santander Data Breach via Third-Party Provider Impacted Customers and Employees

A recent disclosure by the Spanish bank Santander revealed a data breach at a third-party provider affecting customers in Chile, Spain, and Uruguay. Unauthorised access to a database hosted by the provider compromised information on all current and some former employees, but did not include transactional data, online banking details, or passwords. Santander said they swiftly implemented measures to contain the incident, blocking access to the compromised database and enhancing fraud prevention controls. The bank assured that its operations and systems remain unaffected, allowing customers to continue transacting securely. The number of impacted individuals remains unspecified.

There is a continued trend in third party providers being used as the soft underbelly to attack larger and better defended organisations, requiring all organisations to consider the security controls of their third parties.

Source: [securityaffairs.com]

40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs

Recent research has revealed that 40% of cyber teams have not reported a cyber attack due to the fear of losing their job. Unfortunately, this leaves businesses at risk of being non-compliant, without even knowing so. When it came to challenges faced by organisations, it was found that nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyber attacks and 32% did not have the resources to hire new staff. This is not to say however, they are unable to outsource some of their cyber function to cyber specialists. This lack of allocated resources prevents the organisation from being confident that any incidents have been appropriately remediated.

Source: [Business Wire]

Digital Resilience – a Step Up from Cyber Security

In an increasingly digital world, many organisations are unaware of how truly reliant they are on digital technology, and the accompanying risks. As we move toward an even more digitally dependent future, the need for digital resilience is more critical than ever. Digital resilience refers to the ability to maintain, change, or recover technology-dependent operations. Organisations should begin with an internal audit to assess their digital resilience, involving all departments and ensuring senior management oversight, as board involvement is essential for effective cyber security programmes.

Digital resilience goes beyond cyber security to encompass change management, business resilience, and operational risk. Implementing digital resilience strategies requires continuous adaptation, cross-functional collaboration, and embedding resilience thinking throughout the organisation. Businesses must integrate digital resilience into their strategic planning to ensure ongoing competitiveness and adaptability in an ever-evolving digital landscape.

Sources: [CSO Online] [CSO Online]

UK Lags Europe on Exploited Vulnerability Remediation

A new report by Bitsight reveals that UK organisations lag behind their European counterparts in remediating software flaws listed in the US ‘Known Exploited Vulnerability’ (KEV) catalogue. UK organisations take an average of 225 days to address KEVs, compared to 220 days for European entities and just 21 days for German organisations. Non-KEV vulnerabilities are patched at an even slower rate, with UK entities taking over two years (736 days) to patch. Globally, the average time to resolve KEVs is around six months (180 days). Despite fewer KEVs detected in UK environments (30% versus 43% in Europe), the slow remediation poses significant risks, emphasising the need for faster and more proactive cyber security measures, specifically robust vulnerability scanning and patching.

Source: [Infosecurity Magazine]

Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments

A recent discussion at the British Insurance Brokers' Association (BIBA) conference highlighted the increasing importance of cyber security for businesses, driven by the surge in cyber attacks and the use of AI by criminal gangs. Zurich Resilience Solutions UK noted that businesses face greater scrutiny from underwriters over their cyber exposures.

BIBA, together with the Association of British Insurers (ABI), and the International Underwriting Association (IUA), have united with the UK’s National Cyber Security Centre (NCSC) in a joint effort to tackle ransom payments. As a result of their collaboration, they have published new best practice guidance, which aims to reduce the number of payments being made by UK victims as well as the disruption businesses face.

Source: [Emerging Risks] [NCSC] [Infosecurity Magazine]

Governance, Risk and Compliance

• ICO calls on all organisations to boost their cyber security amid growing threat of cyber attacks | Practical Law (thomsonreuters.com)

• Firms neglecting cyber security basics - ICO - CIR Magazine

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Business leaders consider cyber security main disruptor – Q1 2024 survey - Verdict

• 40% of Cyber Teams Have Not Reported Cyber Attacks Over Fear of Losing Jobs, According to New VikingCloud Research | Business Wire

• The Growing Cyber Security Disconnect Leaves Enterprises Exposed (forbes.com)

• Cyber Security Is a Top Investor Concern | HackerNoon

• Cyber threats demand more focus – Zurich (emergingrisks.co.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Keep it secret, keep it safe: the essential role of cyber security in document management | CSO Online

• Cyber anxiety on the rise in the UK (betanews.com)

• UK business leaders are stressing out over pace of technological change (telecoms.com)

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• 44% of Cyber Security Professionals Struggle with Regulatory Compliance - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attacks threaten global financial stability, IMF warns | World Economic Forum (weforum.org)

• BISO: Enhancing cyber security in modern enterprises - SiliconANGLE

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• What Is Cyber Risk Quantification? | HackerNoon

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• A Third of CISOs Have Been Dismissed “Out of Hand” By the Board - Infosecurity Magazine (infosecurity-magazine.com)

• Maximizing cyber security ROI: A strategic approach | TechRadar

• Many CISOs don't feel they get the right respect from their board | TechRadar

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Lloyd’s updates cyber war wordings - Reinsurance News

• Are you meeting your cyber insurance requirements? - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• UK hit by more ransomware and cyber attacks last year than ever before (therecord.media)

• The ups and downs (and ups again) of the ransomware risk - Digital Journal

• Hackers Target Children of Corporate Executives in Ransomware Attacks (businessinsider.com)

• CISA: Black Basta ransomware breached over 500 orgs worldwide (bleepingcomputer.com)

• Cyber attacks leave significant financial impact on hacked organisations (kwch.com)

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• The UK may not have a choice on a ransomware payment ban | Computer Weekly

• 64% Jump in Ransomware Claims on Remote Access Tools, Report Shows (claimsjournal.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Organisations struggle to defend against ransomware - Help Net Security

• Ransomware statistics that reveal alarming rate of cyber extortion - Help Net Security

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Ransomware negotiator weighs in on the payment debate • The Register

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

• INC ransomware source code selling on hacking forums for $300,000 (bleepingcomputer.com)

• What is ransomware recovery? | Definition from TechTarget

• Ransomware Defence Strategies: Never Trust a Criminal (inforisktoday.com)

Ransomware Victims

• More than 470 legal actions against HSE over cyber attack (rte.ie)

• It's been a bad week for public cyber security | TechRadar

• Christie's Just Postponed the Rare Watches Auction Due to Cyber Attack (robbreport.com)

• Singing River Health System: Data of 895,000 stolen in ransomware attack (bleepingcomputer.com)

• Repeat Offenders: Black Basta’s Latest Healthcare Cyber Attack (informationweek.com)

• E-prescription provider MediSecure impacted by a ransomware attack (securityaffairs.com)

Phishing & Email Based Attacks

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Most Workers Have Clicked on a Suspicious Email Link (businessplus.ie)

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• Stay In The Loop On Emerging And Evolving Email Threat Trends (informationsecuritybuzz.com)

• Collaboration tools are now at the frontline in the battle against phishing (securitybrief.co.nz)

• 5 Common Phishing Vectors and Examples - 2024 (cybersecuritynews.com)

BEC

• Visualizing Global Losses from Financial Scams (visualcapitalist.com)

Other Social Engineering

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Low-tech tactics still top the IT security risk chart | CSO Online

• Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls (thehackernews.com)

• What is vishing and quishing, and how do you protect yourself? | PCWorld

• Beware of fake calls, ward off cyber criminals: Govt - The Statesman

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

Artificial Intelligence

• UK Government Unveils New AI Cyber Security Measures as ICO Details Importance of Data Protection | The Fintech Times

• UK agency releases tools to test AI model safety | TechCrunch

• Security industry struggles to consolidate against AI threats - SiliconANGLE

• Cyber Security Races to Unmask New Wave of AI Deepfakes (darkreading.com)

• Only one-third of firms deploy safeguards against generative AI threats, report finds | CIO Dive

• CISOs Reconsider Their Roles in Response to GenAI Integration - Security Boulevard

• AI's rapid growth puts pressure on CISOs to adapt to new security risks - Help Net Security

• Insider Risk in the Generative AI Era - InfoRiskToday

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Concern over AI cyber threats among UK infrastructure organisations | Security News (sourcesecurity.com)

• The Cyber Security Survival Guide For Generative AI (forbes.com)

2FA/MFA

• How to Prevent Attacks that Bypass MFA - InfoRiskToday

Malware

• Malware was almost 50% of threat detections in Q1 2024 | Security Magazine

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Man destroys his laptop after downloading 1,000 viruses to see which anti-virus software works the best (unilad.com)

Mobile

• Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials (thehackernews.com)

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com)

• Apple warns of increased iPhone security risks – Computerworld

• Apple and Google agree on standard to alert people when unknown Bluetooth devices may be tracking them | TechCrunch

• Protect against iPhone trojan GoldPickaxe: How-to - 9to5Mac

• Unwanted Tracking Alerts Rolling Out to iOS, Android - Security Week

• Apple blocked $7 billion in fraudulent App Store purchases in 4 years (bleepingcomputer.com)

• Android boosting security with Theft Detection Lock, factory reset protection  (9to5google.com)

• Data Privacy: All the Ways Your Cellphone Carrier Tracks You and How to Stop It

• Your Android phone could have stalkerware — here’s how to remove it | TechCrunch

Internet of Things – IoT

• Attack makes autonomous vehicle tech ignore road signs • The Register

• Millions of IoT Devices at Risk From Integrated Modem (darkreading.com)

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• IoT Vulnerabilities and BotNet Infections: A Risk for Executives - Security Boulevard

Data Breaches/Leaks

• Over 5.3 billion data records exposed in April 2024 | Computer Weekly

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Notorious threat actor IntelBroker claims the hack of the Europol (securityaffairs.com)

• Hacker claims another breach into Dell systems | SC Media (scmagazine.com)

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• Hacker claims to have stolen Dell customer data, twice. Here's how to protect yourself | ZDNET

• Santander Data Breach Impacts Customers, Employees - Security Week

• Employee data breaches up 41% - Personnel Today

• The legal sector's data breach conundrum: insights from ICO's latest report - Solicitors Journal

• JPMorgan Chase Suffers Data Breach Affecting Personal Information of 451,809 Customers - The Daily Hodl

• JPMorgan Fixes Security Flaw, Affects 450K Retirement Plans | Entrepreneur

• Europol confirms incident after data break-in claims • The Register

• Largest non-bank lender in Australia warns of a data breach (bleepingcomputer.com)

• Guernsey data breaches: More than 1,000 people affected - BBC News

• Up to 120,000 affected by data breach at City of Helsinki (helsinkitimes.fi)

• Billion-Dollar Bank Sued After Revealing Massive Data Breach Affecting Thousands of Customers, Exposing Account Details, Social Security Numbers and Medical Information: Report - The Daily Hodl

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

• Camden Council cyber attack warning after NRS Healthcare cyber attack | Ham & High (hamhigh.co.uk)

• Lessons learned from high-profile data breaches | TechTarget

• Zscaler Confirms Only Isolated Test Server Was Hacked - Security Week

• Nissan North America data breach impacts over 53,000 employees (bleepingcomputer.com)

Organised Crime & Criminal Actors

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• FBI working towards nabbing Scattered Spider hackers, official says | Reuters

• Low-tech tactics still top the IT security risk chart | CSO Online

• The Growing Cyber Threat Landscape: Insights into State-Sponsored and Criminal Cyber Activities | HackerNoon

• Top 5 Most Dangerous Cyber Threats in 2024 (darkreading.com)

• Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Insider Risk and Insider Threats

• Low-tech tactics still top the IT security risk chart | CSO Online

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Insider Risk in the Generative AI Era - InfoRiskToday

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• CISOs call to ditch the 'stigma of blame' in cyber security (computing.co.uk)

Insurance

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• NCSC guide to help businesses facing ransomware demands (biba.org.uk)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• Lloyd’s provides tighter guidance on cyber war wordings | Insurance Insider

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Are you meeting your cyber insurance requirements? - Help Net Security

Supply Chain and Third Parties

• Most Companies Affected by Software Supply Chain Attacks in the Last Year, Struggling to Detect and React Effectively - IT Security Guru

• Santander: a data breach at a third-party provider impacted customers and employees (securityaffairs.com)

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

Cloud/SaaS

• How to create a cloud security policy, step by step | TechTarget

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Secrecy Concerns Mount Over Spy Powers Targeting US Data Centres | WIRED

Encryption

• You want us to think of the children? Couldn't agree more • The Register

Linux and Open Source

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Establishing a security baseline for open source projects - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• The 10 most common 4-digit PIN numbers — are you at risk of a cyber attack? (nypost.com)

Social Media

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

Training, Education and Awareness

• The Future of Security Awareness - GovInfoSecurity

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

Regulations, Fines and Legislation

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

• Nigeria Halts Cyber Security Tax After Public Outrage (darkreading.com)

Models, Frameworks and Standards

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

Careers, Working in Cyber and Information Security

• The cyber security skills shortage: A CISO perspective | CSO Online

• Why cyber security staff burn out, and what to do about it (computing.co.uk)

Law Enforcement Action and Take Downs

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Lloyd’s updates cyber war wordings - Reinsurance News

• Civil society under increasing threats from ‘malicious’ state cyber actors, US (therecord.media)

Nation State Actors

China

• Cyber threat landscape permanently altered by Chinese operations, US officials say (therecord.media)

• GCHQ boss says China's 'genuine' cyber threat 'weakens security of internet for all' | Science & Tech News | Sky News

• Tracking the Progression of Earth Hundun's Cyber espionage Campaign in 2024 | Trend Micro (US)

• When Chinese Nationalist Hackers Go Rogue (globelynews.com)

• Can't blame all Chinese cyber attacks on the government - Asia Times

• How the West has struggled to keep up with China’s spy threat - BBC News

• Stifling Beijing in cyber space big focus for UK operatives • The Register

• China focuses on non-military ways to take Taiwan, reports warn - Washington Times

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• Chinese Crime Ring Uses Franchise Model to Grow Fake Online Shops (businessinsider.com)

• Three men charged with aiding Hong Kong intelligence service, says Met | UK news | The Guardian

Russia

• Russia is ramping up sabotage across Europe (economist.com)

• File Not Found: Russia Is Hacking Evidence of Its War Crimes - War on the Rocks

• NATO Draws a Cyber Red Line in Tensions With Russia - Security Week

• Pro-Russia hackers targeted Kosovo government websites (securityaffairs.com)

• Russian Actors Weaponize Legitimate Services in Multi-Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK 'increasingly concerned' about Russian intelligence links to hacktivists (therecord.media)

• To the Moon and back(doors): Lunar landing in diplomatic missions (welivesecurity.com)

• New backdoors on a European government's network appear to be Russian (therecord.media)

• 'Russian' hackers deface potentially hundreds of local British news sites (therecord.media)

• Investigation: How Russia's Warplanes Get Their 'Brain Power' From The West, Despite Sanctions

• The Three Seas Initiative: A Vanguard in Digitization and Cyber Security | Warsaw Institute

Iran

• Iran most likely to launch destructive cyber attack on US • The Register

North Korea

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

Vulnerability Management

• Not Just MOVEit: 2023 Was a Banner Year for Zero-Days (inforisktoday.com)

• (Cyber) Risk = Probability of Occurrence x Damage (thehackernews.com)

• Critical vulnerabilities take 4.5 months on average to remediate - Help Net Security

• The Fall of the National Vulnerability Database (darkreading.com)

• Backlogs at National Vulnerability Database prompt action from NIST and CISA | CSO Online

• UK Lags Europe on Exploited Vulnerability Remediation - Infosecurity Magazine (infosecurity-magazine.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped - Infosecurity Magazine (infosecurity-magazine.com)

• Heartbleed: When Is It Good to Name a Vulnerability? (darkreading.com)

Vulnerabilities

• Google Chrome emergency update fixes 6th zero-day exploited in 2024 (bleepingcomputer.com)

• Google patches third exploited Chrome zero-day in a week (bleepingcomputer.com)

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com) 

• Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days (thehackernews.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day (darkreading.com)

• New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (thehackernews.com)

• Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  - Security Week

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• CISA and FBI Issue Alert on Path Traversal Vulnerabilities - Security Boulevard

• VMware Patches Severe Security Flaws in Workstation and Fusion Products (thehackernews.com)

• Firefox 126: Telemetry, privacy feature, and security fixes - gHacks Tech News

• SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Security Week

• Adobe Patches Critical Flaws in Reader, Acrobat - Security Week

• Cisco Releases Security Updates for Multiple Products | CISA

• Microsoft shares temp fix for Outlook encrypted email reply issues (bleepingcomputer.com)

Tools and Controls

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• How To Implement Threat Modeling To Protect Your Business - Minutehack

• How to create a cloud security policy, step by step | TechTarget

• Hackers use DNS tunneling for network scanning, tracking victims (bleepingcomputer.com)

• AWS CISO: In AI gold rush, folks forget application security • The Register

• What Is Cyber Risk Quantification? | HackerNoon

• Best Practices for Preparing for a Cyber Breach | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Ridding your network of NTLM | CSO Online

• Maximizing cyber security ROI: A strategic approach | TechRadar

• What is ransomware recovery? | Definition from TechTarget

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• Addressing the Cyber Security Vendor Ecosystem Disconnect (darkreading.com)

• The Future of Security Awareness - GovInfoSecurity

• Microsoft Deploys Generative AI for US Spies | WIRED

• How to Think About Foundation Models for Cyber Security | Andreessen Horowitz (a16z.com)

Reports Published in the Last Week

• Learning from the mistakes of others – A retrospective review | ICO

• 2024 Browser Security Report (layerxsecurity.com)

• At-Bay's 2024 InsurSec Report [Download Now]

• Kaspersky’s Incident Response Analyst report 2023 (kasperskycontenthub.com)

Other News

• Microsoft president summoned to House over security blunders • The Register

• National Cyber Security Centre: Tech market not working - The Business Magazine

• Critical infrastructure security needs everyone's help • The Register

• Your Hospital Is Under Cyber Attack. Now What? (newsweek.com)

• BT, TalkTalk, Virgin Media and Vodafone on UK Router Security and Upgrades - ISPreview UK

• Hackers use DNS tunnelling for network scanning, tracking victims (bleepingcomputer.com)

• NCSC CTO: Broken market must be fixed to usher in new tech • The Register

• Public Sector IT is Broken: Turning the System Back On - IT Security Guru

• The Cyber Security Implications Of Gen Z’s Tech-Savvy Lifestyle (forbes.com)

• Fortify Your Digital Defences: Top Home Cyber Security Strategies for Personal Protection | HackerNoon

• Classes cancelled as 'sinister' school cyber attacks rise - BBC News

• Irony abounds as UK NCSC’s simple door codes revealed • The Register

• Candidates to get cyber security support amid general election interference fears (nation.cymru)

• NCSC launches Share and Defend capability | UKAuthority

• Too many ICS assets are exposed to the public internet - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

94% of Ransomware Victims Have Their Backups Targeted by Attackers

Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.

Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.

Source: [Tech Republic]

Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability

The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.

The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.

The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.

Sources: [The Banker] [IMF]

Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist

A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.

Source: [TechCrunch]

Your Annual Cyber Security Is Not Working, But There is a Solution

Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.

To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.

Source: [TechRadar]

73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert

A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.

Source: [Business Wire]

Russia and Ukraine Top Inaugural World Cyber Crime Index

The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.

Top ten Countries in full:

1.       Russia

2.       Ukraine

3.       China

4.       United States

5.       Nigeria

6.       Romania

7.       North Korea

8.       United Kingdom

9.       Brazil

10.   India

Source: [Infosecurity Magazine]

Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?

The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.

Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.

Sources: [ITPro] [The Guardian]

Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat

Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.

The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.

Sources: [Claims Journal] [Inc.com]

The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).

Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.

Source: [Infosecurity Magazine] [TechRadar]

Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts

Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.

Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.

Sources: [Ars Technica] [Data Breach Today]

Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss

93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.

Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.

Sources: [Infosecurity Magazine] [Help Net Security]

Charities Doing Worse than Private Sector in Staving off Cyber Attacks

Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.

Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.

Source: [TFN]

Governance, Risk and Compliance

• Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Security breaches are causing more damage than ever before | TechRadar

• 73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert | Business Wire

• Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)

• Where Are You on the Cyber Security Readiness Index? Cisco Thinks You’re Probably Overconfident | Network Computing

• Experts say shocking level of cyber security breaches revealed in new government report “are avoidable” | LawNews.co.uk

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• 51% of enterprises experienced a breach despite large security stacks - Help Net Security

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)

• Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• New LockBit Variant Exploits Self-Spreading Features - Infosecurity Magazine (infosecurity-magazine.com)

• Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate - Help Net Security

• FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)

• Infiltrating ransomware gangs on the dark web - CBS News

• What if we made ransomware payments illegal? | SC Media (scmagazine.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

• Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyber Attacks - IT Security Guru

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• A whole new generation of ransomware makers are attempting to shake up the market | TechRadar

• Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly

• Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)

Ransomware Victims

• Change Healthcare’s ransomware attack costs reach nearly $1B • The Register

• Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia  (securityaffairs.com)

• Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)

• Ransomware attack compromises UN agency data | SC Media (scmagazine.com)

• 840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)

• US think tank Heritage Foundation hit by cyber attack | TechCrunch

• Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Cyber Attack Takes Frontier Communications Offline (darkreading.com)

Phishing & Email Based Attacks

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Microsoft Most Impersonated Brand in Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)

Other Social Engineering

• Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)

Artificial Intelligence

• CISOs not changing priorities in response to AI threats (betanews.com)

• 92% of enterprises unprepared for AI security challenges - Help Net Security

• AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)

• Enterprise Endpoints Aren't Ready for AI (darkreading.com)

• Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

2FA/MFA

• Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

Malware

• LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)

• TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)

• A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack | TechRadar

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

• New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)

Mobile

• Government spyware is another reason to use an ad blocker | TechCrunch

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Enterprises face significant losses from mobile fraud - Help Net Security

• SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS attacks saw a huge surge in the first part of 2024, with one particular country badly hit | TechRadar

• 68% of Companies are More Vulnerable to DDoS Than They Think - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks are still growing and there are new threats on the horizon | ITPro

Internet of Things – IoT

• How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security

• CISA warns of critical vulnerability in Chirp smart locks • The Register

• New rules for security of connected products in the UK and EU - Lexology

Data Breaches/Leaks

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• Panama Papers: Money laundering trial of 27 defendants begins

• Over half a million Roku subscribers are the victims of the latest cyber security attack - PhoneArena

• Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)

• Wells Fargo Says It Has Suffered Data Breach, Blames Employee for Exposing Personal Information on Pair of Customers - The Daily Hodl

• 5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)

• Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)

Organised Crime & Criminal Actors

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

• Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)

• Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch

• Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)

Insider Risk and Insider Threats

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Underestimating the dangers within: mitigating the insider cyber threat | TechRadar

Insurance

• Cyber threats increase as insurance costs fall - report (emergingrisks.co.uk)

Cloud/SaaS

• Exposing the top cloud security threats - Help Net Security

• What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• The cloud is benefiting IT, but not business | InfoWorld

Identity and Access Management

• Identity in the Shadows: Shedding Light on Cyber Security's Unseen Threats (thehackernews.com)

Linux and Open Source

• Open source groups say more software projects may have been targeted for sabotage (yahoo.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Attackers are pummelling networks around the world with millions of login attempts | Ars Technica

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

• Threat actors look to stolen credentials | Computer Weekly

• Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)

• Bad Bots Drive 10% Annual Surge in Account Takeover Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)

Social Media

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• EU tells Meta it can't paywall privacy • The Register

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Malvertising

• Government spyware is another reason to use an ad blocker | TechCrunch

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Training, Education and Awareness

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Cyber security training: How to make it more motivating (hrexecutive.com)

Regulations, Fines and Legislation

• US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online

• New rules for security of connected products in the UK and EU - Lexology

• Congress votes to kick Uncle Sam’s data broker habit • The Register

• Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica

Models, Frameworks and Standards

• Rebalancing NIST: Why 'Recovery' Can't Stand Alone (darkreading.com)

Backup and Recovery

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

Data Protection

• 5 Common Data Protection Challenges That Businesses Face (techtarget.com)

Careers, Working in Cyber and Information Security

• IT and security professionals demand more workplace flexibility - Help Net Security

• National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)

• Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)

Law Enforcement Action and Take Downs

• UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost - Infosecurity Magazine (infosecurity-magazine.com)

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Preparing for Cyber Warfare: 6 Key Lessons From Ukraine (darkreading.com)

• State-sponsored cyber attacks: The new frontier | ITPro

China

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Risks are higher than ever for US- China cyber war | Responsible Statecraft

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• Singapore infosec boss: splinternet hinders interoperability • The Register

• FBI says Chinese hackers preparing to attack US infrastructure | Reuters

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

Russia

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Microsoft breach allowed Russia to steal Feds' emails • The Register

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch

• Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes

• Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget

• Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register

• Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Singapore infosec boss: splinternet hinders interoperability • The Register

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

Iran

• Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)

• Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)

• Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)

• Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)

North Korea

• DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse (darkreading.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• “There are no borders in cyber space. We have to fight global terrorism together.” | Ctech (calcalistech.com)

• Furry Hackers Target Far-Right Outlet 'Real America's Voice' (dailydot.com)

• Government spyware is another reason to use an ad blocker | TechCrunch

Vulnerability Management

• Cyber Security Pros Urge US Congress to Help NIST Restore NVD Operation - Infosecurity Magazine (infosecurity-magazine.com)

• How to conduct security patch validation and verification | TechTarget

• Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack

• The importance of the Vulnerability Operations Centre for cyber security | TechRadar

Vulnerabilities

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• “Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica

• Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)

• PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)

• Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA

• Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)

• Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)

• Juniper Networks Publishes Dozens of New Security Advisories - Security Week

• Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)

• Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)

• Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard

Tools and Controls

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• 6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Monitoring: What's the Value? (bleepingcomputer.com)

• 5 Steps Toward Military-Grade API Security - The New Stack

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• Cyber security training: How to make it more motivating (hrexecutive.com)

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• AI set to enhance cyber security roles, not replace them - Help Net Security

• Why You Still Shouldn't Trust Zero Trust (forbes.com)

• Stateful vs. stateless firewalls: Understanding the differences | TechTarget

Reports Published in the Last Week

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

Other News

• Why home cyber security is important (xda-developers.com)

• Microsoft remains in the US government's good graces despite its high susceptibility to attacks | Windows Central

• Charities doing worse than private sector in staving off cyber attacks - TFN

• Private companies operating critical infrastructure are not taking cyber security threats seriously enough. | USAPP (lse.ac.uk)

• The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)

• Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg

• The invisible seafaring industry that keeps the internet afloat (theverge.com)

• Do we have a plan on how to deal with subsea cables sabotage? | Euronews

• Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week

• Trust in Cyber Takes a Knock as CNI Budgets Flatline - Infosecurity Magazine (infosecurity-magazine.com)

• University chiefs to get security service Cobra briefing on hostile states | The Argus

• SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week

• Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves

The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.

Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.

https://www.darkreading.com/attacks-breaches/cyberattacks-are-a-war-we-ll-never-win-but-we-can-defend-ourselves

• Helping Boards Understand Cyber Risks

A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.

It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.

Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.

https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/

• Enterprise Risk Management Should Inform Cyber Risk Strategies

While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.

Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.

https://www.techtarget.com/searchsecurity/tip/Enterprise-risk-management-should-inform-cyber-risk-strategies

• Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention

Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.

This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.

The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/cl0p-hackers-hit-three-of-the-biggest-u-s-law-firms-in-large-ransomware-attack/

https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/

• 20% of Malware Attacks Bypass Antivirus Protection

In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.

The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).

Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.

https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/

• Ransomware Payments and Extortion Spiked Compared to 2022

A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.

It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.

https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/

https://www.bleepingcomputer.com/news/security/ransomware-payments-on-record-breaking-trajectory-for-2023/

• AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers

Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.

The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.

https://www.zdnet.com/article/ai-trust-and-data-security-are-key-issues-for-finance-firms-and-their-customers/

• Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available

Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.

https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/

• Scam Page Volumes Surge 304% Annually

Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.

It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.

https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/

• Financial Industry Faces Soaring Ransomware Threat

The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.

https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/

• The Need for Risk-Based Vulnerability Management to Combat Threats

Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.

By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.

https://www.bleepingcomputer.com/news/security/the-need-for-risk-based-vulnerability-management-to-combat-threats/

• Government Agencies Breached in Microsoft 365 Email Attacks

Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.

Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.

https://www.techtarget.com/searchsecurity/news/366544735/Microsoft-Government-agencies-breached-in-email-attacks

• Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China

Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.

https://www.standard.co.uk/news/politics/britain-risk-china-intelligence-security-committee-report-government-b1094118.html

• Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years

Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.

https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/

Governance, Risk and Compliance

• CISO perspective on why boards don't fully grasp cyber attack risks - Help Net Security

• Top Takeaways From Table Talks With Fortune 100 CISOs (darkreading.com)

• AI, trust, and data security are key issues for finance firms and their customers | ZDNET

• Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies - SecurityWeek

• Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves (darkreading.com)

• Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)

• Enterprise risk management should inform cyber-risk strategies | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Clop: Behind MOVEit Lies a Loud, Adaptable and Persistent Threat Group - Infosecurity Magazine (infosecurity-magazine.com)

• Cl0p Hackers Hit Three of the Biggest US Law Firms in Large Ransomware Attack - MSSP Alert

• UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach | TechCrunch

• Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day | SC Media (scmagazine.com)

• Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch

• Cyber Extortion Cases Surge 39% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Financial Industry Faces Soaring Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware payments on record-breaking trajectory for 2023 (bleepingcomputer.com)

• Beware of Big Head Ransomware: Spreading Through Fake Windows Updates (thehackernews.com)

• Deutsche Bank confirms provider breach exposed customer data (bleepingcomputer.com)

• BigHead and RedEnergy ransomware, more MOVEIt problems (cisoseries.com)

• Staying ahead of the "professionals": The service-oriented ransomware crime industry - Help Net Security

• Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs

• Same code, different ransomware? Leaks kick-start myriad of new variants - Help Net Security

• Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley

• Ransomware, From a Different Perspective (darkreading.com)

• BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days (thehackernews.com)

Ransomware Victims

• Capita admits hackers also stole staff’s personal details (thetimes.co.uk)

• Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch

• Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)

• Barts NHS hack leaves folks on tenterhooks over extortion • The Register

• Deutsche Bank customer data leaked | Cybernews

• Scottish university cyber attack under investigation | The National

Phishing & Email Based Attacks

• New Phishing Attack Spoofs Microsoft 365 Authentication System (hackread.com)

• Number of email-based phishing attacks surges 464% - Help Net Security

• Chinese hackers compromised emails of US Government agencies- -Security Affairs

• Microsoft: Government agencies breached in email attacks | TechTarget

• RomCom hackers target NATO Summit attendees in phishing attacks (bleepingcomputer.com)Facebook and Microsoft remain prime targets for spoofing - Help Net Security

• Top 10 Email Security Best Practices in 2023 (gbhackers.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)

• Evil QR - A new QR Jacking Attack to Take Over User Accounts (cybersecuritynews.com)

• How hackers are now targeting your voice and how to protect yourself | Fox News

Artificial Intelligence

• How the EU AI Act Will Affect Businesses, Cyber Security (darkreading.com)

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)

• NIST Launches Generative AI Working Group (darkreading.com)

• ChatGPT and Cyber Security : 5 Cyber Security Risks of ChatGPT (gbhackers.com)

• WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)

• How to Safely Architect AI in Your Cyber Security Programs (darkreading.com)

• ‘Police are going to have a very difficult time with AI,’ says cyber security advisor – Channel 4 News

• ChatGPT users drop for the first time as people turn to uncensored chatbots | Ars Technica

• Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop

• Civil society, labor and rights groups express concerns about AI at White House meeting | CyberScoop

2FA/MFA

• Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)

Malware

• 20% of malware attacks bypass antivirus protection - Help Net Security

• Malware delivery to Microsoft Teams users made easy - Help Net Security

• WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)

• Truebot Malware Variants Abound, According to CISA Advisory (darkreading.com)

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)

• USB drive malware attacks spiking again in first half of 2023 (bleepingcomputer.com)

• Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)

• What’s up with Emotet? | WeLiveSecurity

• Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign (darkreading.com)

• Over 100 malicious signed Windows drivers blocked by Microsoft - NotebookCheck.net News

• New 'ShadowVault' macOS malware steals passwords, crypto, credit card data | Macworld

• BlackLotus UEFI Bootkit Source Code Leaked on GitHub - SecurityWeek

• PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)

• AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)

• Serious Security: Rowhammer returns to gaslight your computer – Naked Security (sophos.com)

• Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)

Mobile

• Crooks Evolve Antidetect Tooling for Mobile OS-Based Fraud-Security Affairs

• The FCC aims to stop SIM swappers with new rules - The Verge

• Google Play will enforce business checks to curb malware submissions (bleepingcomputer.com)

• Clever Letscall vishing malware targets Android phones | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Industry responses and strategies for navigating the tides of DDoS attacks - Help Net Security

• Archive Of Our Own Down: AO3 DDoS Attack Explained - Dataconomy

Internet of Things – IoT

• Compliance seizes spotlight in the connected devices arena - Help Net Security

Data Breaches/Leaks

• So you gave personal info to a company caught in a data breach. Now what? | CBC News

• HCA confirms breach after hacker steals data of 11 million patients (bleepingcomputer.com)

• US on Track For Record Number of Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter User Exposes Nickelodeon Data Leak - Infosecurity Magazine (infosecurity-magazine.com)

• Capita attackers reportedly stole data from pension fund • The Register

• IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak - CNA (channelnewsasia.com)

• Twenty Manx public authorities reprimanded for data breach - BBC News

• Bangladesh government website leaked data of millions of citizens-Security Affairs

Organised Crime & Criminal Actors

• British teens accused of hacks against Uber and Rockstar Games's Grand Theft Auto 6 (bitdefender.com)

• Staying ahead of the "professionals": The service-oriented ransomware crime industry - Help Net Security

• BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop

• Crimeware Group Asylum Ambuscade Ventures Into Cyber-Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• What’s up with Emotet? | WeLiveSecurity

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers have stolen $3 billion in crypto - Panda Security

• Cyber security professional accused of stealing $9M in crypto | TechCrunch

• Central Bankers Develop Framework For Securing Digital Currencies - Infosecurity Magazine (infosecurity-magazine.com)

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)

Insider Risk and Insider Threats

• How To Protect Your Business From The Security Risks Freelancers Pose (forbes.com)

• Former employee charged for attacking water treatment plant (bleepingcomputer.com)

• Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley

Fraud, Scams & Financial Crime

• E-commerce Fraud Surges By Over 50% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Amazon Prime Day Draws Out Cyber Scammers (darkreading.com)

• Scam Page Volumes Surge 304% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Fewer Than 100 Scammers Responsible For Global Email Extortion - Infosecurity Magazine (infosecurity-magazine.com)

• The FCC aims to stop SIM swappers with new rules - The Verge

• Hackers have stolen $3 billion in crypto - Panda Security

Insurance

• Zurich Unwraps New Cyber Insurance for Mid-Market Companies - MSSP Alert

• Rethinking Cyber Insurance | Mimecast

Dark Web

• Understanding Dark Web vs. Deep Web (geekflare.com)

• BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop

Supply Chain and Third Parties

• Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)

• Capita attackers reportedly stole data from pension fund • The Register

• MOVEit: Testing the Limits of Supply Chain Security - SecurityWeek

• IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak - CNA (channelnewsasia.com)

Cloud/SaaS

• Only 45% of cloud data is currently encrypted - Help Net Security

• Microsoft alleges China behind attack on Exchange Online • The Register

• For stronger public cloud data security, use defence in depth | TechTarget

• Silentbob Campaign: Cloud-Native Environments Under Attack (thehackernews.com)

• Global Retailers Must Keep an Eye on Their SaaS Stack (thehackernews.com)

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)

• Decentralized storage emerging as solution to cloud-based attacks | Cybernews

Hybrid/Remote Working

• Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)

Attack Surface Management

• Attack Surface Management: Identify and protect the unknown - Help Net Security

Identity and Access Management

• Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)

• less than half of SMBs use Privileged Access Management- IT Security Guru

Encryption

• Only 45% of cloud data is currently encrypted - Help Net Security

API

• Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)

• API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek

Open Source

• Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)

• The EU’s Product Liability Directive could kill open source | TechRadar

• Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)

• AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Popular WordPress Security Plugin Caught Logging Plaintext Passwords - SecurityWeek

Social Media

• Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek

• Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? (darkreading.com)

Travel

• Cyber security best practices while working in the summer - Help Net Security

Regulations, Fines and Legislation

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US - SecurityWeek

• How the EU AI Act Will Affect Businesses, Cyber security (darkreading.com)

• A Cyber Security Wish List Ahead of NATO Summit - SecurityWeek

• Central Bankers Develop Framework For Securing Digital Currencies - Infosecurity Magazine (infosecurity-magazine.com)

• The EU’s Product Liability Directive could kill open source | TechRadar

• Microsoft and AWS caution Ofcom against referring UK cloud market over to CMA | Computer Weekly

Models, Frameworks and Standards

• NIST Launches Generative AI Working Group (darkreading.com)

• How to map security gaps to the Mitre ATT&CK framework | TechTarget

• Get started: Threat modeling with the Mitre ATT&CK framework | TechTarget

Data Protection

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US - SecurityWeek

• Twenty Manx public authorities reprimanded for data breach - BBC News

Careers, Working in Cyber and Information Security

• Global Hacking Competition Addresses Critical Increase in Cybersecurity Threats for Businesses (darkreading.com)

• Free entry-level cyber security training and certification exam - Help Net Security

Law Enforcement Action and Take Downs

• Former employee charged for attacking water treatment plant (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• France 's government is giving the police more surveillance power-Security Affairs

Misinformation, Disinformation and Propaganda

• Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog

• NATO Countries Must Work Together to Counter the Russian Cyber-Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-based actor exploited unpatched Office zero day | TechTarget

• SolarWinds Attackers Dangle BMWs to Spy on Diplomats (darkreading.com)

• Russian state hackers lure Western diplomats with BMW car ads (bleepingcomputer.com)

• Killnet Tries Building Russian Hacktivist Clout With Media Stunts (darkreading.com)

• Mandiant Unveils Russian GRU’s Cyber Playbook Against Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs

• APT Profile: FIN7 - SOCRadar® Cyber Intelligence Inc.

• Killer ‘tracked Russian sub commander using Strava jogging app’ (thetimes.co.uk)

• Inside the murky world accelerating Russia’s economic meltdown (telegraph.co.uk)

• Cyber attacks Against Ukrainians Adjoin NATO Summit in Lithuania - MSSP Alert

• Russian Hackers Find Sneaky Way to Infiltrate Embassy Networks in Kyiv (kyivpost.com)

• PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)

China

• China 'aggressively' targeting UK – but government has 'no strategy' to tackle it, Intelligence and Security Committee of MPs says | Politics News | Sky News

• Chinese hackers compromised emails of US Government agencies-Security Affairs

• UK has ‘no strategy’ to tackle China threat as spies target Britain, report warns | The Independent

• Cabinet tensions emerge over labelling China a threat to UK national security (inews.co.uk)

Iran

• Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)

North Korea

• North Korean hackers have stolen $3 billion in crypto - Panda Security

Vulnerability Management

• CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security

• The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)

• Creating a Patch Management Playbook: 6 Key Questions (darkreading.com)

• Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)

Vulnerabilities

• MOVEit Transfer customers warned to patch new critical flaw (bleepingcomputer.com)

• After Zero-Day Attacks, MOVEit Turns to Security Service Packs - SecurityWeek

• Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack (thehackernews.com)

• Microsoft Warns of Office Zero-Day Attacks, No Patch Available - SecurityWeek

• Juniper Networks Patches High-Severity Vulnerabilities in Junos OS - SecurityWeek

• Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)

• SonicWall warns admins to patch critical auth bypass bugs immediately (bleepingcomputer.com)

• Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (bleepingcomputer.com)

• Russia-based actor exploited unpatched Office zero day | TechTarget

• Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari (thehackernews.com)

• Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems (thehackernews.com)

• Raising concerns over Google Authenticator’s new features | TechRadar

• Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)

• VMware warns of exploit available for critical vRealize RCE bug (bleepingcomputer.com)

• Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion - SecurityWeek

• Zimbra urges customers to manually fix actively exploited zero-day-Security Affairs

• Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek

• New StackRot Linux kernel flaw allows privilege escalation (bleepingcomputer.com)

• Exploit Code Published for Remote Root Flaw in VMware Logging Software - SecurityWeek

• API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek

• Experts released PoC exploit for Ubiquiti EdgeRouter flaw-Security Affairs

• Critical RCE found in popular Ghostscript open-source PDF library (bleepingcomputer.com)

• Citrix fixed a critical flaw in Secure Access Client for Ubuntu-Security Affairs

OT/ICS Vulnerabilities

• Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organisations - SecurityWeek

• Critical RCE Vulnerability in Rockwell Automation PLCs Zaps ICS (darkreading.com)

• 3 Critical RCE Bugs Threaten Industrial Solar Panels (darkreading.com)

Tools and Controls

• The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)

• less than half of SMBs use Privileged Access Management- IT Security Guru

• Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)

• Enterprise risk management should inform cyber-risk strategies | TechTarget

• Infrastructure upgrades alone won't guarantee strong security - Help Net Security

• Cyber Security Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions (darkreading.com)

• What is a Network Intrusion Protection System (NIPS)? | Definition from TechTarget

• Overcoming user resistance to passwordless authentication - Help Net Security

• Understanding The Difference Between DDR and EDR - GBHackers - Latest Cyber Security News | Hacker News

• Zero Trust Keeps Digital Attacks From Entering the Real World (darkreading.com)

• New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security (thehackernews.com)

• 3 Strategies For Simplifying And Strengthening Your Data Security (forbes.com)

• The history, evolution and current state of SIEM | TechTarget

• Attack Surface Management: Identify and protect the unknown - Help Net Security

• How to Put Generative AI to Work in Your Security Operations Center (darkreading.com)

• Guide to Operationalizing Zero Trust (trendmicro.com)

• Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)

• Platform Approach to Cyber Security: The New Paradigm (trendmicro.com)

• Intrusion Detection & Prevention Systems Guide (trendmicro.com)

• Decentralized storage emerging as solution to cloud-based attacks | Cybernews

• Wi-Fi AP placement best practices and security policies | TechTarget

• For stronger public cloud data security, use defence in depth | TechTarget

Other News

• Growing reliance on satellites requires new approach to cyber security in space, expert says | CyberScoop

• White House Urged to Quickly Nominate National Cyber Director (darkreading.com)

• The rise of cyber threats in a digital dystopia | Mint #AskBetterQuestions (livemint.com)

• Building the right collective defence against cyber attacks for critical infrastructure | CyberScoop

• Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security

• White House publishes National Cyber Security Strategy Implementation Plan - Help Net Security

• Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy

Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).

Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.

https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/

• Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim

Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.

The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.

Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.

https://www.itweb.co.za/content/mYZRX79g8gRqOgA8

• SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups

Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.

Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.

SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.

https://www.csoonline.com/article/3697648/smbs-and-regional-msps-are-increasingly-targeted-by-state-sponsored-apt-groups.html#tk.rss_news

• IT Employee Piggybacked on Cyber Attack for Personal Gain

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.

The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.

“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.

While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.

https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/

• Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More

Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.

Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.

https://www.techradar.com/news/ransomware-threats-are-growing-and-targeting-microsoft-devices-more-and-more

• Microsoft Reports Jump in Business Email Compromise (BEC) Activity

Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.

Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.

Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.

https://www.csoonline.com/article/3697152/microsoft-reports-jump-in-business-email-compromise-activity.html#tk.rss_news

• Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions

The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.

Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.

Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.

https://venturebeat.com/security/forrester-predicts-2023-top-cybersecurity-threats-generative-ai-geopolitical-tensions/

• Advanced Phishing Attacks Surge 356% in 2022

A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.

The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.

Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.

https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security

Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.

To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.

https://www.securityweek.com/todays-cyber-defense-challenges-complexity-and-a-false-sense-of-security/

• Almost All Ransomware Attacks Target Backups

Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.

According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.

Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.

With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.

https://www.computerweekly.com/news/366538492/Almost-all-ransomware-attacks-target-backups-says-Veeam

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.

The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.

https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/

• Half of All Companies were Impacted by Spearphishing in 2022

Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.

The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.

The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.

https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.

There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.

https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool

Governance, Risk and Compliance

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• The Rising Threat of Secrets Sprawl and the Need for Action (thehackernews.com)

• Mass resignations, layoffs seen as major threat to corporate cyber security - The Korea Times

• Improving Cyber security Requires Building Better Public-Private Cooperation (darkreading.com)

• Cyber Defence: Council conclusions stress the importance of further strengthening the EU resilience to face cyber threats - Consilium (europa.eu)

• 5 Cyber security Woes That Threaten Digital Growth (analyticsinsight.net)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• What Security Professionals Need to Know About Aggregate Cyber Risk (darkreading.com)

• Where to Focus Your Company’s Limited Cyber security Budget (hbr.org)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (darkreading.com)

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security - SecurityWeek

• The biggest threats are always those we fail to predict - Big Think

• How continuous security monitoring is changing the compliance game - Help Net Security

• Forrester predicts 2023's top cyber security threats: From generative AI to geopolitical tensions | VentureBeat

• 50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy - Infosecurity Magazine (infosecurity-magazine.com)

• Defining CISOs, CTOs, and CIOs' Roles in Cyber security (analyticsinsight.net)

Threats

Ransomware, Extortion and Destructive Attacks

• 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns (darkreading.com)

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Backup Repositories Targeted in 93% of Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware threats are growing, and targeting Microsoft devices more and more | TechRadar

• Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (bleepingcomputer.com)

• FIN7 gang returned and was spotted delivering Clop ransomware - Security Affairs

• Fortinet survey finds 78% of organisations felt prepared for ransomware attacks, yet half still fell victim | ITWeb

• Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking (darkreading.com)

• Cyble — New Ransomware Wave Engulfs over 200 Corporate Victims

• Updated 'StopRansomware Guide' warns of shifting tactics | TechTarget

• The Week in Ransomware - May 19th 2023 - A Shifting Landscape (bleepingcomputer.com)

• US saw 45% fewer ransomware victims posted on the dark web | Security Magazine

• BlackCat ransomware takes control of protected computers via new kernel driver | SC Media (scmagazine.com)

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• Ransomware tales: The MitM attack that really had a Man in the Middle – Naked Security (sophos.com)

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (thehackernews.com)

• Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (thehackernews.com)

Ransomware Victims

• Food Distributor Sysco Says Cyber Attack Exposed 126,000 Individuals - SecurityWeek

• Suzuki motorcycle plant shut down by cyber attack (bitdefender.com)

• February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million - Security Affairs

• Iowa hospital discloses breach following Royal ransomware leak | TechTarget

• Arms maker Rheinmetall confirms BlackBasta ransomware attack (bleepingcomputer.com)

• Mazars Group allegedly breached by BlackCat | Cybernews

• Dish Network says February ransomware attack impacted +300K - Security Affairs

• Philly Inquirer disputes Cuba ransomware gang's leak claims • The Register

• Dorchester school IT system held to ransom in cyber attack - BBC News

• BlackByte lists city of Augusta after cyber 'incident' • The Register

Phishing & Email Based Attacks

• Advanced Phishing Attacks Surge 356% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of companies had spearphishing puncture wounds in 2022 (techrepublic.com)

• Microsoft 365 phishing attacks use encrypted RPMSG messages (bleepingcomputer.com)

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• Threat actors exploit new channels for advanced phishing attacks - Help Net Security

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Phishing campaign targets ChatGPT users - Help Net Security

BEC – Business Email Compromise

• Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog

• Microsoft reports jump in business email compromise activity | CSO Online

• Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool (darkreading.com)

Artificial Intelligence

• Employees are banned from using ChatGPT at these companies | Fortune

• When the tech boys start asking for new regulations, you know something’s up | John Naughton | The Guardian

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• 6 ChatGPT risks for legal and compliance leaders - Help Net Security

• 5 Ways Hackers Will Use ChatGPT For Cyber attacks (informationsecuritybuzz.com)

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

• How to avoid shadow AI in your SOC - Help Net Security

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing campaign targets ChatGPT users - Help Net Security

• The Security Hole at the Heart of ChatGPT and Bing | WIRED UK

2FA/MFA

• Cyber criminals masquerading as MFA vendors - Help Net Security

Malware

• New PowerExchange malware backdoors Microsoft Exchange servers (bleepingcomputer.com)

• Hackers Use Weaponised DOCX File to Deploy Stealthy Malware (gbhackers.com)

• Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware (thehackernews.com)

• Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware (thehackernews.com)

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Threat actors leverage kernel drivers in new attacks | TechTarget

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

• Legion Malware Upgraded to Target SSH Servers and AWS Credentials (thehackernews.com)

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Google Unveils Bug Bounty Program For Android Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Botnets

• How smart bots are infecting and exploiting the internet - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Denial of Service/DoS/DDOS

• Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry (thehackernews.com)

Internet of Things – IoT

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• How Connected Car Cyber Risk will Evolve (trendmicro.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

Data Breaches/Leaks

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• Luxottica confirms 2021 data breach after info of 70M leaks online (bleepingcomputer.com)

• Hackers steal the SSN of nearly 6 million people (pandasecurity.com)

• Food Distributor Sysco Says Cyber attack Exposed 126,000 Individuals - SecurityWeek

Organised Crime & Criminal Actors

• Inside the Mind of a Cyber Attacker | Tactics, Techniques, and Procedures (TTPs) Every Security Practitioner Should Know

• IT employee piggybacked on cyber attack for personal gain - Help Net Security

• Child hackers: How are kids becoming sophisticated cyber criminals? | Euronews

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• Cyber criminals masquerading as MFA vendors - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

Insider Risk and Insider Threats

• How to prevent against the 5 main types of insider threats - IT Security Guru

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Get-rich-quick schemes, pyramids and ponzis: five signs you're being scammed (theconversation.com)

• Uncle Sam tries to wrangle 'money mules' • The Register

• Scammers Using ChatGPT "Fleeceware" Apps to Cash In on AI Hype, Sophos Report - MSSP Alert

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Ads for lucrative jobs in Asia may be tech slavery scams • The Register

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Banking, tech and telecoms groups combine to gather intelligence on scammers | Financial Times (ft.com)

Supply Chain and Third Parties

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• New Cyber Security Training Packages Launched to Manage Supply Chain Risk - NCSC

Software Supply Chain

• GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains (thehackernews.com)

Cloud/SaaS

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• Google Cloud Bug Allows Server Takeover From CloudSQL Service (darkreading.com)

Attack Surface Management

• The Need to Isolate Branch Offices in High-Risk Countries (darkreading.com)

Identity and Access Management

• 7 access management challenges during M&A - Help Net Security

• Think security first when switching from traditional Active Directory to Azure AD | CSO Online

Encryption

• Quantum attack would trigger Great Depression, think tank warns | SC Media (scmagazine.com)

API

• API bug in OAuth dev tool opened websites, apps to account hijacking | SC Media (scmagazine.com)

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• What is API Security? | Definition from TechTarget

• The fragmented nature of API security ownership - Help Net Security

Open Source

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Inactive accounts pose significant account takeover security risks | CSO Online

• What’s a Double-Blind Password Strategy and When Should It Be Used (bleepingcomputer.com)

• Netflix's Password-Sharing Ban Offers Security Upsides (darkreading.com)

Biometrics

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

Social Media

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Pentagon explosion hoax goes viral after verified Twitter accounts push (bleepingcomputer.com)

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

Training, Education and Awareness

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Realistic simulations are transforming cyber security training - Help Net Security

Travel

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Four ways your devices can be hacked in hotels and how to stay safe | This is Money

• Tips to Protect Against Holiday and Airline Scams - IT Security Guru

Parental Controls and Child Safety

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Regulations, Fines and Legislation

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

Models, Frameworks and Standards

• NIST Launches Cyber security Initiative for Small Businesses (securityintelligence.com)

• New security model launched to eliminate 95% of cyber breaches - IT Security Guru

Backup and Recovery

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

Data Protection

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How to become a bug bounty hunter: Getting started | TechTarget

Law Enforcement Action and Take Downs

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

Privacy, Surveillance and Mass Monitoring

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• UK police to 'embed' facial recog but oversight is at risk • The Register

• Abuse of government spying powers: What's to worry about? • The Register

• Reflections on Ten Years Past The Snowden Revelations (ietf.org)

Misinformation, Disinformation and Propaganda

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Opinion: Cyber war and (no) peace (insuranceinsider.com)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• Russia's War in Ukraine Shows Cyber attacks Can Be War Crimes (darkreading.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (thehackernews.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (thehackernews.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• What’s Russia Planning? (informationsecuritybuzz.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• What’s Russia Planning? (informationsecuritybuzz.com)

• United Nations official and others in Armenia hacked by NSO Group spyware | Hacking | The Guardian

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Nation State Actors

• APT attacks: Exploring Advanced Persistent Threats and their evasive techniques (malwarebytes.com)

• SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups | CSO Online

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• GoldenJackal: Threat Risk For Organisations In Middle East & South Asia (informationsecuritybuzz.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware (thehackernews.com)

• Fata Morgana Watering Hole Attack Targets Shipping, Logistics Firms - Infosecurity Magazine (infosecurity-magazine.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• Five Eyes and Microsoft accuse China US infrastructure raids • The Register

• Iranian hackers use new Moneybird ransomware to attack Israeli orgs (bleepingcomputer.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• GCHQ warns of fresh threat from Chinese state-sponsored hackers | Hacking | The Guardian

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Five Eyes agencies detail how Chinese hackers breached US infrastructure - Help Net Security

• Lazarus Group Striking Vulnerable Windows IIS Web Servers (darkreading.com)

• 'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns (darkreading.com)

Vulnerability Management

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Fresh perspectives needed to manage growing vulnerabilities - Help Net Security

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• How to check for new exploits in real time? VulnCheck has an answer | CSO Online

Vulnerabilities

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Vulnerability in WordPress Google Analytics Plugin Hits +3 Million Websites (searchenginejournal.com)

• Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)

• Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws (informationsecuritybuzz.com)

• Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)

• Microsoft: Windows issue causes file copying, saving failures (bleepingcomputer.com)

• GitLab 'strongly recommends' patching max severity flaw ASAP (bleepingcomputer.com)

• 83C0000B: The error code that means a software update bricked your HP printer (bitdefender.com)

• CISA adds iPhone bugs to Known Exploited Vulnerabilities catalog - Security Affairs

• Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security

• Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Tools and Controls

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Making The Most Of A Penetration Test: The Organisational Perspective (forbes.com)

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• CMOs & CISOs: Uniting for Stronger Brands (cmswire.com)

• Investigating Risks Through Threat Hunting Capability Guide (informationsecuritybuzz.com)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• How continuous security monitoring is changing the compliance game - Help Net Security

• Blacklist untrustworthy apps that peek behind your firewall - Help Net Security

• How generative AI is reshaping the identity verification landscape - Help Net Security

• What is API Security? | Definition from TechTarget

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• The fragmented nature of API security ownership - Help Net Security

• Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans (darkreading.com)

• Cutting Through the Noise: What is Zero Trust Security? - SecurityWeek

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• 6 ways generative AI chatbots and LLMs can enhance cyber security | CSO Online

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Attributes of a mature cyber-threat intelligence program | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Navigating the Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation are Key

Cyber investments have become table stakes for businesses around the world. Cyber crime is increasing, with 91% of organisations reporting at least one cyber incident in the past year. Not only are they growing in numbers, but they are becoming more sophisticated and diverse, with new threats constantly emerging. According to the 2023 Deloitte Global Future of Cyber survey, business leaders are changing how they think of cyber, and it’s emerging as a larger strategic discussion tied to an organisation’s long-term success.

Cyber is about more than protecting information—risk management, incident response planning, threat intelligence and training can often be directly correlated to increasing trust within businesses.

Cyber security training is essential for employees to ensure the safety and security of a business. Employees are often the first line of defence against cyber-attacks and frequently the weakest link in an organisation's security posture. Cyber security training can help employees recognise and avoid common cyber threats, such as phishing attacks, malware, and social engineering. 89% of organisations cited as high-performing cyber organisations have implemented annual cyber awareness training among all employees. With increased digital dependency year over year—effective employee training can raise awareness, reduce risk, improve security posture, and support compliance.

https://www.forbes.com/sites/deloitte/2023/04/20/navigating-the-future-of-cyber-business-strategy-cybersecurity-training-and-digital-transformation-are-key/?sh=1ab15c2c29c1

• Shadow IT, SaaS Pose Security Liability for Enterprises

There's no denying that software-as-a-service (SaaS) has entered its golden age. Software tools have now become essential to modern business operations and continuity. However, not enough organisations have implemented the proper procurement processes to ensure they're protecting themselves from potential data breaches and reputational harm.

A critical component contributing to concerns around SaaS management is the rising trend of shadow IT, which is when employees download and use software tools without notifying their internal IT teams. A recent study shows that 77% of IT professionals believe that shadow IT is becoming a major concern in 2023, with more than 65% saying their SaaS tools aren't being approved. Organisations are beginning to struggle with maintaining security as their SaaS usage continues to sprawl.

To combat shadow IT and the high risks that come along with it, organisations must gain greater visibility over their SaaS stacks and institute an effective procurement process when bringing on new software solutions.

https://www.darkreading.com/edge-articles/shadow-it-saas-pose-security-liability-for-enterprises

• The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection

While indicators of compromise and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence needs have grown over the past few years, driven by things like digital transformation, cloud computing and remote working. In fact, these changes have led to a cyber threat intelligence (CTI) subcategory focused on digital risk protection (DRP). DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets”.

According to research provider ESG, the most important functions of DRP as part of a mature CTI programme are: vulnerability exploit intelligence, takedown services, leaked data monitoring, malicious mobile application monitoring, brand protection and attack surface management. It should be noted that a mature CTI programme can utilise service providers to help carry out threat intelligence, it doesn’t have to be spun up by the organisation from nothing. Regardless, an organisation employing these DRP functions as part of a CTI programme will be increasing its cyber resilience and reducing the chance of a cyber incident.

https://www.csoonline.com/article/3693754/the-strong-link-between-cyber-threat-intelligence-and-digital-risk-protection.html

• Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks

Threat actors are getting more adept at exploiting common everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments according to a recent report. The report, conducted by UNIT 42 analysed the workload of 210,000 cloud accounts across 1,300 organisations.

The report’s findings echoed similarities from the previous year, finding almost all cloud users, roles, services and resources grant excessive permissions. Some of the other key findings include as many as 83% of organisations having hard-coded credentials in their source control management systems, 53% of cloud accounts allowing weak password usage and 44% allowing password reuse and 71% of high or critical vulnerabilities exposed were at least two years old.

https://www.csoonline.com/article/3693260/weak-credentials-unpatched-vulnerabilities-malicious-oss-packages-causing-cloud-security-risks.html

• Over 70 Billion Unprotected Files Available on Unsecured Web Servers

A recent report found that more than 70 billion files, including intellectual property and financial information, are freely available and unprotected on unsecured web servers. Other key findings of the report included almost 1 in 10 of all detected internet-facing assets having an unpatched vulnerability, with the top 10 vulnerabilities found unpatched at least 12 million times each.

The report predicted that there will be a significant rise in information stealing malware; the report had found that 50% of emails associated with customers were plaintext and unencrypted. Additionally, there will be more incidents due to an increase in assets which are not known to IT, known as shadow IT.

Organisations should look to employ efficient patch management, have an up to date asset register, and use encryption to better increase their cyber defences.

https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/

• Cyber Thieves Are Getting More Creative

Cyber criminals are constantly changing their tactics and finding new ways to steal money from organisations. An example of this can be seen where criminals are breaking into systems to learn who is authorised to send payments and what the procedures are. Eventually, this leads to the criminal instructing payment to their own account.

Unfortunately, it is only after such events that some organisations are taking actions, such as verifying payments through phone calls. Whilst it is important for organisations to learn from attacks, it is beneficial to take a pro-active approach and employ procedures such as call back procedures before an incident has occurred.

https://hbr.org/2023/04/cyber-thieves-are-getting-more-creative

• Modernising Vulnerability Management: The Move Toward Exposure Management

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritisation, and understanding of attackers' motivations, opportunities and means. Vulnerabilities only represent a small part of the attack surface that attackers can leverage.

Exposures are broader and can encompass more than just vulnerabilities. Exposures can result from various factors, such as human error, improperly defined security controls, and poorly designed and unsecured architecture. Organisations should consider that an attacker doesn’t just look at one exposure; attackers will often use a combination of vulnerabilities, misconfigurations, permissions and other exposures to move across systems and reach valuable assets.

As such, organisations looking to improve their cyber resiliency should consider their vulnerability management system and assess both whether it is taking into account exposures and the context in relation to the organisation.

https://thehackernews.com/2023/04/modernizing-vulnerability-management.html

• Two-thirds of Cyber Attacks Involve Ransomware

A report from Sophos focusing on recent incident response cases, found that 68.4% of incidents resulted from ransomware. This was followed by network breaches, accounting for 18.4%. Regarding threat actor access, the report found that unpatched vulnerabilities were the single most common access method, followed by compromised credentials.

https://www.computerweekly.com/news/365535467/Almost-three-quarters-of-cyber-attacks-involve-ransomware

• Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts

A recent report found that the top challenges when implementing an effective cyber/IT risk management programme include an increase in the quantity (49%) and severity (49%) of cyber threats, a lack of funding (37%) and a lack of staffing/cyber risk talent (36%).

Cyber attacks have been increasing for several years now and resulting data breaches cost businesses an average of $4.35 million in 2022, according to the annual IBM ‘Cost of a Data Breach’ report. Given the financial and reputational consequences of cyber attacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.

When it came to reporting to the board, 30% of CIO and CISO respondents say they do not communicate risk around specific business initiatives to other company leaders, indicating they may not know how to share that information in a constructive way.

https://www.helpnetsecurity.com/2023/04/26/effective-it-risk-management/

• NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities

According to the US National Security Agency (NSA), Russian hackers could be looking to attack logistics targets more broadly. The NSA have noted a significant amount of intelligence gathering into western countries, including the UK and the US.

Although there is no indication yet regarding attacks from Russia in connection with the logistics related to Ukraine, organisations should be aware and look to improve their cyber security practices to be best prepared.

https://cyberscoop.com/nsa-russian-ukraine-supply-chain-ransomware/

• Email Threat Report 2023: Key Takeaways

According to a recent report, email phishing made up 24% of all spam types in 2022, a significant increase in proportion from 11% in 2021. The finance industry was the most targeted by far, accounting for 48% of phishing incidents. It is followed by the construction sector at 17%, overtaking 2021’s second-place industry, e-commerce. Both the finance and construction industries saw an increase in phishing since last year. Of all the emails analysed in 2022, an enormous 90% were spam emails.

With phishing as prevalent as ever, organisations should look to implement training for their staff to not only be able to spot phishing emails, but to be able to report these and aid in improving the cyber security culture of their organisation.

https://www.itsecurityguru.org/2023/04/27/email-threat-report-2023-key-takeaways/

• 5 Most Dangerous New Attack Techniques

Experts from security training provider SANS Institute have revealed the 5 most dangerous new attack techniques: adversarial AI, ChatGPT-powered social engineering, third-party developer attacks (also known as software supply chain attacks), SEO, and paid advertising attacks.

The new techniques highlight the ever changing environment of the attack environment. SEO and paid advertising attacks are leveraging fundamental marketing strategies to gain initial access, heightening the importance for organisations to incorporate scalable user awareness training programmes, tailored to new threats.

https://www.csoonline.com/article/3694892/5-most-dangerous-new-attack-techniques.html  

• Many Public Salesforce Sites are Leaking Private Data

A shocking number of organisations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

This included the US State of Vermont who had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance programme that exposed the applicant’s full name, social security number, address, phone number, email, and bank account number. Similar information was leaked by TCF Bank on their Salesforce Community Website.

It's not just Salesforce though; misconfigurations in general are responsible for a number of leaked documents and or exposures relating to an organisation.

https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/

Threats

Ransomware, Extortion and Destructive Attacks

• New coercive tactics used to extort ransomware payments - Help Net Security

• Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached - IT Governance UK Blog

• Russian hackers exfiltrated data from from Capita over a week before outage | by Kevin Beaumont | Apr, 2023 | DoublePulsar

• Almost three-quarters of cyber attacks involve ransomware | Computer Weekly

• #RSAC: Ransomware Poses Growing Threat to Five Eyes Nations - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)

• Effects of the Hive Ransomware Group Takedown (darkreading.com)

• Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (thehackernews.com)

• Trojanized Installers Used to Distribute Bumblebee Malware - Infosecurity Magazine (infosecurity-magazine.com)

• MIT and Stanford researchers develop operating system with one major promise: Resisting ransomware | CyberScoop

• Tank storage company Vopak hacked, Ransomware groups report | NL Times

• Health insurer Point32Health suffered a ransomware attack-Security Affairs

• Hacker demands ransom after 'taking control' of Wiltshire school's IT | Swindon Advertiser

• US Navy Contractor Fincantieri Marine Group Hit by Cyber-attack - Infosecurity Magazine (infosecurity-magazine.com)

• Arnold Clark braced for cyber payout (thetimes.co.uk)

• RSAC speaker offers ransomware victims unconventional advice | TechTarget

• How ransomware victims can make the best of a bad situation | TechTarget

• Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse (gizmodo.com)

• Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

• CommScope employees left in the dark after ransomware attack | TechCrunch

Phishing & Email Based Attacks

• Email Threat Report 2023: Key Takeaways - IT Security Guru

• How Dangerous Is Phishing in 2023? - Duo Blog | Duo Security

• The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioural AI (darkreading.com)

BEC – Business Email Compromise

• WhatsApp used in BEC scam to pilfer $6.4M | SC Media (scmagazine.com)

2FA/MFA

• CrowdStrike details new MFA bypass, credential theft attack | TechTarget

• Phishing-resistant MFA shapes the future of authentication forms - Help Net Security

Malware

• Malware-Free Cyber attacks Are On the Rise; Here's How to Detect Them (darkreading.com)

• Trojanized Installers Used to Distribute Bumblebee Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-Conti and FIN7 Actors Collaborate with New Backdoor (securityintelligence.com)

• EvilExtractor malware activity spikes in Europe and the US (bleepingcomputer.com)

• Zaraza Malware Exploits Web Browsers To Steal Stored Passwords (latesthackingnews.com)

• This evil malware disables your security software, then goes in for the kill | TechRadar

• Decoy Dog malware toolkit found after analysing 70 billion DNS queries (bleepingcomputer.com)

• Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)

• A Security Team Is Turning This Malware Gang’s Tricks Against It | WIRED

• Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity

• Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)

• Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek

• Chinese hackers launch Linux variant of PingPull malware | CSO Online

Mobile

• WhatsApp used in BEC scam to pilfer $6.4M | SC Media (scmagazine.com)

• 35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)

Botnets

• Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers (thehackernews.com)

Denial of Service/DoS/DDOS

• New SLP bug can lead to massive 2,200x DDoS amplification attacks (bleepingcomputer.com)

• Top 15 DDoS Protection Best Practices - Security Boulevard

• 'Anonymous Sudan' Claims Responsibility for DDoS Attacks Against Israel (darkreading.com)

Internet of Things – IoT

• Government Agencies Release Blueprint for Secure Smart Cities - Infosecurity Magazine (infosecurity-magazine.com)

• TP-Link Archer WiFi router flaw exploited by Mirai malware (bleepingcomputer.com)

Data Breaches/Leaks

• Over 70 billion unprotected files available on unsecured web servers - Help Net Security

• Many Public Salesforce Sites are Leaking Private Data – Krebs on Security

• American Bar Association data breach hits 1.4 million members (bleepingcomputer.com)

• CFPB Employee Sends 256,000 Consumers' Data to Personal Email - Infosecurity Magazine (infosecurity-magazine.com)

• American Bar Association (ABA) suffered a data breach-Security Affairs

• Shields Health Breach Exposes 2.3M Users' Data (darkreading.com)

• Serving UK Armed Forces member charged under Official Secrets Act (telegraph.co.uk)

• Yellow Pages Canada confirms cyber attack as Black Basta leaks data (bleepingcomputer.com)

• Vantage Travel Experiences Data Security Incident (darkreading.com)

Organised Crime & Criminal Actors

• The IRS is sending four investigators across the world to fight cyber crime | TechCrunch

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kubernetes RBAC abused to create persistent cluster backdoors (bleepingcomputer.com)

• North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies (darkreading.com)

Insider Risk and Insider Threats

• Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)

Fraud, Scams & Financial Crime

• The IRS is sending four investigators across the world to fight cyber crime | TechCrunch

• How Startups Can Take Steps To Prevent Syphoning & Fraud

• US deploys more cyber forces abroad to help fight hackers | Reuters

• The ‘Your computer was locked’ scam is gaining traction (consumeraffairs.com)

• The true numbers behind deepfake fraud - Help Net Security

• Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)

Deepfakes

• The true numbers behind deepfake fraud - Help Net Security

AML/CFT/Sanctions

• North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies (darkreading.com)

Insurance

• The Complexities of Cyber Insurance | Cyber Risk Management (telos.com)

Dark Web

• Metaverse Version of the Dark Web Could be Nearly Impenetrable (darkreading.com)

Supply Chain and Third Parties

• Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached - IT Governance UK Blog

• Russian hackers exfiltrated data from from Capita over a week before outage | by Kevin Beaumont | Apr, 2023 | DoublePulsar

• At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack - -Security Affairs-Security Affairs

• The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks | WIRED

• That 3CX supply chain attack keeps getting worse • The Register

• NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop

• North Korean hackers breach software firm in significant cyber attack | CNN Politics

• SD Worx hack: Payroll firm for M&S hit by cyber attack (thetimes.co.uk)

• A third-party’s perspective on third-party InfoSec risk management - Help Net Security

Software Supply Chain

• Securing Software Supply Chains Requires Outside-the-Box Thinking - Infosecurity Magazine (infosecurity-magazine.com)

Cloud/SaaS

• Shadow IT, SaaS Pose Security Liability for Enterprises (darkreading.com)

• Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks | CSO Online

• 14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)

• Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)

• GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform (thehackernews.com)

• Saas Security: The Need For Continuous Sustenance (informationsecuritybuzz.com)

• How CISOs navigate security and compliance in a multi-cloud world - Help Net Security

• Cloud Complexity Means Bugs Are Missed in Testing - Infosecurity Magazine (infosecurity-magazine.com)

• Study: 84% of Companies Use Breached SaaS Applications - Here's How to Fix it for Free! (thehackernews.com)

• Security experts found a major bug in Google Cloud | TechRadar

• Most SaaS adopters exposed to browser-borne attacks - Help Net Security

• Cloud-native security metrics for CISOs | TechTarget

• Exposed Artifacts Seen In Misconfigured Cloud Software Registries (informationsecuritybuzz.com)

• Google accounts attacked and hijacked by this devious security flaw | TechRadar

Containers

• Kubernetes RBAC abused to create persistent cluster backdoors (bleepingcomputer.com)

• Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC-Security Affairs

• Combating Kubernetes — the Newest IAM Challenge (darkreading.com)

Attack Surface Management

• Over 70 billion unprotected files available on unsecured web servers - Help Net Security

• Study of past cyber attacks can improve organisations' defence strategies - Help Net Security

Shadow IT

• Shadow IT, SaaS Pose Security Liability for Enterprises (darkreading.com)

Identity and Access Management

• Rethinking the effectiveness of current authentication initiatives - Help Net Security

• Combating Kubernetes — the Newest IAM Challenge (darkreading.com)

Open Source

• The double-edged sword of open-source software - Help Net Security

• Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)

• Chinese hackers launch Linux variant of PingPull malware | CSO Online

• Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks | CSO Online

• Password reset woes could cost FTSE 100 companies $156 million each month - Help Net Security

• The War on Passwords Enters a Chaotic New Phase | WIRED

• A '!password20231#' password may not be as complex as you think (bleepingcomputer.com)

Social Media

• Thousands of Social Media Takedowns Hit People Smugglers - Infosecurity Magazine (infosecurity-magazine.com)

• Metaverse Version of the Dark Web Could be Nearly Impenetrable (darkreading.com)

• Vietnamese Hackers Linked to 'Malverposting' Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Trojanized Installers Used to Distribute Bumblebee Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Google ads push BumbleBee malware used by ransomware gangs (bleepingcomputer.com)

• 35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)

Training, Education and Awareness

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

Digital Transformation

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

• Cyber security in Finance: Protecting Your Digital Transformation | CSO Online

Parental Controls and Child Safety

• Tech giants and government have failed to stop child sex abuse online, says Sajid Javid (telegraph.co.uk)

Regulations, Fines and Legislation

• (ISC)2 Urges Countries to Strengthen Collaboration on Cyber security Regulation - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

• Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• Is your bank account safe? Mass layoffs weaken cyber security across finance sector | Fox Business

• The Tangled Web of IR Strategies (darkreading.com)

• The strong link between cyber threat intelligence and digital risk protection | CSO Online

• Cyber Thieves Are Getting More Creative (hbr.org)

• Organisations are stepping up their game against cyber threats - Help Net Security

• CISOs: unsupported, unheard, and invisible - Help Net Security

• The Relationship Between Security Maturity and Business Enablement | CSO Online

• CISOs Rethink Data Security with Info-Centric Framework (darkreading.com)

• UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)

• Good, Better And Best Security (informationsecuritybuzz.com)

• #RSAC: Organisations Warned About the Latest Attack Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• SANS Reveals Top 5 Most Dangerous Cyber attacks for 2023 (darkreading.com)

• Cloud-native security metrics for CISOs | TechTarget

Models, Frameworks and Standards

• Small Business is a Big Priority: NIST Expands Outreach to the Small Business Community | NIST

• Are you ready for PCI DSS 4.0? - Help Net Security

Careers, Working in Cyber and Information Security

• UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)

• How to Begin a Career in Ethical Hacking in the Year 2023? (analyticsinsight.net)

Law Enforcement Action and Take Downs

• To combat cyber crime, US law enforcement increasingly prioritizes disruption | CyberScoop

• US to focus on stifling cyber attacks, not convictions • The Register

• US deploys more cyber forces abroad to help fight hackers | Reuters

• Effects of the Hive Ransomware Group Takedown (darkreading.com)

• Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• Hackers can find your home on Strava even if you use privacy settings, researchers find | Cycling Weekly

• Major US CFPB Data Breach Caused by Employee (darkreading.com)

Artificial Intelligence

• The Growing Need for Cyber Security in an Age of AI Disruption (analyticsinsight.net)

• From pope’s jacket to napalm recipes: how worrying is AI’s rapid growth? | Artificial intelligence (AI) | The Guardian

• Cyber security Survival: Hide From Adversarial AI (darkreading.com)

• AI Experts: Account for AI/ML Resilience & Risk While There's Still Time (darkreading.com)

• 5 most dangerous new attack techniques | CSO Online

• NSA Cyber security Director Says ‘Buckle Up’ for Generative AI | WIRED

• The New Risks ChatGPT Poses to Cyber security (hbr.org)

• From ChatGPT to HackGPT: Meeting the Cyber security Threat of Generative AI (mit.edu)

• ChatGPT fans need 'defensive mindset' to avoid scammers • The Register

• DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)

• The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioral AI (darkreading.com)

• Nvidia releases a toolkit to make text-generating AI ‘safer’ | TechCrunch

• Artificial intelligence takes RSA Conference by storm | SC Media (scmagazine.com)

• The good, the bad and the generative AI • The Register

• Secureworks CEO weighs in on XDR landscape, AI concerns | TechTarget

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• BCS Policy Jam : Cyberwar and Ukraine one year on | BCS

• FBI aiding Ukraine in collection of digital and physical war crime evidence | CyberScoop

• NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop

• #RSAC: Cyber-Attacks on Civilian Infrastructure Should Be War Crimes, says Ukraine Official - Infosecurity Magazine (infosecurity-magazine.com)

• UK undersea cables worth £7.4 trillion a day under ‘real threat’ from Russia | The Independent

• Eurocontrol says website 'under attack' by pro-Russia crew • The Register

• Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online

• Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering (thehackernews.com)

• CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert

Nation State Actors

• APT Groups Expand Reach to New Industries and Geographies - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek

• North Korean hackers breach software firm in significant cyber attack | CNN Politics

• Western cyber security must advance to counter China's cyber space progress, says NCSC director (computing.co.uk)

• China building cyber weapons to hijack enemy satellites, says US leak | Financial Times (ft.com)

• NCSC raises alert on cyber threat to infrastructure | UKAuthority

• Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online

• DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)

• At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack - -Security Affairs-Security Affairs

• North Korea's Kimsuky APT Keeps Growing, Despite Public Outing (darkreading.com)

• APT 'Mint Sandstorm' quickly exploits new PoC hacks | SC Media (scmagazine.com)

• Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (thehackernews.com)

• North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies (darkreading.com)

• Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor (thehackernews.com)

• Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)

• US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt - SecurityWeek

• Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity

• Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)

• Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline-Security Affairs

• Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks (thehackernews.com)

• Iranian cyber spies deploy new malware implant on Microsoft Exchange Servers | CSO Online

• A component in Huawei network appliances could be used to take down Germany’s telecoms networks-Security Affairs

• Ukrainian arrested for selling data of 300M people to Russians (bleepingcomputer.com)

• FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek

• Chinese hackers launch Linux variant of PingPull malware | CSO Online

• CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert

• Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive (darkreading.com)

Vulnerability Management

• Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks | CSO Online

• Modernizing Vulnerability Management: The Move Toward Exposure Management (thehackernews.com)

• GitLab’s new security feature uses AI to explain vulnerabilities to developers | TechCrunch

• Microsoft: Windows 10 22H2 is the final version of Windows 10 (bleepingcomputer.com)

Vulnerabilities

• New Google Chrome Zero-Day Bug Actively Exploited in Wide (gbhackers.com)

• Flaw in Microsoft Process Explorer under active attack • The Register

• Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites (thehackernews.com)

• APC warns of critical unauthenticated RCE flaws in UPS software (bleepingcomputer.com)

• Double zero-day in Chrome and Edge – check your versions now! – Naked Security (sophos.com)

• Security experts found a major bug in Google Cloud | TechRadar

• TP-Link Archer WiFi router flaw exploited by Mirai malware (bleepingcomputer.com)

• Mozilla confirms memory leak in Firefox - gHacks Tech News

• SolarWinds Platform Update Patches High-Severity Vulnerabilities - SecurityWeek

• VMware Releases Critical Patches for Workstation and Fusion Software (thehackernews.com)

• Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks (thehackernews.com)

• Cisco discloses XSS zero-day flaw in server management tool (bleepingcomputer.com)

• Microsoft removes LSA Protection from Windows settings to fix bug (bleepingcomputer.com)

• PaperCut says hackers are exploiting ‘critical’ security flaws in unpatched servers | TechCrunch

• FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek

• New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP) | Bitsight

Tools and Controls

• Navigating The Future Of Cyber: Business Strategy, Cyber security Training, And Digital Transformation Are Key (forbes.com)

• Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security

• The Tangled Web of IR Strategies (darkreading.com)

• 14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)

• Six Key Considerations When Choosing a Web Application Firewall  - Security Boulevard

• The Complexities of Cyber Insurance | Cyber Risk Management (telos.com)

• Unified Endpoint Management: A Powerful Tool for Your Cyber security Arsenal | CSO Online

• GitLab’s new security feature uses AI to explain vulnerabilities to developers | TechCrunch

• Google Authenticator finally, mercifully adds account syncing for two-factor codes - The Verge

• The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)

• Rethinking the effectiveness of current authentication initiatives - Help Net Security

• Attack Surface Management Strategies (trendmicro.com)

• Google will add End-to-End encryption to Google Authenticator (bleepingcomputer.com)

• Google 2FA Syncing Feature Could Put Your Privacy at Risk (darkreading.com)

• Embracing zero-trust: a look at the NSA’s recommended IAM best practices for administrators | CSO Online

• CISOs struggle to manage risk due to DevSecOps inefficiencies - Help Net Security

• Generative AI and security: Balancing performance and risk - Help Net Security

• #RSAC: GPT-4 Empowers Cyber security Leaders to Make Smarter Risk Decisions - Infosecurity Magazine (infosecurity-magazine.com)

• SSL vs TLS: Which Should You Be Using? (trendmicro.com)

• CISA aims to reduce email threats with serial CDR prototype | TechTarget

• Top 15 DDoS Protection Best Practices - Security Boulevard

• Threat Actor Names Proliferate, Adding Confusion (darkreading.com)

• AI Dominates RSA as Excitement and Questions Surround its Potential in Cyber security Tooling - Infosecurity Magazine (infosecurity-magazine.com)

Reports Published in the Last Week

• Email Threats - Discover the latest trends and stay one step ahead - VIPRE

Other News

• Falling Dwell Time May Be Down to Faster Threat Activity - Infosecurity Magazine (infosecurity-magazine.com)

• The threat from commercial cyber proliferation - NCSC.GOV.UK

• Hackers could learn how to send fake terror threats on YouTube, warn experts (telegraph.co.uk)

• Government launches new cyber security measures to tackle ever growing threats - GOV.UK (www.gov.uk)

• Attackers are logging in instead of breaking in - Help Net Security

• NCSC unveils data driven cyber security model | UKAuthority

• Hacker Group Names Are Now Absurdly Out of Control | WIRED

• 38 Countries Take Part in NATO's 2023 Locked Shields Cyber Exercise - SecurityWeek

• Quad Countries Prepare For Info Sharing on Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• The White House National Cyber security Strategy Has a Fatal Flaw (darkreading.com)

• Threat Actor Names Proliferate, Adding Confusion (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month

March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.

Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.

The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.

https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/

• Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces

Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.

The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:

• Keeping up with threat intelligence (70%)

• Allocating cyber security resources and budget (47%)

• Visibility into all assets connected to the network (44%)

• Compliance and regulation (39%)

• Convergence of IT and OT (32%)

The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.

https://www.msspalert.com/cybersecurity-news/organizations-overwhelmed-with-cybersecurity-alerts-threats-and-attack-surfaces-armis-study-shows/

• One in Three Businesses Faced Cyber Attacks Last Year

Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.

Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.

https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html

• Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged

Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.

The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.

https://www.darkreading.com/vulnerabilities-threats/why-your-anti-fraud-identity-cybersecurity-efforts-should-be-merged

• Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security

With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.

Cobalt’s recent report found:

• Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.

• Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.

• Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.

https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/

• Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes

Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.

Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.

https://www.hivesystems.io/blog/are-your-passwords-in-the-green

• 83% of Organisations Paid Up in Ransomware Attacks

A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.

Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.

https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/

• Security is a Revenue Booster, Not a Cost Centre

Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.

For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.

In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.

https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center

• Ex-CEO Gets Prison Sentence for Bad Security

A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.

Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.

The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.

https://nakedsecurity.sophos.com/2023/04/18/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence-for-bad-data-security/

• Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers

There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.

https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/

• KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend

KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.

The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.

Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.

https://www.itsecurityguru.org/2023/04/19/knowbe4-q1-phishing-report-reveals-it-and-online-services-emails-drive-dangerous-attack-trend/

• Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack

Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.

While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.

https://www.theguardian.com/business/2023/apr/20/capita-admits-customer-data-may-have-been-breached-during-cyber-attack

• Outdated Cyber Security Practices Leave Door Open for Criminals

A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.

https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/

• Quantifying Cyber Risk Vital for Business Survival

Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.

https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/

• Recycled Network Devices Exposing Corporate Secrets

Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.

Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.

In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.

The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.

https://www.infosecurity-magazine.com/news/recycled-network-exposing/

Threats

Ransomware, Extortion and Destructive Attacks

• 83% of organisations paid up in ransomware attacks  | VentureBeat

• March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

• Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)

• RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• UK Education Sector Suffered Most from Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs

• Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek

• LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)

• Abuse victims' data stolen in ransomware attack (rte.ie)

• Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch

• Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs

• Black Basta claims it's selling off stolen Capita data • The Register

• An Analysis of the BabLock Ransomware (trendmicro.com)

• Ransomware reinfection and its impact on businesses - Help Net Security

• Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)

• Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)

• Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)

• Medusa ransomware crew boasts of Microsoft code leak • The Register

• New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• New Qbot campaign delivers malware by hijacking business emails | CSO Online

• KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend - IT Security Guru

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET

• UK government employees receive average of 2,246 malicious emails per year - IT Security Guru

BEC – Business Email Compromise

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• US charges three men with six million dollar business email compromise plot | Tripwire

2FA/MFA

• How to Prevent 2 Common Attacks on MFA (darkreading.com)

Malware

• Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)

• New Chameleon banking trojan is stealing account info — what you need to know | Tom's Guide (tomsguide.com)

• US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)

• New QBot campaign delivered hijacking business correspondenceSecurity Affairs

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• MacStealer - newly-discovered malware steals passwords and exfiltrates data from infected Macs • Graham Cluley

• 'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)

• What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)

Mobile

• Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

Botnets

• 'Zaraza' Bot Targets Google Chrome to Extract Login Credentials (darkreading.com)

Internet of Things – IoT

• Military helicopter crash blamed on missing software patch • The Register

• Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

• Five Eye nations release new guidance on smart city cyber security | CSO Online

Data Breaches/Leaks

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)

• Volvo retailer leaks sensitive files - Security Affairs

• Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek

• Cyber attack on Insurance Information Bureau of India; data at risk - The Economic Times (indiatimes.com)

• Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek

Organised Crime & Criminal Actors

• Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• Standardized data collection methods can help fight cyber crime | TechTarget

• Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

Insider Risk and Insider Threats

• Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Top risks and best practices for securely offboarding employees | CSO Online

• Critical Infrastructure Firms Concerned Over Insider Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How to Strengthen your Insider Threat Security - IT Security Guru

Fraud, Scams & Financial Crime

• Pre-pandemic techniques are fueling record fraud rates - Help Net Security

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• Trial and error in Kuwait | CyberScoop

• US extradites Nigerian charged in $6m email fraud scam • The Register

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• Three charged over banking fraud for hire website | Computer Weekly

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

• Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur

• FTC orders payments firm to pay $650k over tech support scam • The Register

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Fraudsters impersonating genuine providers cost £177.6m in 2022, UK Finance data suggests | Business News | Sky News

• Scammers using social media to dupe people into becoming money mules - Help Net Security

AML/CFT/Sanctions

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)

• Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek

• Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online

Dark Web

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

Supply Chain and Third Parties

• Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)

• 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant

• Capita admits customer, supplier or colleague data may have been accessed by hackers | Business News | Sky News

• Lazarus APT group employed Linux Malware in recent attacks-Security Affairs

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

Software Supply Chain

• CISA Introduces Secure-by-design and Secure-by-default Development Principles – Security Week

Cloud/SaaS

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• Is there really a march from the public cloud back on-prem? | TechCrunch

• Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs

Attack Surface Management

• Recycled Core Routers Expose Sensitive Corporate Network Info (darkreading.com)

Shadow IT

• The staying power of shadow IT, and how to combat risks related to it - Help Net Security

Identity and Access Management

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)

• The biggest data security blind spot: Authorization - Help Net Security

Encryption

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

API

• Triple-digit Increase in API and App Attacks on Tech and Retail - Infosecurity Magazine (infosecurity-magazine.com)

• There's Been a 400% Increase in Unique API Attackers - The New Stack

Open Source

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Security beyond software: The open source hardware security evolution - Help Net Security

• Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com

Passwords, Credential Stuffing & Brute Force Attacks

• How Long It Would Take A Hacker To Brute Force Your Password In 2023, Ranked | Digg

Social Media

• LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Scammers using social media to dupe people into becoming money mules - Help Net Security

Regulations, Fines and Legislation

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Brit cops rapped over app that recorded 200k phone calls • The Register

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Governance, Risk and Compliance

• Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)

• Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• 'One in three firms faced cyber attacks last year' (aol.co.uk)

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

• Quantifying cyber risk vital for business survival - Help Net Security

• Wargaming an effective data breach playbook - Help Net Security

• Outdated cyber security practices leave door open for criminals - Help Net Security

• CISOs struggling to protect sensitive data records - Help Net Security

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Gartner Top Strategic Cyber security Trends 2023

• 3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)

• Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-CIO must pay £81k over Total Shambles Bank migration • The Register

• Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security

• Top risks and best practices for securely offboarding employees | CSO Online

• How companies are struggling to build and run effective cyber security programs - Help Net Security

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)

Secure Disposal

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

Backup and Recovery

• CISOs struggling to protect sensitive data records - Help Net Security

Data Protection

• Government reprimanded for serious breaches of data protection law - Jersey Evening Post

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Brit cops rapped over app that recorded 200k phone calls • The Register

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Careers, Working in Cyber and Information Security

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

Law Enforcement Action and Take Downs

• Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes (bitdefender.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• US extradites Nigerian charged in $6m email fraud scam • The Register

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

• Three charged over banking fraud for hire website | Computer Weekly

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Privacy, Surveillance and Mass Monitoring

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• What the Recent Collapse of SVB Means for Privacy (darkreading.com)

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

Artificial Intelligence

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register

• AI-created malware sends shockwaves through cybersecurity world | Fox News

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)

• ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Misinformation, Disinformation and Propaganda

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers targeting UK more frequently (thetimes.co.uk)

• UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure | CSO Online

• Russian hackers want to ‘disrupt or destroy’ UK infrastructure, minister warns | Hacking | The Guardian

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)

• Meet the hacker armies on Ukraine's cyber front line - BBC News

• Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)

• Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• How cyber support to Ukraine can build its democratic future | CyberScoop

• Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)

• Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)

• Britain sounds alarm on spyware, mercenary hacking market | Reuters

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

• The UK will need more than words in this cyber war | Financial Times (ft.com)

• Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)

Nation State Actors

• BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)

• 3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)

• UK security chief’s alert over threat from China (thetimes.co.uk)

• Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites (thehackernews.com)

• APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)

• China starts ‘surgical’ retaliation against foreign companies after US-led tech blockade | Financial Times

• Iranian-Russian cooperation on hack attacks may challenge Israeli cyber supremacy | The Times of Israel

• US charges 44 members of alleged Chinese troll army • The Register

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets - Microsoft Security Blog

• MuddyWater Uses SimpleHelp to Target Critical Infrastructure Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)

• Iranian Nation-State Actor "Mint Sandstorm" Weaponizes N-day Flaws - Infosecurity Magazine (infosecurity-magazine.com)

• Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)

• Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Vulnerability Management

• Military helicopter crash blamed on missing software patch • The Register

• Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

Vulnerabilities

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• CISA: Patch Bug Exploited by Chinese E-commerce App - Infosecurity Magazine (infosecurity-magazine.com)

• Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)

• Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)

• Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs

• VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek

• Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products (thehackernews.com)

• Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)

Tools and Controls

• CISA Asks Manufacturers to Prioritize Cybersecurity in Product Design - Infosecurity Magazine (infosecurity-magazine.com)

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• 7 countries unite to push for secure-by-design development | CSO Online

• Wargaming an effective data breach playbook - Help Net Security

• Where There's No Code, There's No SDLC (darkreading.com)

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)

• Microsoft opens up Defender with file hash, URL search • The Register

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

• How to build a cybersecurity deception program | TechTarget

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

• Threat Posed by 'Irresponsible' Use of Commercial Hacking Tools Increasing, NCSC Warns - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs struggling to protect sensitive data records - Help Net Security

• Generative AI in SecOps and how to prepare | TechTarget

• AI defenders ready to foil AI-armed attackers • The Register

• Newer Authentication Tech a Priority for 2023 (darkreading.com)

Other News

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop

• Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)

• How to defend against TCP port 445 and other SMB exploits | TechTarget

• Criminal Records Service still disrupted 4 weeks after hack - BBC News

• Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)

• Cyberspace Solarium Commission says space systems should be considered critical infrastructure | CyberScoop

• UK Strengthens Cyber security Audits for Government Agencies - Infosecurity Magazine (infosecurity-magazine.com)

• EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com

 Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• NCSC Looks Back on Year Of ‘Profound Change’ for Cyber

The UK’s National Cyber Security Centre (NCSC) provided support for 18 nationally significant ransomware attacks; removed 2.1 million cyber-enabled commodity campaigns; issued 34 million early warning alerts about attacks, compromises, vulnerabilities or open ports; and received 6.5 million reports of suspicious emails in the past 12 months – but in a year of “profound change” in the cyber security landscape, it was Russia’s invasion of Ukraine that dominated the agenda.

Reflecting on the past 12 months as she launched the NCSC’s latest annual report on 1 November at an event in London, NCSC CEO Lindy Cameron said that the return of war to Europe with Russia’s invasion of Ukraine presented a unique set of challenges in cyber space for the NCSC and its partners and allies.

Cameron added that while the cyber threat from Russia has perhaps been the most visible security issue of 2022, it was also important not to forget that when it comes to nation-state actors, it will likely be the technical development and evolution of China that ultimately has the more lasting impact on the UK’s national cyber security.

https://www.computerweekly.com/news/252526766/NCSC-looks-back-on-year-of-profound-change-for-cyber

• LastPass Research Finds False Sense of Cyber Security Running Rampant

LastPass released findings from its fifth annual Psychology of Password findings, which revealed even with cyber security education on the rise, password hygiene has not improved. Regardless of generational differences across Boomers, Millennials and Gen Z, the research shows a false sense of password security given current behaviours across the board. In addition, LastPass found that while 65% of all respondents have some form of cyber security education — through school, work, social media, books or via online courses — the reality is that 62% almost always or mostly use the same or variation of a password.

The survey, which explored the password security behaviours of 3,750 professionals across seven countries, asked about respondents’ mindset and behaviours surrounding their online security. The findings highlighted a clear disconnect between high confidence when it comes to their password management and their unsafe actions. While the majority of professionals surveyed claimed to be confident in their current password management, this doesn’t translate to safer online behaviour and can create a detrimental false sense of safety.

Key findings from the research include:

• Gen Z is confident when it comes to their password management, while also being the biggest offenders of poor password hygiene.

• Cyber security education doesn’t necessarily translate to action.

• Confidence creates a false sense of password security.

The latest research showcases that even in the face of a pandemic, where we spent more time online amid rising cyber attacks, there continues to be a disconnect for people when it comes to protecting their digital lives. Even though nearly two-thirds of respondents had some form of cyber security education, it is not being put into practice for varying reasons.

https://www.darkreading.com/vulnerabilities-threats/untitled

• Insurance Giant Settles NotPetya ‘Act of War’ Lawsuit, Signaling Cyber Insurance Shakeup

The settlement last week in a $100 million lawsuit over whether insurance giant Zurich should cover losses Mondelez International suffered from NotPetya may very well reshape the entire cyber insurance marketplace.

Zurich initially denied claims from Mondelez after the malware, which experts estimate caused some $10 billion in damages globally, wreaked havoc on its computer networks. The insurance provider claimed an act of war exemption since it’s widely believed Russian military hackers unleashed NotPetya on a Ukrainian company before it spread around the world.

Now, however, it’s increasingly clear insurers aren’t off the hook for NotPetya payouts or from covering losses from other attacks with clear links to nation-state hackers.

That’s because in this case, what Mondelez and many other corporations endured was not an act of war, but “collateral damage” in a much larger cyber conflict that had nothing to do with them, said the Center for Strategic and International Studies.

There needs to be a rethink what act of war means in cyber space when it comes to insurance. The current definitions come out of the 19th century when we had pirates, navies and privateers.

Last week’s ruling in favour of Mondelez follows a January ruling in a New Jersey court that sided with global pharmaceutical company Merck in a similar case. Its insurance companies initially refused to pay for damages from NotPetya. Merck claimed losses that amounted to $1.4 billion. The insurers are appealing the ruling.

Insurers seized on the NotPetya episode to test how courts would rule on cyber coverage questions, particularly when there’s so much evidence pointing to one particular nation-state actor. Since NotPetya was widely attributed to the Russian government it gave the industry a “really strong opportunity” to set legal precedent limiting their responsibility in these instances.

Insurers will start to be much more upfront about the fact that they aren’t going to cover acts of cyber war or limit payouts for NotPetya type incidents in the future.

https://www.cyberscoop.com/insurance-giant-settles-notpetya-lawsuit/

• Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments.

The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditisation of that vulnerability," making it imperative that organisations patch such exploits in a timely manner.

This also corroborates with an April 2022 advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), which found that bad actors are "aggressively" targeting newly disclosed software bugs against broad targets globally.

Microsoft noted that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminate probing events before the patches are installed.

It further accused Chinese state-sponsored groups of being "particularly proficient" at discovering and developing zero-day exploits. This has been compounded by the fact that the Cyberspace Administration of China (CAC) enacted a new vulnerability reporting regulation in September 2021 that requires security flaws to be reported to the government prior to them being shared with the product developers.

Redmond further said the law could enable government-backed elements to stockpile and weaponise the reported bugs, resulting in the increased use of zero-days for espionage activities designed to advance China's economic and military interests.

https://thehackernews.com/2022/11/microsoft-warns-of-uptick-in-hackers.html

• Chinese Mob Has 100K Slaves Working in Cambodian Cyber Crime Mills

Up to 100,000 people from across Asia have been lured to Cambodia by Chinese crime syndicates with the promise of good jobs. When they arrive, their passports are seized and they are put to work in modern-day sweatshops, running cyber crime campaigns.

The Los Angeles Times reported that Cambodia, which was hit hard economically by the pandemic, has allowed Chinese mobsters to set up enormous cyber crime operations using human trafficked labour without consequence, because of the revenue it generates for the country. The campaigns they carry out run the gamut from romance scams to fake sports betting.

Although the Cambodian government acknowledges that as many as 100,000 workers are involved in these activities, it denies anyone is being held against their will. However, the stories from traumatised victims rescued from cyber crime mills include tales of beatings and torture for failing to meet quotas, and of being sold and passed around from gang to gang.

https://www.darkreading.com/attacks-breaches/chinese-mob-100k-slaves-cambodian-cybercrime-mills

• Ransomware Research: 17 Leaked Databases Operated by Threat Actors Threaten Third Party Organisations

Ransomware remains a serious threat to organisations, Deep Instinct, a New York-based deep learning cyber security specialist, said in its recently released 2022 Interim Cyber Threat Report.

It’s no surprise, the company said, as there are currently 17 leaked databases operated by threat actors who are leveraging the data for attacks on third-party companies, most notably social engineering, credential theft, and triple-extortion attacks.

Here are the report’s key findings:

• Changes in ransomware gangs, including LockBit, Hive, BlackCat, and Conti. The latter has spawned “Conti Splinters” made up of former affiliates Quantum, BlackBasta, and BlackByte.

• Significant changes to tactics by Emotet, Agent Tesla, NanoCore, and others. For example, Emotet uses highly obfuscated VBA macros to avoid detection.

• The use of documents for malware has decreased as the top attack vector, following Microsoft’s move to disable macros by default in Microsoft Office files. Threat actors have already pivoted to other methods such as LNK, HTML, and archive email attachments.

• Vulnerabilities such as SpoolFool, Follina and DirtyPipe highlighted the exploitability of both Windows and Linux systems despite efforts to enhance their security.

• The number of exploited in-the-wild vulnerabilities spikes every 3-4 months. The next spike is expected to occur by the end of the year.

• Threat actor groups are extending data exfiltration attacks to demand ransoms from third-party companies if the leaked data contains their sensitive information.

The report also makes three predictions:

• More inside jobs. Malicious threat actors look for the weakest link, which is often in the supply chain. Groups like Lapsus$ do not rely on exploits but instead look for insiders who are willing to sell access to data within their organisation.

• Rise of protestware. Look for a spike in protestware, which is self-sabotaging one’s software and weaponising it with malware capabilities in an effort to harm all or some of its users. The war between Russia and Ukraine has caused a surge in protestware.

• End of year attacks. While no major vulnerability in 2022 has emerged similar to the Log4J or the Exchange cases in 2021, there is an increase year-over-year in the number of publicly assigned CVEs for reported vulnerabilities. For now, threat actors are still exploiting old vulnerabilities during 2022 simply because there is a plethora of unpatched systems for 2021 CVEs but that will change.

Organisations are warned to be on their guard. 2022 has been another record year for cyber criminals and ransomware gangs. It’s no secret that these threat actors are constantly upping their game with new and improved tactics designed to evade traditional cyber defences. Defenders must continue to be vigilant and find new approaches to prevent these attacks from happening.

https://www.msspalert.com/cybersecurity-research/ransomware-research-17-leaked-databases-operated-by-threat-actors-threaten-third-party-organizations/

• Ransomware: Not Enough Victims Are Reporting Attacks, And That's a Problem for Everyone

Ransomware continues to be a significant cyber threat to businesses and the general public – but it's difficult to know the true impact of attacks because many victims aren't coming forward to report them.

The warning comes in the National Cyber Security Centre (NCSC) Annual Review for 2022, which looks back at key developments and incidents in cyber crime over the last year, with ransomware described as an "ever present" threat and a "major challenge" to businesses and public services.

That's demonstrated by how the review details how in the 12-month period between 1 September 2021 and 31 August 2022 there were 18 ransomware incidents that needed a "nationally coordinated" response. These included attacks on a supplier to the National Health Service (NHS) and a ransomware attack against South Staffordshire Water.

However, the true impact of ransomware remains unclear, because the NCSC says that many organisations that fall prey to ransomware attacks aren't disclosing them.

That lack of reporting is despite the significant and disruptive consequences ransomware attacks can have, not only for organisations that fall victim, but for wider society – which is why it's vital that cyber security is taken seriously and incidents are reported.

https://www.zdnet.com/article/ransomware-not-enough-victims-are-reporting-attacks-and-that-increases-the-threat-for-everyone/

• Hackers Selling Access to 576 Corporate Networks for $4 Million

A new report shows that hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fuelling attacks on the enterprise.

The research comes from Israeli cyber-intelligence firm KELA which published its Q3 2022 ransomware report, reflecting stable activity in the sector of initial access sales but a steep rise in the value of the offerings.

Although the number of sales for network access remained about the same as in the previous two quarters, the cumulative requested price has now reached $4,000,000. For comparison, the total value of initial access listings in Q2 2022 was $660,000, recording a drop in value that coincided with the summer ransomware hiatus that hurt demand.

Initial access brokers (IABs) are hackers who sell access to corporate networks, usually achieved through credential theft, webshells, or exploiting vulnerabilities in publicly exposed hardware. After establishing a foothold on the network, the threat actors sell this corporate access to other hackers who use it to steal valuable data, deploy ransomware, or conduct other malicious activity. The reasons IABs choose not to leverage network access vary, ranging from lacking diverse intrusion skills to preferring not to risk increased legal trouble.

IABs still play a crucial role in the ransomware infection chain, even if they got sidelined last year when big ransomware gangs that operated as crime syndicates operated their own IAB departments.

https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/

• Cyber Security Recovery is a Process That Starts Long Before a Cyber Attack Occurs

Organisations are racing to stay ahead of cyber criminals, and as a result, we see businesses investing a lot of money on identifying and detecting attacks, on preventing attacks in the first place, and in responding to live attacks. But they are not spending the same amounts on attack recovery. They may have followed all the relevant guidelines, and even implemented the ISO 27000 standard, but none of that helps them to understand how to build the business back after a serious cyber attack.

Until recent years, this cyber security recovery investment would be spent on an annual tabletop exercise or disaster recovery test and auditing recovery plans. While this should be done, it isn’t enough on its own.

Cyber security insurance is also critical, of course, but it only covers some of the losses. It won’t cover future loss. The reality is most organisations find it very difficult to fully recover from an attack. Those that invest more in disaster recovery and business continuity recover from these attacks far more swiftly than their less-prepared competitors.

The four core components of an effective cyber security recovery program

1. Pre-emptive action

2. Responsibilities and accountability

3. Having the right IT architecture, security and recovery process in place

4. Learning lessons and implementing changes.

Once these factors are understood, and any weak spots identified, the organisation can focus on re-designing or updating architecture and procedures, and on retraining employees (something that should happen regularly).

Recovery is a process that starts long before a cyber attack occurs. It concludes not when the data is secured, but when the organisation can say that it’s learned everything it can from the event and has made the changes necessary to avoid it happening again.

https://www.helpnetsecurity.com/2022/11/03/cybersecurity-recovery/

• Geopolitics Plays Major Role in Cyber Attacks, Says EU Cyber Security Agency

The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organisations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).

In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report. The report, this year titled Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape, notes that in general geopolitical situations continue to have a high impact on cyber security.

This year's report identified several attack types frequently used by state-sponsored attackers. These include zero-day and critical vulnerability exploitation; attacks on operational technology (OT) networks; wiper attacks to destroy and disrupt networks of governmental agencies and critical infrastructure entities; and supply chain attacks. Attacks also featured social engineering, disinformation, and threats against data.

State-sponsored threat actors have also been observed targeting entities from countries in Southeast Asia, Japan, Australia, and Taiwan. Due to increased tensions between specific countries in Asia, state-sponsored threat actors have targeted countries (including EU member states) that had established closer ties with Taiwan.

Ransomware remains the top cyber crime attack type this year as well. More than 10 terabytes of data were stolen monthly during the period studied, with phishing identified as the most common initial vector of such attacks. The report also noted that 60% of affected organisations likely have paid the ransom demanded.

The second most used form of attack was DDoS. The largest DDoS attack ever was launched in Europe in July 2022 against a European customer of Akamai. The attack hit a peak at 853.7Gbps and 659.6Mpps (megapackets per second) over 14 hours.

While all sectors fell victim to attacks, public administration and government entities were the most affected, making up 24% of all cyber attack victims. This was followed by digital service providers at 13% and the general public at 12%. These three sectors alone accounted for 50% of all the attacks during this year.

https://www.csoonline.com/article/3678771/geopolitics-plays-major-role-in-cyberattacks-says-eu-cybersecurity-agency.html#tk.rss_news

• Russian Hackers Account for Most 2021 Ransomware Schemes, US Says

Payment-seeking software made by Russian hackers was used in three quarters of all the ransomware schemes reported to a US financial crime agency in the second half of 2021, a Treasury Department analysis released on Tuesday showed.

In an analysis issued in response to the increase in number and severity of ransomware attacks against critical infrastructure in the United States since late 2020, the US Financial Crimes Enforcement Network (FinCEN) said it had received 1,489 ransomware-related filings worth nearly $1.2 billion in 2021, a 188% jump from the year before.

Out of 793 ransomware incidents reported to FinCEN in the second half of 2021, 75% "had a nexus to Russia, its proxies, or persons acting on its behalf," the report said.

Washington last week hosted a meeting with officials from 36 countries and the European Union, as well as 13 global companies to address the growing threat of ransomware and other cyber crime, including the illicit use of cryptocurrencies.

https://www.reuters.com/technology/us-says-many-ransomware-attacks-late-2021-were-connected-russian-actors-2022-11-01/

• Exposed: The Global Hacking Network That Targets VIPs

Private investigators linked to the City of London are using an India-based computer hacking gang to target British businesses, government officials and journalists.

The Sunday Times and the Bureau of Investigative Journalism have been given access to the gang’s database, which reveals the extraordinary scale of the attacks. It shows the criminals targeted the private email accounts of more than 100 victims on behalf of investigators working for autocratic states, British lawyers and their wealthy clients. Critics of Qatar who threatened to expose wrongdoing by the Gulf state in the run-up to this month’s World Cup were among those hacked.

It is the first time the inner workings of a major “hack-for-hire” gang have been leaked to the media and it reveals multiple criminal conspiracies. Some of the hackers’ clients are private investigators used by major law firms with bases in the City of London.

The investigation — based on the leaked documents and undercover work in India — reveals:

• Orders went out to the gang to target the BBC’s political editor Chris Mason in May, three weeks after his appointment was announced.

• The president of Switzerland and his deputy were targeted just days after he met Boris Johnson and Liz Truss in Downing Street to discuss Russian sanctions.

• Philip Hammond, then chancellor, was hacked as he was dealing with the fallout of Russia’s novichok poisonings in Salisbury.

• A private investigator hired by a London law firm acting for the Russian state ordered the gang to target a British-based oligarch fleeing President Putin.

• Michel Platini, the former head of European football, was hacked shortly before he was due to talk to French police about corruption allegations relating to this year’s World Cup.

• The hackers broke into the email inboxes of the Formula One motor racing bosses Ruth Buscombe, the British head of race strategy at the Alfa Romeo team, and Otmar Szafnauer, who was chief executive of the Aston Martin team.

• The gang seized control of computers owned by Pakistan’s politicians, generals and diplomats and eavesdropped on their private conversations apparently at the behest of the Indian secret services.

The commissioning of hacking is a criminal offence punishable with a maximum sentence of ten years in jail in Britain. The Metropolitan Police was tipped off about the allegations regarding Qatar in October last year, yet chose not to take any action. David Davis, the former cabinet minister, said that the force should reopen its investigation into the cyber attacks against British citizens. Davis said the investigation exposed how London has become “the global centre of hacking”.

https://www.thetimes.co.uk/article/exposed-the-global-hacking-network-that-targets-vips-nff67j67z

Threats

Ransomware and Extortion

• Wannacry, the hybrid malware that brought the world to its knees. Let’s not forget! - Security Affairs

• International Counter Ransomware Initiative 2022 Joint Statement | The White House

• Oreo Giant Mondelez Settles NotPetya 'Act of War' Insurance Suit (darkreading.com)

• Extortion fears after hacker stole patient files from Dutch mental health clinics (bitdefender.com)

• Ransomware activity and network access sales in Q3 2022 - Security Affairs

• Ransomware costs top $1 billion as White House inks new threat-sharing initiative - CyberScoop

• Stopping C2 communications in human-operated ransomware through network protection - Microsoft Security Blog

• FIN7 Cyber crime Group Likely Behind Black Basta Ransomware Campaign (darkreading.com)

• Everything You Need to Know About LockBit (darkreading.com)

• Yanluowang ransomware gang goes dark after leaks (techtarget.com)

• LockBit 3.0 gang claims to have stolen data from Thales - Security Affairs

• Ransomware cost US banks $1.2 billion last year • The Register

• Australia sees rise in cyber crimes on back of 'destructive' ransomware, state actors | ZDNET

• Listed car dealer Pendragon has ‘contained’ cyber attack – but new deadline for data release issued by hackers – Car Dealer Magazine

• Hackers Target Australian Defense Communications Platform With Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit Dominates Ransomware Campaigns in 2022: Deep Instinct - Infosecurity Magazine (infosecurity-magazine.com)

• BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider - Security Affairs

• Australian Defence Department Impacted In Ransomware Attack (informationsecuritybuzz.com)

• LockBit ransomware gang claims the hack of the Continental automotive group - Security Affairs

• Cyber attack Strikes Global Copper Conglomerate (darkreading.com)

• ALMA Observatory shuts down operations due to a cyber attack (bleepingcomputer.com)

• Osaka Hospital Halts Services After Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

Phishing & Email Based Attacks

• Outmanoeuvring cyber criminals by recognizing mobile phishing threats’ telltale markers - Help Net Security

• Robin Banks phishing service returns to steal banking accounts (bleepingcomputer.com)

• Attackers leverage Microsoft Dynamics 365 to phish users - Help Net Security

• Phishers Abuse Microsoft Voicemail Service to Trick Users - Infosecurity Magazine (infosecurity-magazine.com)

• CISA Urges Organisations to Implement Phishing-Resistant MFA | SecurityWeek.Com

• 130 private Dropbox GitHub repos copied after phish attack • The Register

• As Twitter brings on $8 fee, phishing emails target verified accounts (bleepingcomputer.com)

BEC – Business Email Compromise

• New Crimson Kingsnake gang impersonates law firms in BEC attacks (bleepingcomputer.com)

• Double-check those demand-payment emails from law firms • The Register

Malware

• RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam (bleepingcomputer.com)

• The Emotet botnet has returned with a vengeance | TechRadar

• Emotet botnet starts blasting malware again after 4 month break (bleepingcomputer.com)

• Drinik banking malware returns: Things you can do to keep your data safe | Mint (livemint.com)

• Hacking group abuses antivirus software to launch LODEINFO malware (bleepingcomputer.com)

• This stealthy hacking campaign uses a new trick to deliver its malware | ZDNET

• Cranefly threat group uses innocent-looking info-stealer • The Register

• 250+ US news sites spotted spreading FakeUpdates malware in a supply-chain attack - Security Affairs

• New Azov data wiper tries to frame researchers and BleepingComputer

• Dozens of PyPI packages caught dropping 'W4SP' info-stealing malware (bleepingcomputer.com)

• Inside Raccoon Stealer V2 (thehackernews.com)

Mobile

• Android Apps With a Million Downloads Led Users to Phishing Sites - Infosecurity Magazine (infosecurity-magazine.com)

• US govt employees exposed to mobile attacks from outdated Android, iOS (bleepingcomputer.com)

• Samsung Galaxy Bug Secretly Let Hackers Install Apps on Targeted Devices (informationsecuritybuzz.com)

• Cyber-Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware (darkreading.com)

• Malicious dropper apps on Play Store totaled 30.000+ installations - Security Affairs

• New SandStrike spyware infects Android devices via malicious VPN app (bleepingcomputer.com)

Internet of Things – IoT

• IoT devices can undermine your security. Here are four ways to boost your defences | ZDNET

• Understanding The Importance Of Cyber Resilience In Smart Buildings - IT Security Guru

Data Breaches/Leaks

• Royal Mail customer data leak shutters online Click and Drop • The Register

• Vodafone Italy discloses data breach after reseller hacked (bleepingcomputer.com)

• LockBit 3.0 gang claims to have stolen data from Thales - Security Affairs

• Dropbox discloses breach after hacker stole 130 GitHub repositories (bleepingcomputer.com)

• Data Breach of Missile Maker MBDA May Have Been Real: CloudSEK - Infosecurity Magazine (infosecurity-magazine.com)

• Experian tool exposed partial Social Security numbers, putting customers at risk - CyberScoop

• Label Giant Multi-Color Corporation Discloses Data Breach | SecurityWeek.Com

• Bed Bath & Beyond Discloses Data Breach to SEC (darkreading.com)

Organised Crime & Criminal Actors

• US Hacker Group Indicted For Million-Dollar RICO Conspiracy - Infosecurity Magazine (infosecurity-magazine.com)

• Four-year cyber crime campaign targeting African banks netted $30 million - CyberScoop

• French-speaking crooks stole $30m in bank cyber-heist spree • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• New clipboard hijacker replaces crypto wallet addresses with lookalikes (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Fraudulent Instruction Losses Spike in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Former Apple worker pleads guilty to $17m fraud charges • The Register

Insurance

• Mondelez, Zurich settle $100m+ NotPetya insurance lawsuit • The Register

Dark Web

• German cops arrest student in dark-web marketplace bust • The Register

Supply Chain and Third Parties

• NCSC issues fresh guidance following recent rise in supply chain cyber attacks – Intelligent CISO

• Hundreds of US news sites push malware in supply-chain attack (bleepingcomputer.com)

Software Supply Chain

• You can up software supply chain security by implementing these measures - Help Net Security

• W4SP Stealer Stings Python Developers in Supply Chain Attack (darkreading.com)

Denial of Service DoS/DDoS

• FBI: Hacktivist DDoS attacks had minor impact on critical orgs (bleepingcomputer.com)

• CISA, FBI, MS-ISAC Publish Guidelines For Federal Agencies on DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS Attacks are Upgrading 70% with The Help of CLDAP (analyticsinsight.net)

Cloud/SaaS

• Why Identity & Access Management Governance is a Core Part of Your SaaS Security (thehackernews.com)

• Top 4 priorities for cloud data protection - Help Net Security

• Zscaler's Cloud-Based Cyber security Outages Showcase Redundancy Problem (darkreading.com)

API

• Why Are Zombie APIs and Shadow APIs So Scary? (darkreading.com)

Open Source

• Last Years Open Source - Tomorrow's Vulnerabilities (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Air New Zealand warns of an ongoing credential stuffing attack - Security Affairs

Social Media

• As Twitter brings on $8 fee, phishing emails target verified accounts (bleepingcomputer.com)

Training, Education and Awareness

• Can You Nudge Employees Toward Better Cyber security? New Research Says Yes (darkreading.com)

Travel

• Data capture by border agencies can and will happen – are your on-the-road employees prepared? | CSO Online

Regulations, Fines and Legislation

• ICO Slashes Government Data Breach Fine - Infosecurity Magazine (infosecurity-magazine.com)

• SolarWinds reaches $26m settlement, expects SEC action • The Register

• How to Prepare for New SEC Cyber security Disclosure Requirements | SecurityWeek.Com

Careers, Working in Cyber and Information Security

• How Microsoft works to grow the next generation of cyber defenders - Microsoft Security Blog

• Economic Uncertainty Isn't Stopping Cyber crime Recruitment — It's Fueling It (darkreading.com)

• How to Narrow the Talent Gap in Cyber security (darkreading.com)

• Is there a problem with stress and burnout in cyber security? - IT Security Guru

• A Third of Security Leaders Considering Quitting Their Current Role - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• German cops arrest student in dark-web marketplace bust • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russia has declared hybrid war on Britain (telegraph.co.uk)

• Will cyber saber-rattling drive us to destruction? - Help Net Security

• British cyber warriors defend Ukraine | News | The Times

• No.10 WhatsApp Use Is Critical Danger To Security (informationsecuritybuzz.com)

• Oreo Giant Mondelez Settles NotPetya 'Act of War' Insurance Suit (darkreading.com)

• Cyber Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware (darkreading.com)

• New SandStrike spyware infects Android devices via malicious VPN app (bleepingcomputer.com)

• Russian missile strikes overshadow cyber attacks as Ukraine reels from blackouts | CNN Politics

Nation State Actors

Nation State Actors – Russia

• Liz Truss 's phone was allegedly hacked by Russian spies - Security Affairs

• MPs 'constantly' warned their phones are national security risk (telegraph.co.uk)

• US Treasury thwarted attack by Russian hacker group last month-official | Reuters

• Russia tries to impose switch to Linux from Windows (freethink.com)

• Ukraine war: British spies playing key role in defending Kyiv from Russian cyber attacks | UK News | Sky News

Nation State Actors – China

• China-Backed APT10 Supercharges Spy Game With Custom Fileless Backdoor (darkreading.com)

• Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware (thehackernews.com)

Nation State Actors – Misc

• Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics (darkreading.com)

Vulnerability Management

• The most frequently reported vulnerability types and severities - Help Net Security

• Last Years Open Source - Tomorrow's Vulnerabilities (thehackernews.com)

• Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics (darkreading.com)

Vulnerabilities

• The OpenSSL security update story – how can you tell what needs fixing? – Naked Security (sophos.com)

• Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers | SecurityWeek.Com

• Fortinet fixed 16 vulnerabilities, 6 rated as high severity - Security Affairs

• Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products | SecurityWeek.Com

• You Need to Update Google Chrome, Windows, and Zoom Right Now | WIRED UK

• The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical (darkreading.com)

• Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product | SecurityWeek.Com

• OpenSSL downgrades horror bug after week of speculation • The Register

• Follina Exploit Leads to Domain Compromise (thedfirreport.com)

• Patch Now: Dangerous RCE Bug Lays Open ConnectWise Server Backup Managers (darkreading.com)

Reports Published in the Last Week

• NCSC Annual Review 2022 - NCSC.GOV.UK

• Microsoft Digital Defense Report 2022 | Microsoft Security

• Psychology of Passwords 2022: Proactive Cyber security - LastPass

• APT trends report Q3 2022 | Securelist

• Attack Surface Management 2022 Midyear Review Part 3 (trendmicro.com)

• 2022 Cyber Threat Report Details Growing Trends | TechRepublic

• Volatile Geopolitics Shake the Trends of the 2022 Cyber security Threat Landscape — ENISA (europa.eu)

Other News

• Meet fundamental cyber security needs before aiming for more - Help Net Security

• NCSC Issued 34 Million Cyber Alerts in Past Year - Infosecurity Magazine (infosecurity-magazine.com)

• Multi-factor authentication fatigue can blow open security • The Register

• WiFi security flaw lets a drone track devices through walls | Engadget

• Now That EDR Is Obvious, What Comes Next? (darkreading.com)

• The Art of Calculating the Cost of Risk (darkreading.com)

• Build Security Around Users: A Human-First Approach to Cyber Resilience (darkreading.com)

• The Role of Ethical Hacking in Cyber security (bolton.ac.uk)

• Top 10 Ethical Hacking Trends and Predictions for 2023 (analyticsinsight.net)

• British govt is scanning all Internet devices hosted in UK (bleepingcomputer.com)

• Red Cross Eyes Digital Emblem for Cyber space Protection | SecurityWeek.Com

• CISA releases cyber security performance goals to reduce risk and impact of adversarial threats | CSO Online

• Security hygiene and posture management requires new tools (techtarget.com)

• Most Online Shoppers Would Leave Retailer Following Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Offense Gets the Glory, but Defence Wins the Game | SecurityWeek.Com

• The 7 Core Pillars of a Zero-Trust Architecture (techtarget.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report"

CyberEdge Group, a leading research and marketing firm serving the cyber security industry’s top vendors, announced the launch of its ninth annual Cyberthreat Defense Report (CDR). The award-winning CDR is the standard for assessing organisations’ security posture, gauging perceptions of information technology (IT) security professionals, and ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions.

A record 71% of organisations were impacted by successful ransomware attacks last year, according to the 2022 CDR, up from 55% in 2017. Of those that were victimised, nearly two-thirds (63%) paid the requested ransom, up from 39% in 2017.

https://www.darkreading.com/attacks-breaches/nearly-two-thirds-of-ransomware-victims-paid-ransoms-last-year-finds-2022-cyberthreat-defense-report-

• New Android Banking Malware Remotely Takes Control of Your Device

A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud.

Octo is an evolved Android malware based on ExoCompact, a malware variant based on the Exo trojan that quit the cyber crime space and had its source code leaked in 2018.

The new variant has been discovered by researchers at ThreatFabric, who observed several users looking to purchase it on darknet forums.

https://www.bleepingcomputer.com/news/security/new-android-banking-malware-remotely-takes-control-of-your-device/

• Network Intrusion Detections Skyrocketing

A WatchGuard report shows a record number of evasive network malware detections with advanced threats increasing by 33%, indicating a higher level of zero day threats than ever before.

Researchers detected malware threats in EMEA at a much higher rate than other regions of the world in Q4 2021, with malware detections per Firebox at 49%, compared to Americas at 23% and APAC at 29%. The trajectory of network intrusion detections also continued its upward climb with the largest total detections of any quarter in the last three years and a 39% increase quarter over quarter.

Researchers suggest that this may be due to the continued targeting of old vulnerabilities as well as the growth in organisations’ networks. As new devices come online and old vulnerabilities remain unpatched, network security is becoming more complex.

https://www.helpnetsecurity.com/2022/04/08/network-malware-detections/

• Organisations Underestimating the Seriousness of Insider Threats

Imperva releases data that shows organisations are failing to address the issue of insider threats during a time when the risk is at its greatest.

New research, conducted by Forrester, found that 59% of incidents in EMEA organisations that negatively impacted sensitive data in the last 12 months were caused by insider threats, and yet 59% do not prioritise insider threats the way they prioritise external threats. Despite the fact that insider events occur more often than external ones, they receive lower levels of investment.

This approach is at odds with today’s threat landscape where the risk of malicious insiders has never been higher. The rapid shift to remote working means many employees are now outside the typical security controls that organisations employ, making it harder to detect and prevent insider threats.

Further, the Great Resignation is creating an environment where there is a higher risk of employees stealing data. This data could be stolen intentionally by people looking to help themselves in future employment, because they are disgruntled and want revenge, or it could be taken unintentionally when a careless employee leaves the business with important information.

https://www.helpnetsecurity.com/2022/04/08/organizations-insider-threats-issue/

• Watch Out for Phishing Emails from Genuine Mailing Lists, Following Mailchimp Hack

A Mailchimp hack means that you’ll want to be even more vigilant than usual about phishing emails. Attackers have taken a clever approach to making their emails appear genuine …

When you subscribe to an email list, there’s a decent chance that the emails you received are actually sent by a company called Mailchimp, rather than directly by the company itself. Mailchimp offers companies a range of tools that make it easy to manage email databases, and send marketing emails and newsletters.

Hackers managed to gain access to more than 100 Mailchimp customer accounts, giving them the ability to send emails that would appear to have come from any one of those businesses.

Users will need to be more vigilant when receiving emails and avoid clicking on links in emails, even if they appear genuine.

https://9to5mac.com/2022/04/05/mailchimp-hack-phishing-alert/

• SpringShell Attacks Target About One in Six Vulnerable Orgs

Roughly one out of six organisations worldwide that are impacted by the Spring4Shell zero-day vulnerability have already been targeted by threat actors, according to statistics from one cyber security company.

The exploitation attempts took place in the first four days since the disclosure of the severe remote code execution (RCE) flaw, tracked as CVE-2022-22965, and the associated exploit code.

According to Check Point, who compiled the report based on their telemetry data, 37,000 Spring4Shell attacks were detected over the past weekend alone.

https://www.bleepingcomputer.com/news/security/springshell-attacks-target-about-one-in-six-vulnerable-orgs/

• New Threat Group Underscores Mounting Concerns Over Russian Cyber Threats

Crowdstrike says Ember Bear is likely responsible for the wiper attack against Ukrainian networks and that future Russian cyber attacks might target the West.

As fears mount over the prospects of a “cyberwar” initiated by the Russian government, the number of identified Russian threat actors also continues to climb. Last week CrowdStrike publicly revealed a Russia-nexus state-sponsored actor that it tracks as Ember Bear.

CrowdStrike says that Ember Bear (also known as UAC-0056, Lorec53, Lorec Bear, Bleeding Bear, Saint Bear) is likely an intelligence-gathering adversary group that has operated against government and military organisations in eastern Europe since early 2021. The group seems “motivated to weaponize the access and data obtained during their intrusions to support information operations (IO) aimed at creating public mistrust in targeted institutions and degrading government ability to counter Russian cyber operations,” according to CrowdStrike intelligence.

Despite its state-sponsored Russia nexus, Ember Bear differs from its better-known kin such as Fancy Bear or Voodoo Bear because CrowdStrike can’t tie it to a specific Russian organisation. Its target profile, assessed intent, and technical tactics, techniques, and procedures (TTPs) are consistent with other Russian GRU cyber operations.

https://www.csoonline.com/article/3655976/new-threat-group-underscores-mounting-concerns-over-russian-cyber-threats.html

• Consumer Fraud Tripled in The Last Two Years

Reported cases of consumer fraud more than tripled in the years 2020-2021 from prior years, finds a new report by Accenture, presenting a growing challenge for public safety agencies to find new strategies to counter the trend.

The report compiled data from eight developed nations (Australia, Canada, France, Germany, Italy, Singapore, the United Kingdom, and the United States) on consumer fraud, defined as any fraud directly targeting citizens and excluding fraud targeting government agencies and companies. Reports of such fraud increased at an estimated 6.8% rate annually during 2013-2019 and then increased to a 22.5% annual growth rate yearly during 2020-2021 in parallel with the large shift of workers and consumers to digital channels and greater use of technology during the pandemic.

https://www.helpnetsecurity.com/2022/04/08/consumer-fraud-tripled/

• Borat RAT: Multiple Threat of Ransomware, DDoS and Spyware

A new remote access trojan (RAT) dubbed "Borat" doesn't come with many laughs but offers bad actors a menu of cyberthreats to choose from.

RATs are typically used by cyber criminals to get full control of a victim's system, enabling them to access files and network resources and manipulate the mouse and keyboard. Borat does all this and also delivers features to enable hackers to run ransomware, distributed denial of service attacks (DDoS) and other online assaults and to install spyware, according to researchers at cyber security biz Cyble.

"The Borat RAT provides a dashboard to Threat Actors (TAs) to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim's machine," the researchers wrote in a blog post, noting the malware is being made available for sale to hackers.

Borat – named after the character made famous by actor Sacha Baron Cohen in two comedy films – comes with the standard requisite of RAT features in a package that includes such functions as builder binary, server certificate and supporting modules.

https://www.theregister.com/2022/04/04/borat-rat-ransomware-ddos/

• Bank Had No Firewall License, Intrusion or Phishing Protection – Guess the Rest

An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees.

The unfortunate institution is called the Andra Pradesh Mahesh Co-Operative Urban Bank. Its 45 branches and just under $400 million of deposits make it one of India's smaller banks.

It certainly thinks small about security – at least according to Hyderabad City Police, which last week detailed an attack on the Bank that started with over 200 phishing emails being sent across three days in November 2021. At least one of those mails succeeded in fooling staff, resulting in the installation of a Remote Access Trojan (RAT).

Another technology the bank had chosen not to adopt was virtual LANs, so once the RAT went to work the attackers gained entry to the Bank's systems and were able to roam widely – even in its core banking application

https://www.theregister.com/2022/04/05/mahesh_bank_no_firewall_attack/

• Global APT Groups Use Ukraine War for Phishing Lures

Security researchers have detected multiple APT campaigns leveraging Ukraine war-themed documents and news sources to lure victims into clicking on spear-phishing links.

Check Point Research said victim locations ranged from South America to the Middle East, with malware downloads designed to perform keylogging and screenshotting and execute commands.

The threat groups in question include El Machete, which is targeting the financial and government sectors in Nicaragua and Venezuela with malicious macro-laden Word documents containing articles on the war.

One of the docs was an article written by the Russian ambassador to Nicaragua titled: “Dark plans of the neo-Nazi regime in Ukraine.”

Another is Lyceum, an Iranian state-linked group targeting the energy sector with emails about war crimes in Ukraine that link to a malicious document hosted elsewhere. Its victims so far have been in Israel and Saudi Arabia, according to Check Point.

One email contained a link to an article from The Guardian hosted on the news-spot[.]live domain, alongside several malicious docs about the war.

https://www.infosecurity-magazine.com/news/global-apt-ukraine-war-phishing/

• Paying Ransom Doesn’t Guarantee Data Recovery

OwnBackup announced the findings of a global survey conducted by Enterprise Strategy Group (ESG) that reveals a staggering 79% of respondent organisations have been targeted by ransomware within the past 12 months. Of those organisations, nearly three quarters said the attack was successful, meaning that it disrupted business operations.

Other key findings

·       Of the respondents that said their organisation paid a cyber ransom to regain access to data, applications, and/or systems after an attack, only 14% were able to recover all of their data.

·       87% of respondents who made ransom payments said that they experienced additional extortion attempts beyond the initial ransomware demand.

·       31% of respondent organisations targeted by ransomware indicated that application user and permission misconfigurations were the initial point of compromise.

·       87% of respondents are very or somewhat concerned about their backups being infected by ransomware attacks.

https://www.helpnetsecurity.com/2022/04/07/organizations-targeted-by-ransomware/

Threats

Ransomware

• March Ransomware Attacks Strike Finance, Government Targets (techtarget.com)

• Why Paying The Ransom Isn’t The Answer For Ransomware Victims - Information Security Buzz

• Companies Are More Prepared to Pay Ransoms Than Ever Before (tripwire.com)

• Conti Ransomware Deployed in IcedID Banking Trojan Attack (techtarget.com)

• Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (thehackernews.com)

• Notorious Hacking Group FIN7 Adds Ransomware to Its Repertoire - CyberScoop

• BlackCat Purveyor Shows Ransomware Operators Have 9 Lives (darkreading.com)

• FIN7 Hackers Evolve Toolset, Work with Multiple Ransomware Gangs (bleepingcomputer.com)

• LockBit Ransomware Attack Costs CRM Services Provider Over $42 Million - MSSP Alert

• Snap-on Discloses Data Breach Claimed by Conti Ransomware Gang (bleepingcomputer.com)

Phishing & Email Based Attacks

• Phishing Hook: Are you on the line? Cyber Security Experts Explain How the Criminals Lure You In. (winknews.com)

Other Social Engineering

• Hackers Employ Voicemail Phishing Attacks On WhatsApp Users | TechRepublic

Malware

• Borat RAT Malware: A 'Unique' Triple Threat That Is Far from Funny | ZDNet

• Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware (thehackernews.com)

• Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums (thehackernews.com)

• Malicious Web Redirect Service Infects 16,500 Sites to Push Malware (bleepingcomputer.com)

• Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems (thehackernews.com)

Mobile

• 44 Vulnerabilities Patched in Android With April 2022 Security Updates | SecurityWeek.Com

• Fake Versions of Real Smartphone Apps Are Being Used To Spread Malware. Here's How to Stay Safe | ZDNet

• Samsung Security Flaw Left Phones Exposed for Years (androidpolice.com)

• Six 'Antivirus' Apps Were Caught Spreading Malware That Steals Banking Info — Here Are the Culprits | Laptop Mag

• SharkBot Android Malware Continues Popping Up on Google Play | SecurityWeek.Com

• Android Apps With 45 Million Installs Used Data Harvesting SDK (bleepingcomputer.com)

• New Android Spyware Uses Turla-Linked Infrastructure | SecurityWeek.Com

Organised Crime & Criminal Actors

• Cyber Criminals Taking Advantage of The Ukraine Crisis To Create Charity Donation Scams - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking

• Crypto 2022: Hackers Have Nabbed $1.22 Billion Already (yahoo.com)

• Malicious Crypto Miners Can Make A Profit In A Few Hours - Help Net Security

• Malicious Actors Targeting the Cloud For Cryptocurrency-Mining Activities - Help Net Security

• Cryptocurrency-Mining AWS Lambda-Specific Malware Spotted • The Register

• MailChimp Breached, Intruders Conducted Phishing Attacks Against Crypto Customers - Security Affairs

• Turkey Seeks 40,000-Year Sentences for Alleged Cryptocurrency Exit Scammers | ZDNet

Insider Risk and Insider Threats

• New Insider Threat: Bad Business Decisions That Put IP At Risk | CSO Online

Fraud, Scams & Financial Crime

• Traditional Identity Fraud Losses Soar, Totalling $52 Billion in 2021 - Help Net Security

• Online Fraud Up 233% - Infosecurity Magazine

• Internal Auditors Stepping Up to Become Strategic Advisors In The Fight Against Fraud - Help Net Security

• South African and US Officers Swoop on Fraud Gang - Infosecurity Magazine

Insurance

• 18% Of the Top 99 Insurance Carriers Have A High Susceptibility To Ransomware - Help Net Security

Supply Chain

• The Blurring Line, and Growing Risk, Between Physical and Digital Supply Chains (darkreading.com)

Cloud

• The Importance of Understanding Cloud Native Security Risks - Help Net Security

• 15 Cyber Security Measures for the Cloud Era - Security Affairs

Privacy

• How You’re Still Being Tracked on the Internet - The New York Times (nytimes.com)

• Using Google's Chrome Browser? This New Feature Will Help You Fix Your Security Settings | ZDNet

Passwords & Credential Stuffing

• Attack on Ukraine Telecoms Provider Caused by Compromised Employee Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks (thehackernews.com)

Travel

• Hotels In Hackers’ Sights as Technology Replaces Personal Touch | Financial Times (ft.com)

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Hackers Use Conti's Leaked Ransomware to Attack Russian Companies (bleepingcomputer.com)

• Hacking Group Claim It Has Leaked More Than 900,000 Emails from Russian State Media | The Independent

• What Is the Risk Of Retaliation For Taking A Corporate Stance on Russia? | CSO Online

• Anonymous and the IT ARMY of Ukraine Continue to Target Russian Entities - Security Affairs

Nation State Actors

Nation State Actors – Russia

• The Russian Cyber Attack Threat Might Force a New IT Stance | Computerworld

• FBI Operation Aims to Take Down Massive Russian GRU Botnet | TechCrunch

• Microsoft Sinkholes Russian Hacking Group's Domains Targeting Ukraine (darkreading.com)

• FBI Disrupts Russian Military Hackers, Preventing Botnet Amid Ukraine War | Fox News

• Russia (still) Trying To Weaponize Facebook Amid Ukraine War • The Register

Nation State Actors – China

• Symantec: Chinese APT Group Targeting Global MSPs | SecurityWeek.Com

• Chinese Hackers Are Using VLC Media Player to Launch Malware Attacks (androidpolice.com)

• Hacked: Inside the US-China Cyberwar | Cybersecurity | Al Jazeera

• China Uses AI Software to Improve Its Surveillance Capabilities | Reuters

Nation State Actors – Misc

• Israeli Officials Are Being Catfished by APT-C-23 Hackers | ZDNet

Vulnerabilities

• CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability (thehackernews.com)

• Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug (bleepingcomputer.com)

• A Vulnerability in Zyxel Firewall Could Allow for Authentication Bypass (cisecurity.org)

• Citrix Releases Security Updates for Hypervisor | CISA

• Spring4Shell Patching Is Going Slow but Risk Not Comparable To Log4Shell | CSO Online

• VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products (thehackernews.com)

• Apple Leaves Big Sur, Catalina Exposed to Critical Flaws: Intego | SecurityWeek.Com

• A Mirai-Based Botnet Is Exploiting the Spring4Shell Vulnerability - Security Affairs

• Steady Rise in Severe Web Vulnerabilities - Help Net Security

• ACF WordPress Plugin Vulnerability Affects Up To +2 Million Sites (searchenginejournal.com)

• Zero Days Are for Life, Not Just For Christmas. Here’s How to Deal With Them • The Register

Sector Specific

Financial Services Sector

• March Ransomware Attacks Strike Finance, Government Targets (techtarget.com)

FinTech

• Server-Side-Request-Forgery Enabled Administrative Account Takeover on FinTech Platform - IT Security Guru

Health/Medical/Pharma Sector

• 49% of Small Medical Practices Lack a Cyber Attack Response Plan - Help Net Security

Manufacturing

• A Cyber Attack Forced The Wind Turbine Manufacturer Nordex Group To Shut Down Some of IT Systems - Security Affairs

CNI, OT, ICS, IIoT and SCADA

• Europe Warned About Cyber Threat to Industrial Infrastructure | SecurityWeek.Com

• BlackCat Ransomware Targets Industrial Companies | SecurityWeek.Com

Energy & Utilities

• Spanish Energy Giant Hit by Data Breach - IT Security Guru

Reports Published in the Last Week

• Cyberthreat Defense Report 2021 - CyberEdge Group (cyber-edge.com)

Other News

• Okta CEO Says Lapsus$ Hack is 'Big Deal,' Aims to Restore Trust (yahoo.com)

• 86% of Developers Don't Prioritise Application Security - Help Net Security

• Digital Transformation Requires Security Intelligence - Help Net Security

• Government Officials: AI Threat Detection Still Needs Humans (techtarget.com)

• The Original APT: Advanced Persistent Teenagers – Krebs on Security

• Scan This: There's Danger in QR Codes (darkreading.com)

• How Many Steps Does It Take for Attackers To Compromise Critical Assets? - Help Net Security

• Cyber Talent Shortage Remains A Top Problem For Sec Pros – CEO Perspective - Information Security Buzz

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Businesses Suffered 50% More Cyber Attack Attempts per Week in 2021

Cyberattack attempts reached an all-time high in the fourth quarter of 2021, jumping to 925 a week per organisation, partly due to attempts stemming from the Log4j vulnerability, according to new data.

Check Point Research on Monday reported that it found 50% more attack attempts per week on corporate networks globally in calendar year 2021 compared with 2020.

The researchers define a cyberattack attempt as a single isolated cyber occurrence that could be at any point in the attack chain — scanning/exploiting vulnerabilities, sending phishing emails, malicious website access, malicious file downloads (from Web/email), second-stage downloads, and command-and-control communications.

https://www.darkreading.com/attacks-breaches/corporate-networks-saw-50-more-attacks-per-week-in-2021-

Cyber Attacks Against MSPs Jump 67%

Cyber attacks spiked by 50 percent in 2021 as compared to 2020, aided by millions of attacks in December by hackers attempting to exploit the Log4J vulnerability, according to a Check Point Software Technologies research report.

In terming 2021 a “record breaking year,” the security provider pointed to a worldwide peak of 925 cyber attacks per organisation weekly and an October 2021 measure that showed a 40 percent increase in cyberattacks, with one out of every 61 entities hit by ransomware each week. The number of cyberattacks on managed service providers (MSPs) and internet service providers (ISPs) rose by nearly 70 percent year over year.

https://www.msspalert.com/cybersecurity-news/cyberattacks-vs-msps-skyrocket/

SMEs Still An Easy Target For Cyber Criminals

Cyber crime continues to be a major concern, with 51% of SMEs experiencing a cyber security breach, a Markel Direct survey reveals.

In this survey that polled 1000 respondents, Markel Direct explored the issue of cybercrime and its impact on the self-employed and SMEs. The survey found the most common cybersecurity attacks were malware/virus related (24%) followed by a data breach (16%) and phishing attack (15%), with 68% reporting the cost of their breach was up to £5,000.

This comes after the latest Quarterly Fraud and Cyber Crime Report revealed that Britons lost over £1 billion in the first six months of 2021, due to the considerable increase in fraudulent activity.

https://www.helpnetsecurity.com/2022/01/12/smes-cybersecurity-breach/

World Economic Forum: Cyber Security Failures an Increasing Global Threat

Cybersecurity was once again identified as a major short and medium-term threat to the world in this year’s World Economic Forum’s (WEF’s) The Global Risk Report. The analysis was based on insights from nearly 1000 global experts and leaders who responded to the WEF’s Global Risks Perception Survey (GRPS).

Perhaps unsurprisingly, environmental issues like climate action failure and extreme weather ranked highest on the risks facing the world over the short (0-2 years), medium (2-5 years) and long-term (5-10 years). In addition, a number of challenges exacerbated by the pandemic, such as livelihood crises, infectious diseases and mental health deterioration, also scored highly. Overall, this added up to a pessimistic assessment, with 84.2% of respondents stating they were either “worried” or “concerned” about the global outlook.

Digital challenges, such as “cyber security failures,” were also viewed as a significant and growing problem to the world. Nearly one in five (19.5%) respondents believe cybersecurity failures will be a critical threat to the world in just the next 0-2 years, and 14.6% said it would be in 2-5 years

https://www.infosecurity-magazine.com/news/world-economic-forum-cybersecurity/

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Microsoft started 2022 with a large January Patch Tuesday update covering nine critical CVEs, including a self-propagator with a 9.8 CVSS score.

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days.

The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP).

https://threatpost.com/microsoft-wormable-critical-rce-bug-zero-day/177564/

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations.

The surprise takedown, which it said was carried out at the request of the US authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organised cyber crime syndicate.

"In order to implement the criminal plan, these persons developed malicious software, organised the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet," the FSB said in a statement.

In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means.

https://thehackernews.com/2022/01/russia-arrests-revil-ransomware-gang.html

North Korea Hackers Stole $400m Of Cryptocurrency In 2021, Report Says

North Korean hackers stole almost $400m (£291m) worth of digital assets in at least seven attacks on cryptocurrency platforms last year, a report claims.

Blockchain analysis company Chainalysis said it was one of most successful years on record for cyber-criminals in the closed east Asian state.

The attacks mainly targeted investment firms and centralised exchanges.

North Korea has routinely denied being involved in hack attacks attributed to them.

"From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," Chainalysis said in a report.

https://www.bbc.co.uk/news/business-59990477

No Lights, No Heat, No Money - That's Life In Ukraine During Cyber Warfare

Hackers who defaced and interrupted access to numerous Ukrainian government websites on Friday could be setting the stage for more serious cyberattacks that would disrupt the lives of ordinary Ukrainians, experts said.

"As tensions grow, we can expect more aggressive cyber activity in Ukraine and potentially elsewhere," said John Hultquist, an intelligence analyst at US cyber security company Mandiant, possibly including "destructive attacks that target critical infrastructure."

"Organisations need to begin preparing," Hultquist added.

Intrusions by hackers on hospitals, power utility companies, and the financial system were until recently rare. But organised cyber criminals, many of them living in Russia, have gone after institutions aggressively in the past two years with ransomware, freezing data and computerized equipment needed to care for hospital patients.

In some cases, those extortion attacks have led to patient deaths, according to litigation, media reports and medical professionals.

https://www.reuters.com/world/europe/no-lights-no-heat-no-money-thats-life-ukraine-during-cyber-warfare-2022-01-14/

Ukrainian Police Arrest Five Members Of Ransomware Affiliate

Ukrainian police announced the arrest of five members of a ransomware affiliate on Thursday, noting that the group was behind attacks on more than 50 companies across Europe and the US.

In a statement, both the Ukrainian Security Service and Ukrainian Cyber Police said the group made at least $1 million through their attacks on the companies.

US and UK law enforcement officials worked with Ukrainian officials on the operation.

Officials said the leader of the group was a 36-year-old who worked with his wife and three other people out of Kyiv. The five are facing a variety of charges in Ukraine related to money laundering, hacking, and selling malware.

One of the people charged is wanted by law enforcement agencies in UK after "using a virus to obtain bank card details of the customers of British banks," according to the police statement.

The bank card details were used to buy things online that were then resold.

https://www.zdnet.com/article/ukrainian-police-arrest-members-of-ransomware-affiliate/

Fingers Point To Lazarus, Cobalt, Fin7 As Key Hacking Groups Attacking Finance Industry

The Lazarus, Cobalt, and FIN7 hacking groups have been labeled as the most prevalent threat actors striking financial organisations today.

According to "Follow the Money," a new report (.PDF) published on the financial sector by Outpost24's Blueliv on Thursday, members of these groups are the major culprits of theft and fraud in the industry today.

The financial sector has always been, and possibly always will be, a key target for cybercriminal groups. Organisations in this area are often custodians of sensitive personally identifiable information (PII) belonging to customers and clients, financial accounts, and cash.

They also often underpin the economy: if a payment processor or bank's systems go down due to malware, this can cause irreparable harm not only to the victim company in question, but this can also have severe financial and operational consequences for customers.

https://www.zdnet.com/article/fingers-point-to-lazarus-cobalt-fin7-as-key-hacking-groups-focused-on-finance-industry/

Ransomware, Supply Chain, And Deepfakes: The Top Threats The Finance Industry Needs To Prepare For

The finance industry is constantly targeted by numerous threat actors, and they are always innovating and trying new techniques (such as deepfakes) to outsmart security teams and breach an organisation’s network.

In addition to that, there is currently a huge demand for data and new tools on the dark web. In fact, users are selling access to point-of-sale (PoS) terminals and login details to the websites of financial services organisations all the time.

How can financial organisations protect themselves from existing threats and combat new ones at the same time?

https://www.helpnetsecurity.com/2022/01/12/finance-industry-threats/

Threats

Ransomware

• Night Sky Ransomware Is Attacking Corporate Networks For 800k Ransom - The Cybersecurity Times

• One Of The REvil Members Arrested Was Behind Colonial Pipeline Attack - Security Affairs

• Ransomware Is Being Rewritten In Go For Joint Attacks On Windows, Linux Users | IT PRO

• Inside a Ransomware Hit at Nordic Choice Hotels - WSJ

• Watch Out, That Microsoft Edge Update Is Actually Ransomware | TechRadar

• Qlocker Ransomware Returns To Target QNAP NAS Devices Worldwide (bleepingcomputer.com)

• Trends That Shaped Ransomware – And Why It’s Not Slowing Down - CyberScoop

Phishing

• Check Your SPF Records: Wide IP Ranges Undo Email Security And Make For Tasty Phishes | ZDNet

• Phishers Are Targeting Office 365 Users By Exploiting Adobe Cloud - Help Net Security

• Hackers Exploiting Microsoft Exchange Server Vulnerabilities in Enterprise Phishing Campaigns - MSSP Alert

• Real Big Phish: Mobile Phishing & Managing User Fallibility | Threatpost

Malware