Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 79% of Cyber Pros Make Decisions Without Threat Intelligence

In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on?

Threat intelligence helps organisations stay informed about the latest cyber threats and vulnerabilities. By gathering and analysing information about potential attacks, threat intelligence can provide organisations with valuable insights into the tactics, techniques and procedures (TTPs) used by cyber criminals.

Given the deep value provided by threat intelligence, why aren’t more cyber pros taking advantage of it?

https://securityintelligence.com/articles/79-percent-of-cyber-pros-make-decisions-without-threat-intelligence/

• 61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success

A recent report found only 39% of respondents think their company's leadership has a sound understanding of cyber security's role as a business enabler. Cyber security can be a huge business enabler; executive leaders need to think of cyber security in terms of the value it can deliver at a more strategic level.

https://www.darkreading.com/risk/global-research-from-delinea-reveals-that-61-of-it-security-decision-makers-think-leadership-overlooks-the-role-of-cybersecurity-in-business-success

• Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’

The Federation of European Risk Management Associations (FERMA), an umbrella body representing 22 trade associations, said the cyber insurance market is “evolving in isolation from the industries it serves”.

It highlighted a move by Lloyd’s of London, the specialist insurance market and hub for cyber insurance, demanding that standard cyber policies have an exemption for big state-backed attacks.

“Without a more collaborative approach to cyber balancing the risk appetite of the insurance market with the coverage requirements of the corporate buyers, there is a risk that cyber insurance becomes an unviable product for many organisations,” FERMA said in a statement shared with the Financial Times.

The intervention is the strongest yet by the business lobby over the controversial exemption and wider concerns about cyber insurance.

https://www.ft.com/content/401629cc-e68a-41a4-8d50-e7c0d3e27835

• Small and Medium-Sized Businesses: Don’t Give up on Cyber Security

In today’s increasingly hostile environment, every enterprise, big or small, should be concerned about cyber security and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world.

Yet time and again, small and medium-sized businesses (SMBs) are left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt. Thus, cyber security becomes an “afterthought” or “add when we can” kind of service that leaves SMBs far more vulnerable than the corporate giants — just reading the news every day shows even they aren’t immune to ransomware, intrusions, and data theft. If you haven’t already, start thinking about security now.

https://www.csoonline.com/article/3695593/small-and-medium-sized-businesses-don-t-give-up-on-cybersecurity.html

• AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence

Hackers using ChatGPT are faster and more sophisticated than before, and cyber security analysts who don’t have access to similar tools can very quickly find themselves outgunned and outsmarted by these AI-assisted attackers. However, corporations are stumbling to figure out governance around AI, and while they do so, their employees are clearly defying rules and possibly jeopardising company operations. According to a study of 1.6 million workers, 3.1% input confidential company information into ChatGPT. Although the number seems small, 11% of users' questions include private information. This is a fatal flaw for corporate use considering how hackers can manipulate the system into giving them previously hidden information. In another study, it was found that 80% of security professionals used AI, with 46% of these giving specialised capabilities as a reason.

https://www.euronews.com/2023/05/04/ai-has-been-dubbed-a-nuclear-threat-to-cybersecurity-but-it-can-also-be-used-for-defence

• Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows

In three out of four cyber attacks, the hijackers succeeded in encrypting victims’ data, cyber security provider Sophos said in its newly released State of Ransomware 2023 report.

The rate of data encryption amounted to the highest from ransomware since Sophos first issued the report in 2020. Overall, roughly two-thirds of the 3,000 cyber security/IT leaders’ organisations were infected by a ransomware attack in the first quarter of 2023, or the same percentage as last year.

Much advice has been doled out by cyber security providers and law enforcement urging organisations to not pay a ransom. According to Sophos’ survey, the data shows that when organisations paid a ransom to decrypt their data, they ended up doubling their recovery costs. On average, those organisations paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organisations that used backups to recover their data.

Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.

https://www.msspalert.com/cybersecurity-research/paying-cyber-hijackers-ransoms-doubles-cost-of-recovery-sophos-study-shows/

• Majority of US, UK CISOs Unable to Protect Company 'Secrets'

A recent study found 75% of organisations have experienced a data leak involving company secrets, including API keys, usernames, passwords, and encryption keys, in the past. It was found that about 52% of chief information and security officers (CISOs) in the US and UK organisations are unable to fully secure their company secrets. The study showed that a huge chunk of the IT sector realises the danger of exposed secrets. Seventy-five percent said that a secret leak has happened in their organisation in the past, with 60% acknowledging it caused serious issues for the company, employees, or both. The report has pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.

https://www.csoonline.com/article/3695583/majority-of-us-uk-cisos-unable-to-protect-company-secrets-report.html

• Company Executives Can’t Afford to Ignore Cyber Security Anymore

In a recent survey, when asked about the Board and C-Suite‘s understanding of cyber security across the organisation, only 36% of respondents believe that it is considered important only in terms of compliance and regulatory demands, while 17% said it is not seen as a business priority. The disconnect between business and security goals appears to have caused at least one negative consequence to 89% of respondents’ organisations, with 26% also reporting it resulted in an increased number of successful cyber attacks at their company. On the misalignment of cyber security goals, respondents believed it contributed to delays in investments (35%), delays in strategic decision making (34%), and unnecessary increases in spending (27%).

https://www.helpnetsecurity.com/2023/05/10/cybersecurity-business-goals-alignment/

• BEC Campaign via Israel Spotted Targeting Multinational Companies

An Israel-based threat group was discovered carrying out a business email compromise (BEC) campaign primarily targeting large and multinational enterprises. The group has conducted 350 BEC campaigns since February 2021, with email attacks targeting employees from 61 countries across six continents. The group operate through two personas — a CEO and an external attorney and spoofed email addresses using real domains.

https://www.darkreading.com/remote-workforce/bec-attacks-out-of-israel-target-multinational-corporations

• CISOs Worried About Personal Liability for Breaches

Over three-fifths (62%) of global CISOs are concerned about being held personally liable for successful cyber attacks that occur on their watch, and a similar share would not join an organisation that fails to offer insurance to protect them, according to Proofpoint annual ‘Voice of the CISO’ survey for 2023. The security vendor polled 1600 CISOs from organisations of 200 employees or more across different industries in 16 countries to compile the report.

It revealed that CISOs in sectors with high volumes of sensitive data and/or heavy regulation such as retail (69%), financial services (65%) and manufacturing (65%) are most likely to demand insurance coverage.

Such concerns only add to the mental load on corporate IT security bosses. A combination of high-stress working environments, shrinking budgets and personal liability could be harming CISOs’ quality of life. Some 60% told Proofpoint they’ve experienced burnout in the past 12 months.

CISOs are most likely to experience burnout in the retail (72%) and IT, technology and telecoms (66%) industries.

https://www.infosecurity-magazine.com/news/cisos-worried-personal-liability/

• UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries

The UK NCSC along with the US National Security Agency (NSA) and various international partner agencies have discovered infrastructure connected with the sophisticated Russian cyber-espionage tool Snake in over 50 countries worldwide. Snake operations have been attributed to a specific unit within Russia’s Federal Security Service (FSB), Center 16.

Cyber criminals reportedly used Snake to retrieve and remove confidential documents related to international relations and diplomatic communications.

According to an advisory published by the agencies on Tuesday, the FSB targeted various industries, including education, small businesses, media, local government, finance, manufacturing and telecommunications. The Snake malware is installed on external infrastructure nodes for further exploitation.

According to the NSA Russian government actors have used this tool for years for intelligence collection and it is hoped that the technical details shared in the advisory will help many organisations find and shut down the malware globally.

https://www.infosecurity-magazine.com/news/nsa-uncovers-russian-snake-malware/

• Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

A new phishing-as-a-service tool called "Greatness" is being used in attacks targeting manufacturing, healthcare, technology, and other sectors.

Researchers at Cisco Talos detailed their findings on "Greatness," a one-stop-shop for all of a cyber criminal's phishing needs. With Greatness, anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.

The tool has been in circulation since at least mid-2022 and has been used in attacks against enterprises in manufacturing, healthcare, and technology, among other sectors. Half of the targets thus far have been concentrated in the US, with further attacks occurring around Western Europe, Australia, Brazil, Canada, and South Africa.

https://www.darkreading.com/cloud/plug-and-play-microsoft-365-phishing-tool-democratizes-attacks

Threats

Ransomware, Extortion and Destructive Attacks

• Make them pay: Hackers devise new tactics to ensure ransomware payment | CSO Online

• Ransomware gangs display ruthless extortion tactics in April | TechTarget

• Our appetite for data increases the risk of being held to ransom (thetimes.co.uk)

• Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows - MSSP Alert

• Ransomware review: May 2023 (malwarebytes.com)

• Ransomware Attacks Adapt With New Techniques: Kaspersky Report - Infosecurity Magazine (infosecurity-magazine.com)

• The new ransomware strain is picking off big businesses one by one - and yours could be next | TechRadar

• Refined methodologies of ransomware attacks - Help Net Security

• Ranking ransomware: The gangs, the malware and the ever-present risks | CyberScoop

• Ransomware Encryption Rates Reach New Heights - Infosecurity Magazine (infosecurity-magazine.com)

• UK ‘increasingly concerned’ ransomware victims are keeping incidents secret (therecord.media)

• Royal ransomware gang quickly expands reign | SC Media (scmagazine.com)

• Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)

• Ransomware attack confirmed at Rochester Public Schools, FBI alerted - Bring Me The News

• Constellation Struck By Ransomware Attack, ALPHV Lays Claim (informationsecuritybuzz.com)

• New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks (thehackernews.com)

• New Akira Ransomware Operation Hits Corporate Networks | Black Hat Ethical Hacking

• Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers (bleepingcomputer.com)

• $1.1M Paid to Resolve Ransomware Attack on California County - SecurityWeek

• Western Digital store offline due to March breach - Help Net Security

• Western Digital Confirms Ransomware Group Stole Customer Information - SecurityWeek

• Former Conti members are behind latest Royal ransomware hacking spree, report finds (axios.com)

• Hackers Contacted Dragos CEO’s Son, Wife in Extortion Attempt - Bloomberg

• Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs (darkreading.com)

• Australian software giant won’t say if customers affected by hack | TechCrunch

• Multinational tech firm ABB hit by Black Basta ransomware attack (bleepingcomputer.com)

• Smashing Pumpkins frontman paid ransom to a hacker who threatened to leak the band's songs -Security Affairs

Phishing & Email Based Attacks

• Q1 Cofense Phishing Intelligence Report - Cofense

• "Greatness" Phishing Tool Exploits Microsoft 365 Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• This dangerous phishing attack is targeting Microsoft users everywhere, so be on your guard | TechRadar

• Gmail gets blue verification checks to protect against spoofing and phishing | ZDNET

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

BEC – Business Email Compromise

• Exploring the Rise of Israel-Based BEC Attacks | Abnormal (abnormalsecurity.com)

2FA/MFA

• Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)

Malware

• Chrome users, stay alert: Malware may be just one click away - gHacks Tech News

• Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)

• 56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security

• Millions of mobile phones come pre-infected with malware • The Register

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• Fake system update drops Aurora stealer via Invalid Printer loader (malwarebytes.com)

• Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)

Mobile

• Millions of mobile phones come pre-infected with malware • The Register

• Mobile hacking and spyware – understanding the risks - TechHQ

• Google Announces New Privacy, Safety, and Security Features Across Its Services (thehackernews.com)

• Google Improves Android Security With New APIs - SecurityWeek

• New Android FluHorse malware steals your passwords, 2FA codes (bleepingcomputer.com)

• Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads (thehackernews.com)

• New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)

Botnets

• Bad Bots Now Account For 30% of All Internet Traffic - Infosecurity Magazine (infosecurity-magazine.com)

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Internet of Things – IoT

• CISA warns of Mirai botnet exploiting TP-Link routers • The Register

Data Breaches/Leaks

• Security researcher finds trove of Capita data exposed online | TechCrunch

• In a new hacking crime wave, more personal data is being held hostage (cnbc.com)

• Why the 'Why' of a Data Breach Matters (darkreading.com)

• OpenAI confirms ChatGPT data breach (cshub.com)

• Western Digital says hackers stole customer data in March cyber attack (bleepingcomputer.com)

• Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica

• Boot Guard Keys From MSI Hack Posted, Many PCs Vulnerable | Tom's Hardware(tomshardware.com)

• 1 Million Impacted by Data Breach at NextGen Healthcare - SecurityWeek

• Twitter admits 'security incident' broke Circle privacy • The Register

• Food distribution giant Sysco warns of data breach after cyber attack (bleepingcomputer.com)

• North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)

• Brightly warns of SchoolDude data breach exposing credentials (bleepingcomputer.com)

• Simplify data hack cost the firm almost £7m - Property Industry Eye

Organised Crime & Criminal Actors

• In a new hacking crime wave, more personal data is being held hostage (cnbc.com)

• How hackers are recruiting on the dark web (thetimes.co.uk)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED

• Briton pleads guilty in US to 2020 Twitter hack - BBC News

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

• Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison - SecurityWeek

• UK cops score another legal win in EncroChat spying case • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Patrols Lead to Seizure of Stolen Artefacts - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Criminals Exploit Hardware Wallet to Steal Almost $30,000 - Infosecurity Magazine (infosecurity-magazine.com)

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Insider Risk and Insider Threats

• Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)

• Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur

Fraud, Scams & Financial Crime

• Banks warn of big increase in online scams - BBC News

• Fraud victims risk more than money - Help Net Security

• Five Things Scammers Are Hoping You Google (lifehacker.com)

• UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)

• The true numbers behind deepfake fraud - Help Net Security

• Your voice could be your biggest vulnerability - Help Net Security

• QR codes used in fake parking tickets, surveys to steal your money (bleepingcomputer.com)

Deepfakes

• The true numbers behind deepfake fraud - Help Net Security

• Your voice could be your biggest vulnerability - Help Net Security

Insurance

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• Court Rules in Favour of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyber attack - SecurityWeek

Dark Web

• How hackers are recruiting on the dark web (thetimes.co.uk)

• Google Broadens Dark Web Monitoring To Track All Gmail Users (informationsecuritybuzz.com)

Supply Chain and Third Parties

• Security researcher finds trove of Capita data exposed online | TechCrunch

• Cyber hack to cost UK outsourcer Capita up to $25 mln | Reuters

• Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica

Software Supply Chain

• The SBOM Bombshell - SecurityWeek

• 5 SBOM tools to start securing the software supply chain | TechTarget

Cloud/SaaS

• 56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security

• How to reduce risk with cloud attack surface management | TechTarget

• ENISA leans into EU clouds with draft cyber security label • The Register

Hybrid/Remote Working

• 8 habits of highly-secure remote workers | ZDNET

Attack Surface Management

• How Attack Surface Management Supports Continuous Threat Exposure Management (thehackernews.com)

Identity and Access Management

• Top 3 trends shaping the future of cyber security and IAM - Help Net Security

• Review your on-prem ADCS infrastructure before attackers do it for you | CSO Online

• Why the FTX Collapse Was an Identity Problem (darkreading.com)

Asset Management

• CISOs confront mounting obstacles in tracking cyber assets - Help Net Security

• How Attack Surface Management Supports Continuous Threat Exposure Management (thehackernews.com)

Encryption

• Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption | SC Media (scmagazine.com)

• Europe’s Moral Crusader Lays Down the Law on Encryption | WIRED

API

• Google Improves Android Security With New APIs - SecurityWeek

Open Source

• India bans open source messaging apps on security grounds • The Register

• Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• 83% of Americans’ Passwords Can Be Hacked in Less Than a Second, Study Shows (thedailybeast.com)

• Top 5 Password Cracking Techniques Used by Hackers (bleepingcomputer.com)

Social Media

• Twitter admits 'security incident' broke Circle privacy • The Register

• TikTok tracked UK journalist via her cat's account - BBC News

Parental Controls and Child Safety

• Scanning Plans On Europe's CSAM May Violate International Law (informationsecuritybuzz.com)

• EU's Client-Side Scanning Plans Could be Unlawful - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)

• Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption | SC Media (scmagazine.com)

• AI needs superintelligent regulation | Financial Times

• EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian

• India bans open source messaging apps on security grounds • The Register

• PEGA committee calls for EU level regulation of spyware • The Register

• EU's Client-Side Scanning Plans Could be Unlawful - Infosecurity Magazine (infosecurity-magazine.com)

• ENISA leans into EU clouds with draft cyber security label • The Register

• Europe’s Moral Crusader Lays Down the Law on Encryption | WIRED

• Scanning Plans On Europe's CSAM May Violate International Law (informationsecuritybuzz.com)

Governance, Risk and Compliance

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• 79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)

• Company executives can't afford to ignore cyber security anymore - Help Net Security

• Majority of US, UK CISOs unable to protect company 'secrets': Report | CSO Online

• Small- and medium-sized businesses: don’t give up on cyber security | CSO Online

• CISOs Worried About Personal Liability For Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Global Research From Delinea Reveals That 61% of IT Security Decision Makers Think Leadership Overlooks the Role of Cyber security in Business Success (darkreading.com)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• (ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert

• Organisations Reliant on Social Media For Threat Intelligence - TechRound

• Recognizing Cyberthreat Trends For Effective Defence (forbes.com)

• Digital trust can make or break an organisation - Help Net Security

• ISACA: Companies Still Face Many Barriers to Achieving Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Why more transparency around cyber attacks is good for everyone - NCSC

• CISOs face mounting pressures, expectations post-pandemic | TechTarget

• CISOs' confidence in post-pandemic security landscape fades - Help Net Security

• This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT - SecurityWeek

• Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur

• Key Trends and Insights from RSAC 2023 (trendmicro.com)

• NCSC and ICO Dispel Incident Reporting Myths - Infosecurity Magazine (infosecurity-magazine.com)

Models, Frameworks and Standards

• (ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert

• ENISA leans into EU clouds with draft cyber security label • The Register

Data Protection

• The (Security) Cost of Too Much Data Privacy (darkreading.com)

Careers, Working in Cyber and Information Security

• CISOs Worried About Personal Liability For Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• 7 ways to mitigate CISO liability and risk | TechTarget

• Google Launches New Cyber security Analyst Training Program - SecurityWeek

Law Enforcement Action and Take Downs

• Cyber Patrols Lead to Seizure of Stolen Artefacts - Infosecurity Magazine (infosecurity-magazine.com)

• FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)

• Briton pleads guilty to hacking stars' Twitter accounts to steal Bitcoin | Science & Tech News | Sky News

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

• UK cops score another legal win in EncroChat spying case • The Register

Privacy, Surveillance and Mass Monitoring

• The (Security) Cost of Too Much Data Privacy (darkreading.com)

• Twitter admits 'security incident' broke Circle privacy • The Register

• TikTok tracked UK journalist via her cat's account - BBC News

Artificial Intelligence

• AI has been dubbed a 'nuclear' threat to cyber security. But it can be also used for defence | Euronews

• Top US cyber official warns AI may be the 'most powerful weapon of our time' | CyberScoop

• ‘A race it might be impossible to stop’: how worried should we be about AI? | Artificial intelligence (AI) | The Guardian

• OpenAI confirms ChatGPT data breach (cshub.com)

• AI needs superintelligent regulation | Financial Times

• Amazon Is Being Flooded With Books Entirely Written by AI (futurism.com)

• Your voice could be your biggest vulnerability - Help Net Security

• The security and privacy risks of large language models - Help Net Security

• Rethinking democracy for the age of AI | CyberScoop

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Killnet, a Pro-Russian Hacktivist Crew, Pivots to Cyber Mercenaries for Hire, Report Says - MSSP Alert

• NCSC and allies expose Snake malware threat - NCSC.GOV.UK

• It’s being called Russia's most sophisticated cyber espionage tool. What is Snake, and why is it so dangerous? (theconversation.com)

• EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian

• China targets foreign consulting companies in anti-spying raids | China | The Guardian

• Mobile hacking and spyware – understanding the risks - TechHQ

• New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)

• CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)

• Five Takeaways From the Russian Cyber Attack on Viasat’s Satellites - Infosecurity Magazine (infosecurity-magazine.com)

• GCHQ building under fire from senior Tory for using Chinese surveillance cameras - Gloucestershire Live

• PEGA committee calls for EU level regulation of spyware • The Register

• FBI-led Operation Medusa kills Russian FSB malware network • The Register

• How one of Vladimir Putin’s most prized hacking units got pwned by the FBI | Ars Technica

Nation State Actors

• Killnet, a Pro-Russian Hacktivist Crew, Pivots to Cyber Mercenaries for Hire, Report Says - MSSP Alert

• NSA and Allies Uncover Russian Snake Malware Network in 50+ Countries - Infosecurity Magazine (infosecurity-magazine.com)

• Deterring China isn't all about submarines. Australia's 'cyber offence' might be its most potent weapon (theconversation.com)

• Microsoft warns Iran increasing its cyber-enabled influence operations | SC Media (scmagazine.com)

• China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register

• CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)

• LinkedIn shuts service in China, lays off employees | Fortune

• Microsoft: Iranian hacking groups join Papercut attack spree (bleepingcomputer.com)

• FBI-led Operation Medusa kills Russian FSB malware network • The Register

• China targets foreign consulting companies in anti-spying raids | China | The Guardian

• Beijing raids consultancy firm Capvision, promises more • The Register

• Five Takeaways From the Russian Cyber Attack on Viasat’s Satellites - Infosecurity Magazine (infosecurity-magazine.com)

• GCHQ building under fire from senior Tory for using Chinese surveillance cameras - Gloucestershire Live

• Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry (thehackernews.com)

• SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack (darkreading.com)

• ESET APT Activity Report Q4 2022­–Q1 2023 | WeLiveSecurity

• North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)

• People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA

Vulnerability Management

• The Problem of Old Vulnerabilities — and What to Do About It (darkreading.com)

Vulnerabilities

• Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug (thehackernews.com)

• Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324) - Help Net Security

• Microsoft warns of two bugs under active exploit • The Register

• Light May Patch Tuesday will weigh heavily on Windows admins | TechTarget

• New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyber attacks (thehackernews.com)

• Fortinet fixed two severe issues in FortiADC and FortiOS-Security Affairs

• Azure API Management flaws highlight server-side request forgery risks in API development | CSO Online

• New PaperCut RCE exploit created that bypasses existing detections (bleepingcomputer.com)

• Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)

• Adobe Patches 14 Vulnerabilities in Substance 3D Painter - SecurityWeek

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• CyberGhost VPN patches command injection vulnerability | SC Media (scmagazine.com)

• A Linux NetFilter kernel flaw allows escalating privileges to 'root'-Security Affairs

• SAP Patches Critical Vulnerabilities With May 2023 Security Updates - SecurityWeek

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet-Security Affairs

Tools and Controls

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• 79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)

• Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)

• AI has been dubbed a 'nuclear' threat to cyber security. But it can be also used for defence | Euronews

• Identifying Compromised Data Can Be a Logistical Nightmare (darkreading.com)

• Organisations Reliant on Social Media For Threat Intelligence - TechRound

• Recognizing Cyberthreat Trends For Effective Defence (forbes.com)

• Digital trust can make or break an organisation - Help Net Security

• ISACA: Companies Still Face Many Barriers to Achieving Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent attackers from using legitimate tools against you - Help Net Security

• Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts (thehackernews.com)

• How to implement principle of least privilege in Azure AD | TechTarget

• How to start handling Azure network security | TechTarget

• What is Digital Forensics? Tools, Types, Phases & History (cybersecuritynews.com)

• Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)

• AI Will Take Many Cyber security Jobs, But It's Not a Complete Disaster | PCMag

• Google Broadens Dark Web Monitoring To Track All Gmail Users (informationsecuritybuzz.com)

• 5 SBOM tools to start securing the software supply chain | TechTarget

• The Industrywide Consequences of Making Security Products Inaccessible (darkreading.com)

• Top 3 trends shaping the future of cyber security and IAM - Help Net Security

Reports Published in the Last Week

• ESET APT Activity Report Q4 2022­–Q1 2023 | WeLiveSecurity

• Q1 Cofense Phishing Intelligence Report - Cofense

• 2023 AT&T Cyber security Insights Report: Edge Ecosystem (darkreading.com)

• 2023 Voice of the CISO | Proofpoint UK

Other News

• The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED

• Why Should You Take IT Security Seriously? - IT Security Guru

• To enable ethical hackers, a law reform is needed - Help Net Security

• How datacentre operators can fend off cyber attacks | Computer Weekly

• US Advances Cyber Defences Since Colonial Pipeline Attack But More Work Remains, CISA Director Says - MSSP Alert

• Evil digital twins and other risks: the use of twins opens up a host of new security concerns | CSO Online

• 'Windows for Gamers' Rolls Dice With Your Security (vice.com)

• Risk of cyber attack is main Eurovision worry, says BBC executive | Eurovision 2023 | The Guardian

• Evil digital twins and other risks: the use of twins opens up a host of new security concerns | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

As Ukraine Tensions Rise, UK Organisations Should Protect Themselves From Cyber Threats

In a world that is so dependent on digital assets, cyber resilience is more important than ever. At the National Cyber Security Centre – a part of GCHQ – the mission is to make the UK the safest place to live and work online, but they have said they cannot do it alone. 

Now, at a time of heightened cyber threats, the NCSC is urging all organisations to follow their advice on the steps they should take to improve their resilience.

The UK is closer to the crisis in Ukraine than you might think. While 2,000-odd miles separate us physically from their borders with Russia, that distance is much shorter in cyber space – and attacks targeting Ukraine’s digital infrastructure could be felt here in Britain.

Cyber attacks do not respect geographic boundaries. On a daily basis, businesses in the UK are targeted by ransomware attacks from criminals overseas.

And as tensions have risen in Ukraine in recent weeks, authorities have already seen a number of cyber attacks occurring. On Friday evening, the UK government judged that the Russian Main Intelligence Directorate (GRU) was involved in last week’s distributed denial of service attacks against the financial sector in Ukraine.

If the situation continues to escalate, we could see cyber attacks that have international consequences, intentional or not. Rising tensions in the region, with the risk of overspill, are why the National Cyber Security Centre (NCSC) has said that the UK’s cyber risk has heightened in the last month, although there is no evidence of the UK being specifically targeted.

https://www.telegraph.co.uk/news/2022/02/19/uk-organisations-should-protect-now-unintended-consequences/

Small Businesses Facing Upwards of 11 Cyber Threats Per Day Per Device

BlackBerry's 2022 Threat Report highlights growing threats to SMBs, calls on government to make cyber security top priority

BlackBerry Limited has released the 2022 BlackBerry Annual Threat Report, highlighting a cybercriminal underground which it says has been optimised to better target local small businesses. Small businesses will continue to be an epicentre for cybercriminal focus as SMBs facing upward of 11 cyber threats per device per day, which only stands to accelerate as cybercriminals increasingly adopt collaborative mindsets.

The report also uncovered cyber breadcrumbs from some of last year’s most notorious ransomware attacks, suggesting some of the biggest culprits may have simply been outsourced labour.  In multiple incidents BlackBerry identified threat actors leaving behind playbook text files containing IP addresses and more, suggesting the authors of this year’s sophisticated ransomware are not the ones carrying out attacks. This highlights the growing shared economy within the cyber underground.

https://www.itsecurityguru.org/2022/02/15/small-businesses-facing-upwards-of-11-cyberthreats-per-day-per-device/

Microsoft Teams Targeted With Takeover Trojans

Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found.

Researchers began tracking the campaign in January, which drops malicious executable files in Teams conversations that, when clicked on, eventually take over the user’s computer, according to a report published Thursday.

Using an executable file, or a file that contains instructions for the system to execute, hackers can install DLL files and allow the program to self-administer and take control over the computer. By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users.

Cyber criminals long have targeted Microsoft’s ubiquitous document-creation and sharing suite – the legacy Office and its cloud-based version, Office 365 – with attacks against individual apps in the suite such as PowerPoint as well as business email compromise and other scams.

Now Microsoft Teams – a business communication and collaboration suite – is emerging as an increasingly popular attack surface for cybercriminals.

https://threatpost.com/microsoft-teams-targeted-takeover-trojans/178497/

The European Central Bank is Warning Banks of Possible Russia-Linked Cyber Attack Amid the Rising Crisis With Ukraine

The European Central Bank is warning banks of possible Russia-linked cyber attack amid the rising crisis with Ukraine and is inviting them to step up defences.

The news was reported by Reuters, citing two unnamed sources. The ECB pointed out that addressing cyber security is a top priority for the European agency.

“The European Central Bank is telling euro zone banks zone to step up their defences against cyber attacks, also in the context of geopolitical tensions such as the stand-off between Russia and Ukraine, the ECB’s top supervisor said on Thursday.” reported Reuters.

ECB warned that the rising risk from cyber attacks begun in 2020.

https://securityaffairs.co/wordpress/128004/breaking-news/european-central-bank-warns-russia-cyberattacks.html

Companies Face Soaring Prices For Cyber Insurance

The cost of cyber insurance has risen steeply over the past year. According to Marsh, the price of cover in the US grew by 130 per cent in the fourth quarter of 2021 alone, while in the UK it grew by 92 per cent. That has increased pressure on companies who are facing cost inflation in other parts of their business.

The steep hikes in the cost of cyber insurance come against a backdrop of rising prices more broadly. According to Marsh, commercial insurance prices rose 13 per cent in the final quarter of 2021.

The hardening market from reduced capacity allied with increasing cyber fraud are potent forces. Pricing becomes more challenging, reinsurance appetite reduced whilst costs increasing and fraudsters have as much access to the latest technologies as do enterprises, the government sector and the insurance industry.

There may be limits to what insurers can cover. Speaking to the Financial Times last week the chief executive of Zurich said: “A connected economy offers lots of opportunities for cyber attacks.” A major cyber risk, he added, “is something only governments can manage”.

Companies will have to do more themselves to fight cyber fraud with technology partners. Meanwhile brokers and insurers must review underwriting data and practices and government raise effectiveness at prosecuting criminals.

https://www.ft.com/content/60ddc050-a846-461a-aa10-5aaabf6b35a5

Even When Warned, Businesses Ignore Critical Vulnerabilities And Hope For The Best

A Bulletproof research found the extent to which businesses are leaving themselves open to cyber attack. When tested, 28% of businesses had critical vulnerabilities – vulnerabilities that could be immediately exploited by cyber attacks.

A quarter of businesses neglected to fix those critical vulnerabilities, even though penetration testing had highlighted them to the business after a retest was completed.

The research analyzed data from over 3,800 days’ worth of penetration testing services. These tests are a means of identifying vulnerabilities within an organisation’s security systems by simulating how malicious actors would seek to exploit such shortcomings.

https://www.helpnetsecurity.com/2022/02/18/businesses-critical-vulnerabilities/

Ransomware-Related Data Leaks Nearly Doubled in 2021: Report

There was a significant increase in ransomware-related data leaks and interactive intrusions in 2021, according to the 2022 Global Threat Report released on Tuesday by endpoint security firm CrowdStrike.

The number of ransomware attacks that led to data leaks increased from 1,474 in 2020 to 2,686 in 2021, which represents an 82% increase. The sectors most impacted by data leaks in 2021 were industrial and engineering, manufacturing, and technology.

The growth and impact of big game hunting in 2021 was a palpable force felt across all sectors and in nearly every region of the world. Although some adversaries and ransomware ceased operations in 2021, the overall number of operating ransomware families increased,” CrowdStrike said in its report.

https://www.securityweek.com/ransomware-related-data-leaks-nearly-doubled-2021-report

Online Fraud Skyrocketing: Gaming, Streaming, Social Media, Travel and Ecommerce Hit the Most

An Arkose Labs report is warning UK commerce that it faces its most challenging year ever. Experts analyzed over 150 billion transaction requests across 254 countries and territories in 2021 over 12 months to discover that there has been an 85% increase in login attacks and fake consumer account creation at businesses.

Alongside this, it identified that one in four new online accounts created were fake. A further 21% of all traffic was confirmed as a fraudulent cyber attack.

From the earliest days of online information to the rapid evolution of today’s metaverses, the internet has come a long way. However, this latest data shows that it is more under attack than ever before.

Your digital identity is a currency for fraudsters and wherever there is online commerce, cyber criminals are quick to identify vulnerabilities.

https://www.helpnetsecurity.com/2022/02/14/fake-consumer-account/

Poor Security Hygiene Organisations and Ransomware Attacks: Painful Math

Poor cyber security hygiene is widely considered to be a major influencing factor for exposure to a ransomware attack. But is that an accurate assessment?

In a new study, RiskRecon, a security best practices specialist, investigated 600+ cyber hijacks to determine if companies victimized by a “detonation” had poor cyber security hygiene at the time and which factors, such as web encryption, application security and email security, are key gaps in coverage.

The answer: Cyber security hygiene does in fact play a large role in an organisation’s vulnerability to a ransomware attack. RiskRecon analyzed the cyber security hygiene on the day of ransomware incident for 622 organisations spanning 633 ransomware events occurring between 2017 and 2021. Based on a comparison population of cyber security ratings and assessments of some 100,000 entities, companies that have very poor cyber security hygiene in their internet-facing systems (a ‘D’ or ‘F’ RiskRecon rating) have about a 40 times higher rate of destructive ransomware events as compared to those with clean cyber security hygiene. Only .03 percent of ‘A-rated’ companies were victims of a destructive ransomware attack, compared with 1.08 percent of ‘D-rated’ and 0.91 percent of ‘F-rated’ companies.

The cyber security conditions underlying the RiskRecon rating reveal just how poor the cyber security hygiene is of companies, on average, that fall victim to a material system-encrypting ransomware attack. For example, ransomware victims have an average of 11 material software vulnerabilities in their internet-facing systems, in comparison with only one issue in the general population. Looking at network services that criminals commonly exploit, ransomware victims expose 3.3 times more unsafe network services to the internet than the general population.

https://www.msspalert.com/cybersecurity-research/poor-security-hygiene-organisations-and-ransomware-attacks-painful-math/

Security Teams Expect Attackers to Go After End Users First

Phishing, malware, and ransomware have spurred organisations to increase their investments in endpoint security, according to Dark Reading’s Endpoint Security Survey.

The shift to a more distributed work environment and an increase in digital transformation initiatives have motivated organisations to bolster their endpoint security defences. However, end users continue to be a major source of worry for IT and security decision-makers, according to the latest Dark Reading survey.

Phishing, malware, and ransomware pose major threats to organisations, as do attacks involving credential theft. An overwhelming 93% of IT and security professionals in Dark Reading’s "2022 Endpoint Security Survey" cite the growing number of ransomware attacks as the reason behind increased investments in endpoint security. Similarly, 83% say the increase in attacks using end-user credentials spurred their endpoint investments.

End users pose one of the biggest threats to the organisation, as 87% expect that if attackers wanted to steal the organisation’s data, they would begin by targeting a single end user.

Concerns about the end user are not new. Verizon’s "2021 Data Breach Investigations Report" found that 85% of the breaches it investigated in 2020 involved end users in some way – such as stolen account credentials, incorrectly assigned privileges or elevated privileges, social engineering, and user error.

https://www.darkreading.com/edge-threat-monitor/end-users-remain-one-of-the-biggest-headaches-in-it-security

US Warns of Imminent Russian Invasion of Ukraine With Tanks, Jet Fighters, Cyber Attacks

President Biden said Friday he is convinced Russian President Vladimir Putin has decided to invade Ukraine and that he expects an attack in the coming days, with targets including the Ukrainian capital, Kyiv.

US officials said a Russian attack could involve a broad combination of jet fighters, tanks, ballistic missiles and cyberattacks, with the ultimate intention of rendering Ukraine’s leadership powerless.

The officials said Mr. Putin has laid the groundwork in recent days through a series of destabilizing activities and false-flag operations, long predicted by U.S. and allied officials and intended to make it look as if Ukraine has provoked Russia into a conflict, thus justifying the Russian invasion.

https://www.wsj.com/articles/ukraine-troops-told-to-exercise-restraint-to-avoid-provoking-russian-invasion-11645185631

TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features.

TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand.

In addition to being both prevalent and persistent, TrickBot has continually evolved its tactics to go past security and detection layers. To that end, the malware's "injectDll" web-injects module, which is responsible for stealing banking and credential data, leverages anti-deobfuscation techniques to crash the web page and thwart attempts to scrutinize the source code.

Also put in place are anti-analysis guardrails to prevent security researchers from sending automated requests to command-and-control (C2) servers to retrieve fresh web injects.

https://thehackernews.com/2022/02/trickbot-malware-targeted-customers-of.html

Threats

Ransomware

• Ransomware’s Savage Reign Continues As Attacks Increase 105% - Help Net Security

• SonicWall CEO on ransomware: Every good vendor was hit in past 2 years - The Register

• Are You Prepared for 2022's More Destructive Ransomware? | SecurityWeek.Com

• CISA Advisory Cautions MSPs: Beware More Ransomware Attacks - MSSP Alert

• Conti Ransomware Gang Takes Over Trickbot Malware Operation (bleepingcomputer.com)

• Ransomware Gangs Are Changing Their Tactics. That Could Prove Very Expensive For Some Victims | ZDNet

• FBI Eyes Ransomware Profits With New Cryptocurrency Crimes Unit | TechCrunch

• FBI Warns BlackByte Ransomware Is Targeting US Critical Infrastructure | TechCrunch

• Ransomware Is A Clear And Present Danger. So Why Rely On Legacy DR To Recover From It? • The Register

BEC – Business Email Compromise

• FBI Warns of BEC Scams Abusing Virtual Meeting Platforms | SecurityWeek.Com

Phishing & Email

• LinkedIn Phishing Attacks Up 232% | Phishing | Egress

• Half Of All Emails In 2021 Were Spam- IT Security Guru

• Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks (thehackernews.com)

Malware

• Emotet Now Spreading Through Malicious Excel Files | Threatpost

• A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies - Check Point Research

• PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans (thehackernews.com)

• Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators | Threatpost

• 25 Years On, Microsoft Makes Another Stab At Stopping Macro Malware • Graham Cluley

• Three-Fifths of Cyber-Attacks in 2021 Were Malware-Free - Infosecurity Magazine

Data Breaches/Leaks

• Millions of Internet Society Personal Files Exposed In Data Leak | Laptop Mag

Organised Crime & Criminal Actors

• 74% of Ransomware Revenue Goes to Russia-Linked Hackers - BBC News

• Interpol Must Change With Cyber Crime, Says Director • The Register

• Attackers Hone Their Playbooks, Become More Agile (darkreading.com)

• Cyber Criminals Have Changed Tactics (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking

• ‘Heist Of The Century’: US Bitcoin Case Tests Ability To Crack Down On Cyber Crime | Law (US) | The Guardian

• SIM-Swapping Attacks, Many Aimed at Crypto Accounts, Are on the Rise - WSJ

• FBI Says Crypto Payments Are a 'Huge Challenge' Amid Rise in Ransomware Attacks - Decrypt

Insider Risk and Insider Threats

• The Rise Of The Super Malicious Insider: Yes, We Need To Worry - Help Net Security

• Finance Officer Jailed After Stealing £200,000 from Charity - Infosecurity Magazine

• Ex IT Tech Jailed For Wiping School Network During Lockdown • The Register

Fraud, Scams & Financial Crime

• Barclays: Scams Surged in Final Quarter of 2021 - Infosecurity Magazine

• Fraud and Scam Activity Hits All-Time High - Help Net Security

• Soaring Losses Accelerate Investments In Anti-Fraud Tech - Help Net Security

• Threat Actors Still Love a Romance Scam - Infosecurity Magazine

• Singapore Introduces Strong Measures To Stop Online Scams • The Register

• 7 Tips for How To Spot a Scammer and Protect Yourself | Well+Good

DoS/DDoS

• Ukraine Defence and Bank Networks DDoS-ed - Infosecurity Magazine

• Carpet Bombing Attacks on the Rise - Infosecurity Magazine

Nation State Actors

• Russia’s Offensive Cyber Actions Should Be A Cause For Concern For CISOs | CSO Online

• Russia Stole US Defense Data From IT Systems, Says CISA • The Register

• Cyber Security: These Countries Are The New Hacking Threats To Fear As Offensive Campaigns Escalate | ZDNet

• Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA (thehackernews.com)

• Chinese MI6 Informant Gave Information To MPs About Huawei Threat | Huawei | The Guardian

• Red Cross Attributes Server Breach To Nation-State Actor - CyberScoop

• Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware (thehackernews.com)

Cloud

• Report: 63% of IT Pros Say Cyber Threats Are Top Obstacle To Cloud Adoption Strategy | VentureBeat

• EU Watchdog To Probe Public Sector's Love Affair With Cloud • The Register

Privacy

• Facebook Agrees to Pay $90 Million to Settle Decade-Old Privacy Violation Case (thehackernews.com)

Spyware, Espionage & Cyber Warfare

• How a Russia Cyber Attack On The UK Would Target Online Shopping, Card Payments And NHS Records (inews.co.uk)

• The Conflict In Ukraine Proves Cyber-Attacks Are Now Weapons Of War (thenextweb.com)

• Cyber, War and Ukraine: What Does Recent History Teach Us To Expect? | Science & Tech News | Sky News

• Cyber Warfare In Ukraine Poses A Threat To The Global System | Financial Times (ft.com)

• EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware (thehackernews.com)

• More Polish Opposition Figures Found To Have Been Targeted By Pegasus Spyware | Poland | The Guardian

• Using Mobile Networks For Cyber Attacks As Part Of A Warfare Strategy - Help Net Security

• Moses Staff Hackers Targeting Israeli Organisations for Cyber Espionage (thehackernews.com)

Vulnerabilities

• Squirrelwaffle, Microsoft Exchange Server Vulnerabilities Exploited For Financial Fraud | ZDNet

• Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails (thehackernews.com)

• New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP! (thehackernews.com)

• Multiple Vulnerabilities Put 40 Million Ubuntu Users At Risk | TechRadar

• Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites (thehackernews.com)

• High-Severity Vulnerability Found in Apache Database System Used by Major Firms | SecurityWeek.Com

• VMware Fixes Holes That Could Allow Virtual Machine Escapes – Naked Security (sophos.com)

• Another Critical RCE Discovered in Adobe Commerce and Magento Platforms (thehackernews.com)

• T2 Mac Security Vulnerability: Passwords Can Now Be Cracked - 9to5Mac

Sector Specific

Financial Services Sector

• Open Banking Innovation: A Race Between Developers And Cyber Criminals - Help Net Security

• Canada's Major Banks Go Offline In Mysterious Hours-Long Outage (bleepingcomputer.com)

Defence

• US Says Russian State Hackers Lurked In Defense Contractor Networks For Months | Ars Technica

Transport and Aviation

• Warning Over Mysterious Hackers That Have Been Targeting Aerospace And Defence Industries For Years | ZDNet

• Unskilled Hacker Linked To Years Of Attacks On Aviation, Transport Sectors (bleepingcomputer.com)

Energy & Utilities

• Energy, Oil And Utility Sector Most Likely To Pay Ransoms - Help Net Security

Reports Published in the Last Week

• 2022 Global Threat Report: A Year of Adaptability and Perseverance (crowdstrike.com)

• Threat Intelligence Report 2022: Cyber Security Priorities - Truesec

• The Year of Living Dangerously: Details from the BlackBerry 2022 Threat Report

Other News

• Over 28,000 Vulnerabilities Disclosed in 2021: Report | SecurityWeek.Com

• Web Application Firewalls (WAFs) Can't Give Organisations The Security They Need - Help Net Security

• How Challenging Is Corporate Data Protection? - Help Net Security

• Local Authority Sets Aside £380k for Cyber-Attack Recovery - Infosecurity Magazine

• Traditional MFA Is Creating A False Sense Of Security - Help Net Security

• Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry | Threatpost

• Be Flexible About Where People Work — But Not on Data Privacy (darkreading.com)

• Researchers Block “Largest Ever” Bot Attack - Infosecurity Magazine

• BadUSB: The Cyber Threat That Gets You To Plug It In – CloudSavvy IT

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.