Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• ‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million

The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.

The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.

The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.

The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.

John Edwards, UK Information Commissioner, said:

 “The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.

 “Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.

 “Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/10/biggest-cyber-risk-is-complacency-not-hackers/

• Ransomware Threat Shifts from US to EMEA and APAC

The volume of ransomware detections in Q3 2022 was the lowest in two years, but certain geographical regions have become bigger targets as attacks on US organisations wane, according to SonicWall. The security vendor used its own threat detection network, including over one million security sensors in more than 200 countries, to reveal the current landscape.

The good news is that global malware volumes have remained flat for the past three quarters, amounting to a total of over four billion detections in the year to date. Of these, ransomware is also trending down after a record-breaking 2021. Even so, SonicWall detected 338 million compromise attempts in the first three quarters of the year.

Year-to-date ransomware attempts in 2022 have already exceeded the full-year totals from four of the past five years, the vendor claimed. While attacks on US organisations dipped by 51% year-on-year during the period, they increased significantly in the UK (20%), EMEA (38%) and APAC (56%).

The cyber-warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.

https://www.infosecurity-magazine.com/news/ransomware-threat-shifts-from-us/

• Phishing Attacks Increase by Over 31% In Third Quarter

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.

Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.

According to the report, email is the preferred attack vector for phishing and malware, as it gives hackers a direct channel to users, the weakest link in an organisation’s attack surface. The report analyses phishing and malware data captured by Vade, which does business internationally.

As attacks become more sophisticated, Vade said, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.

While the activity of threat actors fluctuates, Vade’s research found that impersonating trusted and established brands remains the most popular strategy for hackers. In the third quarter of 2022, Facebook was the most impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft.

The financial services sector remains the most impersonated industry, representing 32% of phishing emails detected by Vade, followed by cloud at 25%, social media at 22%, and internet/telco at 13%.

As phishing attacks increase, the techniques used by threat actors continue to evolve. While phishing campaigns were traditionally large scale and random, more recent campaigns seen by Vade suggest that hackers have pivoted to using more targeted campaigns.

https://www.csoonline.com/article/3678311/phishing-attacks-increase-by-over-31-in-third-quarter-report.html#tk.rss_news

• UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis

Brits have been warned to “stay alert for fraud” as more people are out to make extra cash as the cost of living rises across the country.

UK Finance said that more than half (56%) of people admitted that they are likely to look for opportunities to make extra money in the coming months, which could leave some people more susceptible to fraud.

According to the trade association’s Take Five To Stop Fraud campaign, one in six, or 16%, of people said the rising cost of living means they are more likely to respond to an unprompted approach from someone offering an investment opportunity or a loan.

Young people were more likely to be at risk, the data suggested, which surveyed 2,000 people across the UK. More than a third (34%) of 18 to 34-year-olds said they are more likely to respond to an unprompted approach from someone, with three in 10 (30%) also more likely to provide their personal or financial details to secure the arrangement.

Overall, three in five people (60%) said they are concerned about falling victim to financial fraud or a scam. It comes as recent figures from UK Finance showed that £609.8m was lost due to fraud and scams in the first half of this year.

https://uk.news.yahoo.com/uk-watch-for-fraud-extra-cash-cost-of-living-crisis-230154352.html

• HR Departments Play a Key Role in Cyber Security

A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the centre of how an organisation is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.

Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cyber security posture.

Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from bring-your-own-device (BYOD) and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.

Beyond malicious threats, even routine HR processes can introduce risk to the organisation when they're not adequately aligned with the IT processes in an organisation. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.

To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organisation, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.

https://www.darkreading.com/vulnerabilities-threats/hr-departments-play-a-key-role-in-cybersecurity

• The Long-Term Psychological Effects of Ransomware Attacks

Northwave has conducted scientific research into the psychological effects of a ransomware crisis on both organisations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn in disarray long after the crisis itself has passed.

The research reveals how the psychological impact of ransomware attacks can persist on people in affected organisations for a very long time. It shows that crisis team members may develop serious symptoms far later. Top management and HR need to take measures against this, in fact right from the very beginning of the crisis. They are the ones bearing responsibility for the well-being of their staff.

They also discovered how teams have fallen apart some time after the crisis, with members leaving or staying home on sick-leave. The study reveals that effects can linger throughout the organisation. All in all the investigation shows that this invisible impact of a cyber crisis is an issue for the general business management, and certainly also for HR.

Northwave regards the response to a cyber attack as occurring in three phases. First comes the actual crisis situation, which evolves into an incident phase after about a week. A plan of action is then in place, and recovery measures are launched. The fire has been largely extinguished after a month or so, with the first (basic) functionalities available again.

Full recovery can take one to two years. Each phase has its specific effects on the minds and bodies of those involved, and by extension, on the organisation or parts of it. “On average a company is down for three weeks following a malware attack,” notes Van der Beijl. “But it surprised us that the impact persists for so long afterwards. Psychological issues are still surfacing a year after the actual crisis.”

One of every seven employees involved in the attack, either directly or indirectly, exhibits severe enough symptoms several months later, at a level considered to be above the clinical threshold at which professional trauma treatment help is needed. One in five employees say they would actually have needed more professional help subsequently in coming to terms with the attack. One in three liked to have more knowledge and concrete tools to deal with the psychological effects of the attack.

A ransomware attack has enduring psychological effects on the way employees view the world. Two-thirds of employees, including those not actually involved in the attack, now believe the world is less safe. As one IT manager pointed out, “I’ve become far more suspicious. The outside world is a dangerous place.”

https://www.helpnetsecurity.com/2022/10/25/psychological-effects-ransomware/

• 7 Hidden Social Media Cyber Risks for Enterprises

Whether they use it to amplify the brand, recruit new employees, advertise new products, or even sell directly to consumers, corporate brands love social media.

According to recent figures, brand advertising on social media is up by 53% in the last year, and that's not accounting for further investments that brands are making in developing and distributing content. They're pushing viral videos, funny memes, podcasts, written material, and more to increase engagement with their customers.

And brands are doing it across not only the old reliable social networks like Facebook and Twitter, but also emerging platforms like TikTok. In fact, according to another recent study, in 2022 marketers are expanding their horizons, with their increased content investments focused on areas like live streaming, long-form and short-form video content, virtual reality and augmented reality content, experimental content, and live audio chat rooms. The top platforms they're focused on most for increasing spending are now TikTok, Instagram, YouTube, and LinkedIn.

With the broadening of these social-media marketing strategies comes more risk. Whether an organisation uses social media to amplify its brand, or its executives and employees leverage social channels to bolster their professional and personal brands, these marketing platforms are a breeding ground for a wide range of cyber attacks and scams, including in the areas of artificial intelligence, deepfakes, and biometrics.

Cyber criminals, fraudsters, spies, and activists work around the clock to take advantage of emerging attack surfaces that arise from enterprise use of social media. The article below presents just a few avenues that organisations may overlook when they double-down on their social media investments.

https://www.darkreading.com/application-security/7-hidden-social-media-cyber-risks-enterprises

• 54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds

Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cyber security technology provider, Encore.

An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.

Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in. The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.

The immediate financial cost of a cyber-attack remains the number one concern for businesses, but security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers.

41% of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.

Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Encore believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.

https://www.darkreading.com/careers-and-people/54-of-staff-would-reconsider-working-for-a-firm-that-had-experienced-a-cyber-breach-research-finds

• Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before It’s Too Late

According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. Proofpoint's 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over it can take an extended period of time to restore data.

One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.

The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.

https://www.itsecurityguru.org/2022/10/28/evolve-as-fast-as-the-cybercriminals-protect-your-business-now-before-its-too-late/

• Enterprise Ransomware Preparedness Improving but Still Lacking

The majority of organisations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, "The Long Road Ahead to Ransomware Preparedness" by Enterprise Strategy Group, a division of TechTarget.

Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.

The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organisations plan to invest more in ransomware preparedness over the next 12 to 18 months.

With preparedness investments expected to grow, the survey asked how organisations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:

• network security (43%)

• backup infrastructure security (40%)

• endpoint security (39%)

• email security (36%)

• data encryption (36%)

Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.

https://www.techtarget.com/searchsecurity/feature/Enterprise-ransomware-preparedness-improving-but-still-lacking

• Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data

New details have emerged on the severity of the Australian Medibank hack, which has now affected all users. Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the Australian household names that have fallen victim to a data breach.

If it seems like barely a week goes by without news of another incident like this, you would be right. Cyber crime is on the rise – seven major Australian businesses were affected by data breaches in the past month alone.

But why now? And who is responsible for this latest wave of cyber attacks?

In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.

Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem. This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.

Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand. Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.

Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.

https://theconversation.com/why-are-there-so-many-data-breaches-a-growing-industry-of-criminals-is-brokering-in-stolen-data-193015

• How The "pizza123" Password Could Take Down an Organisation

Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers, who described the attack in their own article on FastCompany.com before the publication took the site down.

The breach, the bitter taste of pizza123, and the plight of malicious push notifications, demand caution when selecting and managing passwords.

The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.

After decades of investment in sculpting the organisation's brand image, a business can watch its reputation flounder in the face of an obscene push notification. The sentiment of millions of faithful customers can turn sour in an instant. By the time organisations block the messages and make public apologies, the harm is done.

Customers can swap to a competitor, or even sue for the offence when they have entrusted a publisher to provide safe content. Regulatory bodies can fine organisations. The company can spend time and money defending itself in court and restoring its image. But malicious push notifications can do a lot worse than offend customers—criminal hackers can load messages with malware and infect consumer devices, leading to privacy violations and consumer financial fraud.

People often build passwords using the first word that comes to mind and a brief series of numbers. Pizza123 is a perfect example of an easy-to-guess password. Employees will create passwords already appearing on breached password lists. Criminal hackers use brute force attacks to confirm working passwords from the same lists.

Nearly two-thirds of employees reuse their passwords. The more they reuse them across business and personal accounts, the more likely criminal hackers will breach them and test them on the organisation. Hackers know to try the same passwords on different companies they hack because of password reuse.

Robust password management enables fine-grained password policies and policy customisation. With a custom password policy, organisations can increase complexity requirements, like length and previous-password change minimums. A custom password policy with increased complexity requirements will block 95% of weak and breached passwords.

Password length is a particularly critical component of strong passwords. Ninety-three percent of the passwords used in brute force attacks include eight or more characters. A custom password policy can require a minimum password length, decreasing password entropy.

https://www.bleepingcomputer.com/news/security/how-the-pizza123-password-could-take-down-an-organization/

Threats

Ransomware and Extortion

• SonicWall: Ransomware down this year, but there’s a catch • The Register

• Medibank cyber-attack: should the health insurer pay a ransom for its customers’ data? | Health | The Guardian

• Health insurer Medibank's infosec diagnosis is getting worse • The Register

• Microsoft links Raspberry Robin worm to Clop ransomware attacks (bleepingcomputer.com)

• How to detect Windows worm that now distributes ransomware • The Register

• Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn (darkreading.com)

• BlackByte ransomware affiliate also steals victims' data • The Register

• Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs

• OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)

• CISA warns of ransomware attacks on healthcare providers (techtarget.com)

• Industrial Ransomware Attacks: New Groups Emerge, Manufacturing Pays Highest Ransom | SecurityWeek.Com

• Ransom Cartel - REvil Rebrand? (informationsecuritybuzz.com)

• Addressing Ransomware in Hospitals & Medical Devices (trendmicro.com)

• Australian Clinical Labs says patient data stolen in ransomware attack (bleepingcomputer.com)

• Vice Society Hackers Confess To Education Sector Ransomware Attacks (informationsecuritybuzz.com)

• Why Ransomware in Education on the Rise and What That Means for 2023 (thehackernews.com)

• Largest EU copper producer Aurubis suffers cyber attack, IT outage (bleepingcomputer.com)

• Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (thehackernews.com)

• Ransomware Gangs Ramp Up Industrial Attacks in US (darkreading.com)

Phishing & Email Based Attacks

• DHL Replaces LinkedIn As Most Imitated Brand in Phishing Attempts - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Social engineering attacks anybody could fall victim to - Help Net Security

• Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks | SecurityWeek.Com

Malware

• Threat Groups Repurpose Banking Trojans into Backdoors (darkreading.com)

• Types of cloud malware and how to defend against them (techtarget.com)

• Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Thousands Of Fake PoC Exploits In GitHub Repositories Deliver Malware – (informationsecuritybuzz.com)

• Chrome extensions with 1 million installs hijack targets’ browsers (bleepingcomputer.com)

• Hackers use Microsoft IIS web server logs to control malware (bleepingcomputer.com)

Mobile

• Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability (thehackernews.com)

• These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets (thehackernews.com)

• Android Hacking Warning As Criminals Target TikTok And PayPal For (informationsecuritybuzz.com)

Internet of Things – IoT

• IoT Fingerprinting Helps Authenticate and Secure All Those Devices (darkreading.com)

• IoT security strategy from enterprises using connected devices | Network World

• Security by design vital to protecting IoT, smart cities around the world, says CEO of UK NCSC | CSO Online

• Your CCTV devices can be hacked and weaponized - Help Net Security

• Critical Flaws in Abode Home Security Kit Allow Hackers to Hijack, Disable Cameras | SecurityWeek.Com

Data Breaches/Leaks

• Thomson Reuters leaked at least 3TB of sensitive data | Cybernews

• See Tickets discloses 2.5 years-long credit card theft breach (bleepingcomputer.com)

• Twilio discloses another hack from June, blames voice phishing (bleepingcomputer.com)

• Seven months after it found out, FamilySearch tells users their personal data has been breached • Graham Cluley

• Bed Bath & Beyond reviewing possible data breach | Reuters

Organised Crime & Criminal Actors

• Ukrainian charged for operating Raccoon Stealer malware service (bleepingcomputer.com)

• Interpol says metaverse opens up new world of cyber crime | Reuters

• From Bounty to Exploit Observations About Cyber criminal Contests (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Researchers uncover cryptojacking campaign targeting Docker, Kubernetes cloud servers | SC Media (scmagazine.com)

• Purpleurchin: Cryptocurrency miners scour GitHub, Heroku • The Register

• Cryptomining campaign abused free GitHub account trials (techtarget.com)

Insider Risk and Insider Threats

• New York Post hacked? No, the culprit is an employee - Security Affairs

Fraud, Scams & Financial Crime

• UK Anti-fraud Efforts Failing (informationsecuritybuzz.com)

• Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection (darkreading.com)

• Economic strife fuels cyber anxiety - Help Net Security

• LinkedIn Releases New Security Features To Combat Fraud (informationsecuritybuzz.com)

• Beware Of SCAMS As Cost Of Living Bites Finances, Expert Comments (informationsecuritybuzz.com)

Insurance

• Health insurer Medibank's infosec diagnosis is getting worse • The Register

• Cyber Insurance Market 2022: FAQs & Updates with iBynd (trendmicro.com)

Dark Web

• Notorious ‘BestBuy’ hacker arraigned for running dark web market (bleepingcomputer.com)

• Student arrested for running one of Germany’s largest dark web markets (bleepingcomputer.com)

• Dark Web Forum Busts Come Days Apart (darkreading.com)

• British hacker arraigned for running The Real Deal dark web marketplace - Security Affairs

Software Supply Chain

• Supply Chain Attacks Or Vulnerabilities Experienced By 80% Of Organisations (informationsecuritybuzz.com)

• How the Software Supply Chain Security is Threatened by Hackers (thehackernews.com)

• Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)

• Consumer behaviours are the root of open source risk - Help Net Security

Denial of Service DoS/DDoS

• Key observations on DDoS attacks in H1 2022 - Help Net Security

• Meet the Windows servers that have been fuelling massive DDoSes for months | Ars Technica

Cloud/SaaS

• Everything you Need to Know about Cloud Hacking and its Methodologies (analyticsinsight.net)

• It’s time to prioritize SaaS security | InfoWorld

• Top Cloud Security Challenges & How to Beat Them (trendmicro.com)

• Atlassian Vulnerabilities Highlight Criticality of Cloud Services (darkreading.com)

• Threat Actors Target AWS EC2 Workloads to Steal Credentials (trendmicro.com)

• Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)

• 4 Reasons Open Source Matters for Cloud Security (darkreading.com)

• Cloud Providers Throw Their Weight Behind Confidential Computing (darkreading.com)

Hybrid Working

• Balancing remote work privacy vs. productivity monitoring (techtarget.com)

• Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)

Attack Surface Management

• Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)

• Asset risk management: Getting the basics right - Help Net Security

Encryption

• New Critical Vuln In Component That Allow Encryption Across Internet - (informationsecuritybuzz.com)

• Can a new form of cryptography solve the internet’s privacy problem? | Data protection | The Guardian

API

• Thousands Of Publicly Exposed API Tokens Could Threaten Software Integrity (informationsecuritybuzz.com)

• Key API Security Principles And How To Implement Them (informationsecuritybuzz.com)

Open Source

• Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)

• 4 Reasons Open Source Matters for Cloud Security (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why it's time to expire mandatory password expiration policies (techtarget.com)

• Feds say Ukrainian man running malware service amassed 50M unique credentials | Ars Technica

Biometrics

• ICO Warns of "Immature" Biometric Tech - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• LinkedIn Phishing Spoof Bypasses Google Workspace Security (darkreading.com)

• LinkedIn's new security features combat fake profiles, threat actors (bleepingcomputer.com)

• Cyber security event cancelled after scammers disrupt LinkedIn live chat (bitdefender.com)

• Expert Opinion: What Does Musk's Takeover Mean For Cyber security? (informationsecuritybuzz.com)

• Cyber attackers Target Instagram Users With Threats of Copyright Infringement (darkreading.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videos (bitdefender.com)

Regulations, Fines and Legislation

• UK Construction Biz Fined £4.4m for Serious Security Failings - Infosecurity Magazine (infosecurity-magazine.com)

• Australia Flags New Corporate Penalties for Privacy Breaches | SecurityWeek.Com

Data Protection

• What consumers expect from organisations that handle their personal data - Help Net Security

Law Enforcement Action and Take Downs

• Criminals are starting to exploit the metaverse, says Interpol. So police are heading there too | ZDNET

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine: Russian cyber attacks aimless and opportunistic (techtarget.com)

• Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (thehackernews.com)

• Slovak, Polish Parliaments Hit by Cyber attacks | SecurityWeek.Com

• Norway arrests man accused of being Russian spy - BBC News

• Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs

• Ukraine Warns of Cuba Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

Nation State Actors – Russia

• Russia says Starlink satellites could become military target • The Register

• Calls for inquiry mount after reports that Truss’s phone was hacked | Financial Times

• OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)

Nation State Actors – China

• Chinese spy duo charged in Huawei case as US condemns ‘egregious’ interference | China | The Guardian

• Chinese Connected Cyber Crew Unleashes Disinformation Campaign Ahead of US Elections - MSSP Alert

• Federal bans don't stop US states from buying Chinese kit • The Register

• Chinese Spies Indicted for Coercing Nationals Living in US to Return as Agents of the PRC - MSSP Alert

Nation State Actors – North Korea

• Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans (thehackernews.com)

Nation State Actors – Iran

• Iranian government blames 'foreign country' for hack-and-leak of nuclear information - CyberScoop

Vulnerability Management

• Outpost24: How Pentesting-as-a-Service finds vulnerabilities before they're exploited (bleepingcomputer.com)

• Protecting organisations by understanding end-of-life software risks - Help Net Security

Vulnerabilities

• OpenSSL to fix the second critical flaw ever - Security Affairs

• Urgent: Google Issues Emergency Patch for Chrome Zero-Day (darkreading.com)

• Multiple RCE Vulnerabilities Discovered in Veeam Backup & Replication App - Infosecurity Magazine (infosecurity-magazine.com)

• ConnectWise fixes RCE bug exposing thousands of servers to attacks (bleepingcomputer.com)

• Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig (portswigger.net)

• Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! – Naked Security (sophos.com)

• Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit (darkreading.com)

• 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (thehackernews.com)

• Cisco warns admins to patch AnyConnect flaws exploited in attacks (bleepingcomputer.com)

• Exploit released for critical VMware RCE vulnerability, patch now (bleepingcomputer.com)

• Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities | SecurityWeek.Com

• Incoming OpenSSL critical fix: Organisations, users, get ready! - Help Net Security

• Cisco Users Informed of Vulnerabilities in Identity Services Engine | SecurityWeek.Com

• VMware fixes critical RCE in VMware Cloud Foundation - Security Affairs

• VMware Patches Critical Vulnerability in End-of-Life Product | SecurityWeek.Com

• Multiple vulnerabilities affect the Juniper Junos OS - Security Affairs

Reports Published in the Last Week

• Q3 2022 Phishing and Malware Report: Phishing Volumes Increase 31% (vadesecure.com)

• Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)

• Justice response inadequate to meet scale of fraud epidemic - Committees - UK Parliament

Other News

• Cyber Security Risks & Stats This Spooky Season (darkreading.com)

• Cyber Certification Skills Are For Life, Not Just For Linkedin (informationsecuritybuzz.com)

• 8 hallmarks of a proactive security strategy | CSO Online

• Implementing Defence in Depth to Prevent and Mitigate Cyber Attacks (thehackernews.com)

• Cyber security’s importance and impact reaches all levels of the tech workforce - Help Net Security

• Stress Is Driving Cyber Security Professionals to Rethink Roles (darkreading.com)

• Equifax's Lessons Are Still Relevant, 5 Years Later (darkreading.com)

• Why dark data is a growing danger for corporations - Help Net Security

• Know the dangers you're facing: 4 notable TTPs used by cyber criminals worldwide - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Two Thirds Of CISOs Across World Expect Damaging Cyber Attack In Next 12 Months

More than 1,000 CISOs around the world have expressed concerns about the security ramifications of the massive shift to remote work since the beginning of the pandemic. One hundred CISOs from the US, Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, and Singapore were interviewed for the report, with many highlighting significant problems in the current cyber security landscape.

https://www.zdnet.com/article/two-thirds-of-cisos-across-world-expect-damaging-cyberattack-in-next-12-months/

Ransomware: Don't Pay Up, It Just Shows Cyber Criminals That Attacks Work, Warns Home Secretary

For victims of ransomware attacks, paying the ransom does not guarantee that their network will be restored – and handing money to criminals only encourages them to try their luck infecting more companies with the file-encrypting malware. The impact of ransomware attacks continues to rise as cyber criminals encrypt networks, while also blackmailing victims with the prospect of stolen data being published, to generate as much money as possible from extortion.

https://www.zdnet.com/article/ransomware-dont-pay-the-ransom-it-just-encourage-cyber-criminals-that-attacks-work-warns-home-secretary/

The Most Significant Cyber Attacks From 2006-2020, By Country

Committing a cyber crime can have serious consequences. In the US, a cyber criminal can receive up to 20 years in prison for hacking into a government institution if it compromises national security. Yet, despite the consequences, cyber criminals continue to wreak havoc across the globe. But some countries seem to be targeted more than others. Using data from SpecOps Software, this graphic looks at the countries that have experienced the most significant cyber attacks over the last two decades.

https://www.visualcapitalist.com/cyber-attacks-worldwide-2006-2020/

The Shape Of Fraud And Cyber Crime: 10 Things We Learned From 2020

While it remains true that the older you are, the greater the financial loss, why would fraudsters target the young, who are arguably less well off? The answer lies in volume. Criminals have been offsetting higher monetary gain for higher attack rates, capitalising on the fact that the young are perhaps both more liberal with personal information (and privacy in general) and, at the same time, heavy digital users (social media, surveys, games, and so on). In fact, it is scary to see how much value the humble email address can have for criminals. We often forget that once obtained, it can be used further down the line to commit more fraud.

https://www.computerweekly.com/opinion/The-shape-of-fraud-and-cyber-crime-10-things-we-learned-from-2020

Is Third-Party Software Leaving You Vulnerable To Cyber Attacks?

When companies buy digital products, they expect them to be secure. In most cases, they do not test for vulnerabilities down the digital supply chain — and do not even have adequate processes or tools to do so. Hackers have taken note, and incidents of supply chain cyber attacks, which exploit weaknesses within the digital supply chain to break into organisations’ internal networks, are on the rise. As a result, there have been many headline incidents that not only bring shame to the companies involved, but rachet up the visibility of these threats to top executives who want to know their offerings are secure.

https://hbr.org/2021/05/is-third-party-software-leaving-you-vulnerable-to-cyberattacks

US Pipeline Ransomware Attack Serves As Fair Warning To Persistent Corporate Inertia Over Security

Organisations that continue to disregard the need to ensure they have adopted basic cyber security hygiene practices should be taken to task. This will be critical, especially as cyber criminals turn their attention to sectors where cyber threats can result in real-world risks, as demonstrated in the US Colonial Pipeline attack. In many of my conversations with cyber security experts, there is a shared sense of frustration that businesses still are failing to get some of the most basic things right. Default passwords are left unchanged, frontline staff and employees are still falling for common scams and phishing attacks, and major businesses think nothing of using technology that are decades old.

https://www.zdnet.com/article/us-pipeline-ransomware-attack-serves-as-fair-warning-to-persistent-corporate-inertia-over-security/

Ransomware Attackers Are Now Using Triple Extortion Tactics

The number of organisations affected by ransomware so far this year has more than doubled, compared with the same period in 2020, according to the report. Since April, Check Point researchers have observed an average of 1,000 organisations impacted by ransomware every week. For all of 2020, ransomware cost businesses worldwide around $20 billion, more than 75% higher than the amount in 2019. The healthcare sector has been seeing the highest volume of ransomware with around 109 attacks per organization each week. Amid news of a ransomware attack against gas pipeline company Colonial Pipeline, the utilities sector has experienced 59 attacks per organization per week. Organisations in the insurance and legal sector have been affected by 34 such attacks each week.

https://www.techrepublic.com/article/ransomware-attackers-are-now-using-triple-extortion-tactics/

AXA Pledges To Stop Reimbursing Ransom Payments For French Ransomware Victims

Insurance company AXA has revealed that, at the request of French government officials, it will end cyber insurance policies in France that pay ransomware victims back for ransoms paid out to cyber criminals. While unconfirmed, the Associated Press reported that the move was an industry first. AXA is one of the five biggest insurers in Europe and made the decision as ransomware attacks become a daily occurrence for organisations across the world.

https://www.zdnet.com/article/axa-pledges-to-stop-reimbursing-ransom-payments-for-french-ransomware-victims/

The Dystopic Future Of Cyber Security And The Importance Of Empowering CISOs

Over a decade ago, in 2007, the first iPhone was released and with it emerged an ecosystem of apps that continues to expand to this day. This was a watershed moment, not solely for the technology industry, but civilization. It was a catalyst for what was to come. Suddenly, every consumer could access the internet at a touch of a button, and the accumulation of their data by private companies began en masse. It was at this point that data was established as an increasingly valuable commodity, and in turn, became a heightened exploitation risk. It also instigated a wave of innovation that has yet to break and is only growing rapidly in pace. In this state, technology providers, users, and manufacturers get excited about new functionalities, new features, new developments, while little thought is given to the negative consequences that could arise as a result. Indeed, fear has no place in the state of innovation as it is this primal thinking that inhibits creativity.

https://www.infosecurity-magazine.com/blogs/the-dystopic-future-of/

Cyber Security Experts Warn Over Online Wine Scams

Online wine scams became a bigger threat as cyber criminals sought to take advantage of more people and businesses organising virtual drinks and ordering bottles on the internet in the wake of Covid-19 restrictions, suggests the report. So-called ‘phishing emails’ were a particular concern, according to findings published in April by US-based group Recorded Future in partnership with Area 1 Security. From January 2020 onwards, the authors found a significant rise in legitimate wine-themed web domain registrations using terms like Merlot, Pinot, Chardonnay or Vino.

https://www.decanter.com/wine-news/cyber-security-experts-warn-over-online-wine-scams-457647/

Threats

Ransomware

• New Ransomware: CISA Warns Over Fivehands File-Encrypting Malware Variant

• Energy Companies Are The Firms Most Likely To Pay Cyber Attack Ransoms

• A Student Pirating Software Led To A Full-Blown Ryuk Ransomware Attack

• MTR In Real Time: Pirates Pave Way For Ryuk Ransomware

• Ransomware Going For $4K On The Cyber Underground

• Foreign Secretary Issues Warning To Russia On Ransomware

• Anatomy Of A $2 Million Darkside Ransomware Breach

BEC

• Business Email Compromise Attack Targeted Dozens Of Orgs

Phishing

• Phishing Attacks Exploit Cognitive Biases, Research Finds

• AI Discovers A Complex Phishing Crypto Currency Scam Campaign

Other Social Engineering

• Coronavirus-Related Cyber Crime Contributes To 15-Fold Surge In Scam Takedowns

• She Responded To A Smishing Scam. Then The Spam Texts Got Worse.

Malware

• Emails Reveal 128 Million iOS Users Were Affected By ‘Xcodeghost’ Malware

Mobile

• A New Smishing Trojan Is Out And About

• New Android Malware Targeting Banks In Italy, Spain, Germany, Belgium, And The Netherlands

IOT

• How To Apply A Zero Trust Approach To Your IoT Solutions

• Troy Hunt At Black Hat Asia: ‘We’re Making It Very Difficult For People To Make Good Security Decisions’

Vulnerabilities

• Don’t Delay Installing Your Windows 10 May Patch Tuesday Update – It Fixes 3 Zero-Day Exploits

• Patch Adobe Reader Now Or Risk A Major Security Attack

• WiFi Vulnerability May Leave Millions Of Devices Open To 'Frag Attacks'

• Remote Mouse Mobile App Contains Raft Of Zero-Day RCE Vulnerabilities

• Lemon Duck Hacking Group Adopts Microsoft Exchange Server Vulnerabilities In New Attacks

Data Breaches

• Hackers release personal info of 22 DC Police officers

• Anatomy Of A $2 Million Darkside Ransomware Breach

Organised Crime & Criminal Actors

• Bulletproof Hosting Admins Plead Guilty To Running Cyber Crime Safe Haven

Supply Chain

• Rapid7 Source Code, Credentials Accessed In Codecov Supply-Chain Attack

Nation State Actors

• Russian Hackers Are Targeting These Vulnerabilities, So Patch Now

• NCSC Warns British Start-Ups Of Threat From Chinese And Russian Hackers

• NCSC, CISA publish new information on Russia’s Cozy Bear

Privacy

• Your Employer May Be Spying On You — Here Are 3 Ways To Stop It

Reports Published in the Last Week

• DDOS Attacks In Q1 2021

• Verizon 2021 Data Breach Investigations Report (DBIR)

Other News

• University Cancels Exams After Cyber Attack

• Your Old Mobile Phone Number Could Compromise Your Cyber Security

• Microsoft's New Security Feature Locks Hackers Out With GPS

• Biden Signs Executive Order Aiming To Prevent Future Cyber Security Disasters

• Cyber Security And Compliance For Healthcare Organizations

• Train Firm’s ‘Worker Bonus’ Email Is Actually Cyber Security Test

• Half Of Government Security Incidents Caused By Missing Patches

• 90% Of Security Leaders View Bot Management As A Top Priority

• 'Everyone Had To Rethink Security': What Microsoft Learned In Last Year

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.