Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 15 March 2024
Black Arrow Cyber Threat Intelligence Briefing 15 March 2024:
-Mind The Gap - Mimecast Report Finds Humans Are Biggest Security Flaw
-Three-Quarters of Cyber Victim Are SMBs - Why SMBs are Becoming More Vulnerable
-Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc
-UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’
-Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024
-Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture
-Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
-Independent Cyber Security Audits Are Powerful Tools for Boards
-Navigating Cyber Security in The Era of Mergers
-Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Mind The Gap: Mimecast Report Finds Humans Are Biggest Security Flaw
A global report from Mimecast has found that 74% of all cyber breaches are caused by human factors, including errors, misuse of access privileges or social engineering. Email remains the primary attack vector for cyber threats. Further, 67% of respondents expect AI-driven attacks to soon be the norm and 69% believe their company will be harmed by an attack.
No matter the size, sector or budget of an organisation, people remain a consistent risk factor. Even with strong technology controls, people can still be the risk that brings down the organisation. It is therefore important for organisations to integrate people into their cyber security investments. This should include awareness and education training, and fostering a cyber secure culture in the organisation.
Sources: [IT Security Guru] [Beta News] [Verdict]
Three-Quarters of Cyber Victim Are SMBs: Why SMBs are Becoming More Vulnerable
According to a recent Sophos report, over three-quarters of cyber incidents impacted smaller businesses in 2023, with ransomware having the largest impact. The research also found that in 90% of attacks, data or credential theft was involved and in 43%, data theft was the main focus.
The report found significant usage of initial access brokers; these are attackers whose speciality is to break into computer networks and sell ready-to-go access to other attackers. In fact, the report found that almost half of all malware detected in SMBs were malicious programs used to steal sensitive data and login credentials. Unfortunately, many SMBs struggle to keep up due to a lack of resources and budget; instead, they must be able to prioritise their cyber security efforts to get the most return on investment.
Sources: [Infosecurity Magazine] [Help Net Security] [TechRadar] [Nairametrics] [TechTarget]
Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc
The Ipsos report on Cyber Security Skills in the UK Labour Market 2023 sheds light on the persistent challenges faced in recruiting, training, and retaining cyber security professionals across various domains. With approximately 739,000 businesses lacking basic cyber skills and 487,000 facing advanced skills gaps, the demand for trained professionals is escalating. The shortage of incident response skills highlights the need for comprehensive education and training programs. Senior management and board-level executives must also be equipped with the knowledge to manage incidents effectively, emphasising reporting, seeking external assistance, and maintaining a no-blame culture. Understanding cyber risks at the business level is crucial, as cyber crime has evolved into a well-organised industry with distinct roles and profit-sharing mechanisms among cyber criminal groups. Conducting tabletop incident response exercises can effectively prepare senior leadership for cyber incidents, ensuring a proactive and coordinated response to mitigate risks and safeguard organisational resilience.
Source: [TechRadar]
UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’
The recent response from the British government to warnings about the looming ransomware threat has sparked criticism, with accusations of adopting an "ostrich strategy" by downplaying the severity of the national cyber threat. Despite alarming assessments from the Joint Committee on the National Security Strategy (JCNSS) regarding the high risk of a catastrophic ransomware attack, the government's formal response has been met with scepticism. Key recommendations, such as reallocating responsibility for tackling ransomware away from the Home Office, were rejected, with the government arguing that its existing regulations and the current National Cyber Strategy were sufficient. This argument has raised concerns about the government's preparedness and resource allocation. With ransomware attacks escalating in the UK, the Committee underscores the urgency for a proactive national security response to mitigate the potentially devastating impacts on the economy and national security.
Source: [The Record Media]
Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024
Research conducted by the Identity Theft Resource Center (ITRC) found that 2023 set an all time high in data breaches, 72% more than the prior year. Separately, the Allianz Risk Barometer identified cyber incidents as the biggest global business threat for 2024, ranking above regulatory concerns, climate change and a shortage of skilled workers. It is crucial that the severity of this risk is reflected in the actions taken by organisations, who must effectively govern and implement their cyber security strategy.
Sources: [JDSupra]
Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture
Cyber security has become a pressing issue on financial institutions due to the rise in cyber attacks, as highlighted by the February attack on Bank of America via a third-party service. The involvement of the LockBit ransomware group underlines the persistent nature of these threats, particularly targeting the financial sector. These attacks disrupt services and undermine trust in the financial system, necessitating robust cyber security frameworks. The new US Securities and Exchange Commission (SEC) rule requiring immediate disclosure of cyber security incidents presents both benefits and challenges, calling for clear guidelines and industry-wide collaboration. BlackBerry’s Global Threat Intelligence Report revealed a staggering million attacks globally in just 120 days last year. These attacks, often using commodity malware, make up almost two-thirds of all industry-related incidents. The 27% increase in novel malware samples highlights the need for improved defences. These findings emphasise the need for AI-driven detection and defence strategies. While critical infrastructure remains a primary focus, commercial enterprises must remain vigilant, with a third of threats targeting various sectors, emphasising the pervasive nature of cyber threats across industries.
Source:[ SC Media] [TechRadar]
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
In a recent revelation, Microsoft disclosed that the Kremlin-backed threat group known as Midnight Blizzard successfully accessed some of Microsoft’s source code repositories and internal systems following a hack in January 2024. The breach, believed to have originally occurred in November 2023, exploited a legacy test account lacking multi-factor authentication by employing a password spray attack. Microsoft assured no compromise to customer-facing systems but warned of ongoing attempts by Midnight Blizzard to exploit stolen corporate email data. The extent of the breach remains under investigation, with concerns raised over the potential accumulation of attack vectors by the threat actor. The incident underscores the escalating sophistication of nation-state cyber threats and prompts a re-evaluation of security measures, highlighting the imperative for robust defences against such adversaries.
Source: [The Hacker News]
Independent Cyber Security Audits Are Powerful Tools for Boards
Board members are increasingly held accountable for their organisation's cyber posture, facing personal liability for lapses. To gain insight and demonstrate proactive leadership, independent cyber security audits have become indispensable. These audits not only aid in regulatory compliance but also uncover blind spots in the organisation's security measures. Recent regulations, such as by the US Securities and Exchange Commission (SEC) underscore the imperative for robust cyber security oversight at the board level. The audit process involves defining the scope, conducting assessments, validating findings through simulations, and presenting comprehensive reports to leadership. By embracing cyber security audits, boards can fulfil their duty of overseeing and enhancing the organisation's cyber resilience in an ever-evolving threat landscape.
Source: [Bloomberg Law]
Navigating Cyber Security in The Era of Mergers
In today's landscape of frequent mergers and acquisitions (M&A), organisations grapple with the challenge of aligning cyber security measures across subsidiaries, posing a risk to overall security. According to an IBM survey, over one in three executives attribute data breaches to M&A activity during integration. This complexity arises as security teams may lack insight into subsidiary infrastructure, hindering risk assessment and mitigation efforts. Historical incidents like the NotPetya attack on Merck and the Talk Talk hack highlight vulnerabilities post-acquisition, emphasising the need for a proactive approach to subsidiary cyber security. To address these challenges, organisations must conduct comprehensive risk assessments, standardise security protocols, foster collaboration, and consider unified security platforms. By proactively addressing visibility gaps and implementing standardised protocols, organisations can fortify their defences against evolving cyber threats amidst M&A activities.
Source: [Forbes]
Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm
According to a recent report, 76% of organisations were compromised by QR-code phishing in the last 12 months. Along with this, there has also been a rise in the number of sophisticated vishing attacks, with recent attacks costing organisations millions. The introduction of artificial intelligence has only added fuel to this fire already impacting security controls such as call-back procedures. With the tactics of phishing evolving, organisations need to ensure they are up-to-date and that employees are trained effectively to mitigate the risk of these.
Sources: [Help Net Security] [Dark Reading]
Governance, Risk and Compliance
Cyber Security skills gap and boardroom blindness invite hacker havoc | TechRadar
Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)
Navigating Cyber Security In The Era Of Mergers (forbes.com)
SMEs invest in tech opportunities but risk missing security safeguards (betanews.com)
Your tech tools won’t save you from cyber threats | TechRadar
The CISO Role Is Changing. Can CISOs Themselves Keep Up? (darkreading.com)
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
How enterprises can tackle risky cyber security behavior and improve workforce resilience | ITPro
Building a Security Culture of Shared Responsibility - Security Boulevard
MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense
Threats
Ransomware, Extortion and Destructive Attacks
Sophos: Remote ransomware attacks on SMBs increasing | TechTarget
UK government’s ransomware failings leave country ‘exposed and unprepared’ (therecord.media)
Understanding the multi-tiered impact of ransomware. (thecyberwire.com)
Ransomware tracker: The latest figures [March 2024] (therecord.media)
The effects of law enforcement takedowns on the ransomware landscape - Help Net Security
UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)
Businesses leaving their Kubernetes containers exposed to ransomware | TechRadar
StopCrypt: Most widely distributed ransomware now evades detection (bleepingcomputer.com)
Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica
Ransomware Victims
British Library’s legacy IT blamed for lengthy rebuild • The Register
British Library shares lessons from cyber attack | UKAuthority
Stanford University failed to detect intruders for 4 months • The Register
Stanford says data from 27,000 people leaked in September ransomware attack (therecord.media)
Law Firm Sues MSP Over Black Basta Ransomware Attack | MSSP Alert
Play ransomware group stole 65,000 Swiss government files • The Register
Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care (claimsjournal.com)
Nissan confirms ransomware attack exposed data of 100,000 people (bleepingcomputer.com)
Equilend warns employees their data was stolen by ransomware gang (bleepingcomputer.com)
Phishing & Email Based Attacks
Phishing Threats Rise as Malicious Actors Target Messaging Platforms - Security Boulevard
MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)
What is phishing? Examples, types, and techniques | CSO Online
Other Social Engineering
Sophisticated Vishing Campaigns Take World by Storm (darkreading.com)
Your tech tools won’t save you from cyber threats | TechRadar
Artificial Intelligence
AI Poses Extinction-Level Risk, State-Funded Report Says | TIME
Cyber crime underworld has removed all the guardrails on AI frontier
Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data (darkreading.com)
Cyber attackers are threatening businesses with AI, says Microsoft (qz.com)
Intelligence officials warn pace of innovation in AI threatens US | CyberScoop
How advances in AI are impacting business cyber security - Help Net Security
NCSC Blog - AI and cyber security: what you need to know (techuk.org)
4 types of prompt injection attacks and how they work | TechTarget
Former Google engineer charged with stealing AI trade secrets | TechTarget
How to craft a generative AI security policy that works | TechTarget
2FA/MFA
Malware
Keyloggers, spyware, and stealers dominate SMB malware detections - Help Net Security
SMBs are being hit with more malware attacks than ever, and many can't keep up | TechRadar
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)
Botnets: The uninvited guests that just won’t leave | CSO Online
Hackers using Weaponized PDF Files to Deliver Remcos RAT (cybersecuritynews.com)
RedLine malware top credential stealer of last 6 months | SC Media (scmagazine.com)
Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT (darkreading.com)
Mobile
Blog: Why Hackers Love Phones - Keep your Eye on the Device - Security Boulevard
SIM swappers hijacking phone numbers in eSIM attacks (bleepingcomputer.com)
PixPirate Android malware uses new tactic to hide on phones (bleepingcomputer.com)
Denial of Service/DoS/DDOS
French government sites disrupted by très grande DDOS • The Register
Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)
RIA: Estonia's state institutions hit by largest cyber attack to date | News | ERR
DDoS attacks reach critical levels in 14 seconds | Security Magazine
Internet of Things – IoT
Internet of Risks: Cyber Security Risk in the Internet of Things | UpGuard
Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors - Security Week
Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk (darkreading.com)
Chinese spies want to steal IP by backdooring safe locks • The Register
Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)
MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)
Data Breaches/Leaks
Data Breaches up 72% From Record High: Cyber Incident Readiness Must be Top of Mind | Epiq - JDSupra
Jersey regulator's data breach leaks names and addresses - BBC News
Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware (bleepingcomputer.com)
Okta denies it was hacked again after data appears on hacking site | TechRadar
Over 12 million auth secrets and keys leaked on GitHub in 2023 (bleepingcomputer.com)
French unemployment agency data breach impacts 43 million people (bleepingcomputer.com)
Organised Crime & Criminal Actors
How to Identify a Cyber Adversary: Standards of Proof (darkreading.com)
How to Identify a Cyber Adversary: What to Look For (darkreading.com)
Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)
Bitcoin Fog mixer operator convicted for laundering $400 million (bleepingcomputer.com)
US Seizes $1.4 Million in Cryptocurrency From Tech Scammers - Security Week
Insider Risk and Insider Threats
Insider threats can damage even the most secure organisations - Help Net Security
Your tech tools won’t save you from cyber threats | TechRadar
Former Google engineer charged with stealing AI trade secrets | TechTarget
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Building a Security Culture of Shared Responsibility - Security Boulevard
How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur
Insurance
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)
Supply Chain and Third Parties
Play ransomware group stole 65,000 Swiss government files • The Register
Industry: Act Now To Secure the Solutions You Offer the Military | AFCEA International
Cloud/SaaS
EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch
Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)
How Not to Become the Target of the Next Microsoft Hack (darkreading.com)
Cloud Account Attacks Surged 16-Fold in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)
Cloud security vs. network security: What's the difference? | TechTarget
Encryption
Linux and Open Source
How to Ensure Open Source Packages Are Not Landmines (darkreading.com)
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Russian Hackers Are Weaponizing Stolen Microsoft Passwords (claimsjournal.com)
Overcoming the threat of account takeover fraud (securitybrief.co.nz)
LastPass suffers worldwide outage causing site 404 error - 9to5Mac
Social Media
Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)
Meta sues “brazenly disloyal” former exec over stolen confidential docs | Ars Technica
TikTok Ban Raises Data Security, Control Questions (darkreading.com)
Training, Education and Awareness
Your tech tools won’t save you from cyber threats | TechRadar
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Regulations, Fines and Legislation
Everything you need to know about the EU's Cyber Solidarity Act | ITPro
The New Hacker Playbook: Weaponizing the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra
Models, Frameworks and Standards
4 Security Tips From PCI DSS 4.0 Anyone Can Use (darkreading.com)
Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)
Backup and Recovery
Data Protection
EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch
How do you lot feel about Pay or OK model, ICO asks Brits • The Register
Careers, Working in Cyber and Information Security
Half of firms struggling to hire cyber security experts (securitybrief.co.nz)
UK Council's Vision: Set High Standards in Cyber Security (govinfosecurity.com)
How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur
Cyber security skills gap and boardroom blindness invite hacker havoc | TechRadar
Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)
How To Overcome The Machismo Problem In Cyber Security (forbes.com)
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
TikTok Ban Raises Data Security, Control Questions (darkreading.com)
Lithuania security services warn of China's espionage against the country (securityaffairs.com)
Chinese Cyber Crime: Discretion Is the Better Part of Valor (databreachtoday.co.uk)
Chinese spies want to steal IP by backdooring safe locks • The Register
Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)
Russia
Microsoft says Russian hackers stole source code after spying on its executives - The Verge
Microsoft says Russian hackers breached its systems, accessed source code (bleepingcomputer.com)
Microsoft: Russians are using stolen information to breach company’s systems (therecord.media)
Microsoft says it hasn't been able to evict Russian state hackers | AP News
Kremlin accuses US of plotting election-day cyber attack • The Register
Major operation under way to identify source of Russian attack that 'jammed signals' on... - LBC
First-ever South Korean national detained for espionage in Russia (securityaffairs.com)
Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)
North Korea
Vulnerability Management
How to Streamline the Vulnerability Management Life Cycle - Security Boulevard
Researchers expose Microsoft SCCM misconfigs usable in cyber attacks (bleepingcomputer.com)
Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)
Vulnerabilities
Adobe Patches Critical Flaws in Enterprise Products - Security Week
Major CPU, Software Vendors Impacted by New GhostRace Attack - Security Week
Critical Fortinet flaw may impact 150,000 exposed devices (bleepingcomputer.com)
Fortinet Releases Security Updates for Multiple Products | CISA
SAP Patches Critical Command Injection Vulnerabilities - Security Week
Cisco addressed severe flaws in its Secure Client (securityaffairs.com)
5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw - Security Boulevard
New cyber crime crew Magnet Goblin caught exploiting Ivanti • The Register
Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory (darkreading.com)
Threat actors breached two crucial systems of the US CISA (securityaffairs.com)
Researchers found multiple flaws in ChatGPT plugins (securityaffairs.com)
Exploited Building Access System Vulnerability Patched 5 Years After Disclosure - Security Week
Tools and Controls
Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)
NSA's Zero-Trust Guidelines Focus on Segmentation (darkreading.com)
Expert Cyber Security Strategies For Protecting Remote Businesses (forbes.com)
Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Cloud security vs. network security: What's the difference? | TechTarget
Immutability: A boost to your security backup (betanews.com)
MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense
How teams can improve incident recovery time to minimize damages - Help Net Security
Reports Published in the Last Week
Other News
Finance sector facing huge amount of cyber attacks that could leave it on its knees | TechRadar
French state services hit by cyber attacks of 'unprecedented intensity' (france24.com)
Better Safe Than Sorry: Making Cyber Security a Priority | HealthLeaders Media
How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)
Pi Day: How Hackers Slice Through Security Solutions - Security Boulevard
78% of MSPs state cyber security is a prominent IT challenge | Security Magazine
No, 'Leave the World Behind' and 'Civil War' Aren’t Happening Before Your Eyes | WIRED
Maritime cyber security: threats and challenges - Port Technology International
What resources do small utilities need to defend against cyber attacks? | CyberScoop
10 free cyber security guides you might have missed - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 12 February 2024 – Fortinet FortiOS Vulnerability in SSL VPN
Black Arrow Cyber Advisory 12 February 2024 – Fortinet FortiOS Vulnerability in SSL VPN
Executive Summary
Fortinet have released a patch to fix a critical vulnerability in their FortiOS product, stating that is potentially being exploited in the wild. Successful exploitation of the vulnerability could allow a remote unauthorised attacker to execute code or commands.
What’s the risk to me or my business?
There is a risk that organisations using vulnerable versions of FortiOS are leaving themselves at risk of allowing an unauthenticated remote attacker to perform arbitrary code execution. This means an attacker could potentially gain unauthorised access and perform actions that could impact the confidentiality, integrity, and availability of the organisations data. This vulnerability only impacts organisations who have SSL VPN enabled.
The affected versions of FortiOS and FortiProxy are:
FortiOS
FortiOS 7.4 (7.4.0 through 7.4.2) – upgrade to 7.4.3 or above.
FortiOS 7.2 (7.2.0 through 7.2.6) – upgrade to 7.2.7 or above.
FortiOS 7.0 (7.0.0 through 7.0.13) – upgrade to 7.0.14 or above.
FortiOS 6.4 (6.4.0 through 6.4.14) – upgrade to 6.4.15 or above.
FortiOS 6.2 (6.2.0 through 6.2.15) – upgrade to 6.4.15 or above.
FortiOS 6.0 (all versions) - migrate to fixed release.
FortiProxy
FortiProxy 7.4 (7.4.0 through 7.4.2) - upgrade to 7.4.3 or above.
FortiProxy 7.2 (7.2.0 through 7.2.8) - upgrade to 7.2.9 or above.
FortiProxy 7.0 (7.0.0 through 7.0.14) - upgrade to 7.0.15 or above.
FortiProxy 2.0 (2.0.0 through 2.0.13) - upgrade to 2.0.14 or above.
FortiProxy 1.2 (all versions) - migrate to fixed release.
FortiProxy 1.1 (all versions) - migrate to fixed release.
FortiProxy 1.0 (all versions) - migrate to fixed release.
What can I do?
Black Arrow recommends applying the available patches for the vulnerability immediately due its severity. Further information can be found in the Fortigaurd security update below. Organisations have also been advised to disable SSL VPN if they cannot apply patches immediately, however this is not a long term solution.
Technical Summary
CVE-2024-2176 – This is a out-of-bound write vulnerability in the sslvpnd which may allow a remote unauthenticated attacker to execute arbitrary code or commands using specifically crafted HTTP requests.
Further information on the FortiOS vulnerability can be found here:
https://www.fortiguard.com/psirt/FG-IR-24-015
Further information on upgrading can be found here:
https://docs.fortinet.com/upgrade-tool
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 12 January 2024
Black Arrow Cyber Threat Intelligence Briefing 12 January 2024:
-Boardrooms on Notice: Cyber Security Oversight More Important Than Ever
-Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023
-Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever
-Cyber Insecurity and Misinformation Top WEF Global Risk List
-Why Effective Cyber Security and Risk Management are Crucial for Business Growth
-The Cost of Dealing with a Cyber Attack Doubled Last Year
-Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved
-Mandiant, SEC Lose Control of X Accounts Without 2FA
-If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis
-82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year
-Cyber Security is the Number One Priority for the Financial Sector Again
-Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Boardrooms on Notice: Cyber Security Oversight More Important Than Ever
In 2023, the rise in security breaches and cyber attacks caused cyber security to transcend its usual confines and emerge as a critical boardroom concern, prompting executives to recognise the need for proactive engagement. The current landscape has necessitated executive decision-makers to proactively engage in cyber security, instead of just passively observing. It is no surprise that in a survey from KMPG of over 300 CEO’s, dealing with cyber risk was designated as the top priority for the foreseeable three to five years.
When a company faces a substantial fine or penalty from a breach, it serves two crucial purposes. Firstly, it sets a precedent for ensuring companies across the board understand the repercussions of lax cyber security measures and secondly, it pushes organisations towards proactive investment in robust cyber security frameworks. Many organisations are beginning to realise that the cost of a breach, both financial and reputational, far outweighs that of prevention. Furthermore, many frameworks are now placing the board as directly responsible.
Sources: [Lexology] [Security Brief]
Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023
Ransomware reported to the UK financial regulator in 2023 doubled, and the impact is clear. In a survey of CISOs based in the UK, one-third confessed to paying ransomware groups millions in recent years in a bid to alleviate the impact of an attack. The minimum ransom paid by UK businesses across a five year period stood at around $250,000, the study found. Ransomware is the dominant threat that continues to plague organisations, and it is important that your organisation is doing all it can to prevent such an attack, and has plans in place to recover when such an attack happens.
Sources: [Data Breaches] [UK mortgage news] [The Hacker News]
Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever
As organisations find themselves more and more reliant on digital technology than ever before, the impact of not having it becomes greater and greater. As reliance on these systems grows, the level of cyber threat grows as well. A recent report found 68% of those surveyed believed they would not survive more than a single day without their IT systems, up from 46% in 2017. The report found that 54% of organisations said they experienced some form of cyber attack last year, with ransomware cited as the most disruptive.
Source: [TechRadar]
Cyber Insecurity and Misinformation Top WEF Global Risk List
In the latest report by the World Economic Forum, misinformation and disinformation have emerged as the most severe global risk anticipated over the next two years, with the risk becoming more likely as elections in several economies take place this year. As artificial intelligence models become easier to use and more accessible to the general population, this will enable an explosion of false information and synthetic content such as cloned voices and fake websites.
Another top concern identified in the report is the risk of cyber attacks and cyber insecurities. Currently the production of AI technologies is highly concentrated; this creates a significant supply chain risk, as the reliance of one or two models could give rise to systemic cyber vulnerabilities, paralysing critical infrastructure.
Source: [Infosecurity Magazine]
Why Effective Cyber Security and Risk Management are Crucial for Business Growth
Technology has changed, enhanced and transformed how business is conducted. However, these new advancements such as cloud, IoT and AI have introduced a range of new cyber security risks. It is crucial for leaders to grasp the accompanying risks to ensure the safety of their organisations, customers and products. Given the inevitability of business risk, particularly cyber risk, leaders should focus on managing it by identifying mission-critical aspects of their organisation and then determining how best to protect them. The first step to a proactive approach to cyber security is to devise a robust and tailored cyber security strategy aligned to the organisation’s risk profile. This not only improves the safety and security of the organisation, but also the trust of its customers and products in an increasingly digital world.
Source: [World Economic Forum]
The Cost of Dealing with a Cyber Attack Doubled Last Year
New research by Dell claims that the cost of global cyber attacks reached a new high in 2023, topping out at $1.41 million per attack, up $660,000 from the previous year. It was found that almost half (48%) of UK based organisations reported suffering either a cyber attack or incident that prevented access to company data.
Over half of global respondents report that malicious links in spam or phishing emails, hacked devices, and stolen credentials are the most common entry points for cyber attacks.
Source: [TechRadar]
Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved
Merck’s long legal battle with its insurers over the damage caused by the infamous NotPetya attack has finally come to an end, with the Merck agreeing to settle with their insurer providers who had refused to pay $699 million of the $1.4 million that was claimed in damages.
The legal battle began when Merck, who did not have cyber insurance, had made a claim under its ‘all-risks’ coverage. In 2022, it was stated that the NotPetya attack “is not sufficiently linked to a military action or objective as it was a non-military cyber attack against an accounting software provider” and in May 2023, this decision was upheld, forcing the insurers to settle.
Source: [Security Week] [Dark Reading]
Mandiant, SEC Lose Control of X Accounts Without 2FA
While security teams are focused on preventing the gamut of different levels of cyber attack sophistication, it can be easy for even the sharpest teams to overlook the simple stuff. This was recently seen when Google’s cyber security operation, Mandiant, temporarily lost control of its account on X (formerly known as Twitter) due to not having two-factor authentication (2FA). A separate high-profile incident also occurred this week, as the US Securities and Exchange Commission (SEC) account on X was hijacked to post a fake announcement about bitcoin, raising its value by 5%.
In March of 2023, X changed the way multi-factor authentication (MFA) worked, so that only premium subscribers have access to it. The two high-profile attacks, which were due to accounts not having MFA, show that cyber criminals are taking advantage of these changes. These incidents serve as a clear reminder that organisations must prioritise even the most fundamental security practices, such as MFA, to protect their digital assets.
Further, the attack on the SEC has opened them to criticism from firms such as SolarWinds who the SEC had previously reprimanded for cyber security failures.
Source: [Dark Reading]
If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis
A question to ask is why, in the event of a data security incident, is there an overwhelming feeling that the company is doomed? Yet when there are other issues, such as internal investigations, the feeling is not as strong. For a lot of companies, these cyber incidents are the first time that their cyber response plan (if they have one at all) is enacted and it is this lack of preparation that causes such a feeling. Companies looking to increase their cyber resilience should look to have and regularly test a cyber incident response plan; you do not want to be in the position of having to learn your plan and deal with a cyber incident at the same time.
Source: [Help Net Security]
82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year
A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them according to a recent report. For many, the issue is caused by a lack of proper remediation solutions; this formed part of the reason why 87% of surveyed organisations reported plans to enhance vulnerability and exposure remediation within the next year. The need increases when considering last year there were more than 28,000 new vulnerabilities; that is the equivalent of nearly 80 every day.
Sources: [Infosecurity Magazine] [SecurityWeek]
Cyber Security is the Number One Priority for the Financial Sector Again
In Softcat's annual Business Tech Priorities Report, the financial sector's tech investments for the coming year have been unveiled. Notably, cyber security remains the top priority for the sector with 55% prioritising cyber security before anything else, reflecting the critical need to protect against the escalating threat landscape. It's important to understand that cyber security is not merely an IT problem; it is a business imperative. As consumers increasingly embrace digital banking, the impact of digitalisation on the financial sector is evident. With cyber incidents on the rise, investment in cyber security, including zero-trust security and AI threat hunting, is imperative for safeguarding not only data but the entire business.
Sources: [The Fintech Times] [Islamic Finance News]
Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’
In 2024, cyber crime marketplaces are expected to surge even more, transitioning every cyber threat further into the “as-a-service” model. The term “as-a-service” refers to the provision of specific functionalities or tools as a service, typically offered on a subscription or pay-as-you-go basis. This allows malicious actors with limited technical skills to launch sophisticated attacks. This trend was already being spotted at the end of 2023 as a report found that 73% of all internet traffic is currently composed of malicious bots and related fraud farm activities. This highlights the need for organisations to have accurate threat intelligence and analysis to understand the digital terrain ahead of these continued and expanding “as-a-service” threats.
Source: [Security Boulevard]
Governance, Risk and Compliance
If you prepare, a data security incident will not cause an existential crisis - Help Net Security
IFN – Cyber Security: Not an IT problem, but a business one (islamicfinancenews.com)
The cost of dealing with a cyber attack doubled last year | TechRadar
Board Priorities 2024: Cyber preparedness & resilience - Lexology
Boardrooms on notice: Cyber security oversight more important than ever (securitybrief.co.nz)
Why cyber security and risk management are crucial for growth | World Economic Forum (weforum.org)
How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard
The expanding scope of CISO duties in 2024 - Help Net Security
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
The Reality Of Cyber In 2024: What Dangers Do Businesses Face? - Minutehack
Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)
The power of basics in 2024's cyber security strategies - Help Net Security
Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)
Threats
Ransomware, Extortion and Destructive Attacks
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
British Library ransomware cyber attack ‘set to cost £7million’ (yahoo.com)
There is a Ransomware Armageddon Coming for Us All (thehackernews.com)
Ransomware victims targeted in follow-on extortion attacks • The Register
Swatting: The new normal in ransomware extortion tactics • The Register
Another top US mortgage firm hit by major cyber attack | TechRadar
Capital Health attack claimed by LockBit ransomware, risk of data leak (bleepingcomputer.com)
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Babuk ransomware decryptor updated with Tortilla support • The Register
"Security researcher" offers to delete data stolen by ransomware attackers - Help Net Security
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)
Finland warns of Akira ransomware wiping NAS and tape backup devices (bleepingcomputer.com)
Ransomware payment ban: Wrong idea at the wrong time • The Register
Ransomware Victims
In $1.4B coverage over cyber attack, Merck settles with insurers (fiercepharma.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
British Library says final cost of cyber attack is ‘not confirmed’ | Evening Standard
Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals - Neowin
Mortgage firm loanDepot cyber attack impacts IT systems, payment portal (bleepingcomputer.com)
Toronto Zoo: Ransomware attack had no impact on animal wellbeing (bleepingcomputer.com)
LockBit ransomware gang claims the attack on Capital Health (securityaffairs.com)
Fidelity National Financial says hackers stole data on 1.3 million customers | TechCrunch
HMG Healthcare Says Data Breach Impacts 40 Facilities - Security Week
Full reopening of Isle of Man dentist delayed by 'serious cyber attack' | iomtoday.co.im
Ransomware wrecks Paraguay’s largest telco (databreaches.net)
Phishing & Email Based Attacks
Uncovering the hidden dangers of email-based attacks - Help Net Security
Framework discloses data breach after accountant gets phished (bleepingcomputer.com)
Female cyber pros group targeted in phishing scam | IT Business
Artificial Intelligence
Adapting Security to Protect AI/ML Systems (darkreading.com)
NIST identifies AI cyber security vulnerabilities (iapp.org)
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week
Why Cyber Security Is Foundational To AI Safety (forbes.com)
FTC offers $25,000 prize for detecting AI-enabled voice cloning (bleepingcomputer.com)
The growing challenge of cyber risk in the age of synthetic media - Help Net Security
Securing AI systems against evasion, poisoning, and abuse - Help Net Security
Staying One Step Ahead of Hackers When It Comes to AI | WIRED
New AI tools spawn fears of greater 2024 election threats, survey finds - Nextgov/FCW
AI discovers that not every fingerprint is unique (techxplore.com)
VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)
2FA/MFA
Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
Malware
A new macOS backdoor could let hackers hijack your device without you knowing | TechRadar
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months (bleepingcomputer.com)
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)
SpectralBlur: New macOS Backdoor Threat from North Korean Hackers (thehackernews.com)
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)
Stuxnet: The malware that cost a billion dollars to develop? • Graham Cluley
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Linux devices are under attack by a never-before-seen worm | Ars Technica
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)
Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (thehackernews.com)
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)
Mobile
CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)
Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week
Internet of Things – IoT
Coming Soon to a Network Near You: More Shadow IoT - Security Week
The Connection Between Alaska Airlines, Blown Out Windows, and IoT Security - Security Boulevard
Surveyed drivers prefer low-tech cars over data-sharing ones • The Register
VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)
Data Breaches/Leaks
Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected - Security Week
Framework discloses data breach after accountant gets phished (bleepingcomputer.com)
2.2 billion records compromised by security incidents In Dec 2023 (itsecuritywire.com)
Texas-based care provider HMG Healthcare says hackers stole unencrypted patient data | TechCrunch
Midwives clinic takes nine months to deliver news of data breach (bitdefender.com)
Organised Crime & Criminal Actors
Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’ - Security Boulevard
Cyber Attacks Drain $1.84bn from Web3 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)
Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)
Move Over, APTs: Common Cyber Criminals Begin Critical Infrastructure Targeting (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
What Is Cryptojacking, and Why Is Higher Education Being Targeted? | EdTech Magazine
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)
Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)
Cryptocurrency community lost over $100 million last week (coinpaper.com)
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)
Child Abusers Are Getting Better at Using Crypto to Cover Their Tracks | WIRED
Insider Risk and Insider Threats
Insurance
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
2024 Cyber Insurance Requirements Predictions (trendmicro.com)
Supply Chain and Third Parties
Cloud/SaaS
SaaS cyber crime levels are expected to rise this year - Digital Journal
Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears - Security Week
Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)
Identity and Access Management
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
What is credential stuffing and how do you keep your accounts safe from it (engadget.com)
Social Media
Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Fake Recruiters Defraud Facebook Users via Remote Work Offers (darkreading.com)
Sexual assault in the metaverse investigated by British police • Graham Cluley
Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)
Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)
Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)
Coinbase Offers SEC Security Assistance After X Account Hack (beincrypto.com)
Malvertising
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)
Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)
Regulations, Fines and Legislation
US DOD’s CMMC 2.0 rules lift burdens on MSPs, manufacturers | CSO Online
SEC Speech on Cyber Security Disclosure | Paul Hastings LLP - JDSupra
What does the EU’s Cyber Security Regulation aim to achieve? (siliconrepublic.com)
SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)
SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)
Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)
Cyber Criminal Whistleblowers will Get Smarter - Security Boulevard
Ofcom poaches Big Tech staff in push to enforce new internet curbs (ft.com)
Cyber Security | UK Regulatory Outlook January 2024 - Osborne Clarke | Osborne Clarke
Models, Frameworks and Standards
NIST identifies AI cyber security vulnerabilities (iapp.org)
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)
Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
Nation State Actors
China
AI is helping US spies catch stealthy Chinese hacking ops, NSA official says | CyberScoop
Bribed US Navy sailor sold secrets to China for just $14k • The Register
China Claims It Caught a Foreign Consultant Spying for UK’s MI6 | TIME
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Security Week
Russia
Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)
Military briefing: Russia has the upper hand in electronic warfare with Ukraine (ft.com)
Russia's Sandworm blamed for Kyivstar telecom cyber attack • The Register
Ukraine is on the front lines of global cyber security - Atlantic Council
Iran
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)
Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)
Investigation on Stuxnet malware triggers doubt | SC Media (scmagazine.com)
North Korea
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)
South Korea's technological superiority challenged by North Korea's cyber attacks - The Korea Times
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies (thehackernews.com)
Turkish Hackers Target Microsoft SQL Servers in Americas, Europe - Security Week
Young Britons exposed to online radicalisation following Hamas attack - BBC News
Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)
Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)
CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)
Vulnerability Management
Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs - Security Week
Researchers develop technique to prevent software bugs - Help Net Security
Best Practices for Vulnerability Scanning: When and How Often to Perform - Security Boulevard
Vulnerabilities
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs (bleepingcomputer.com)
Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws (securityaffairs.com)
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security (darkreading.com)
Ivanti warns of Connect Secure zero-days exploited in attacks (bleepingcomputer.com)
Cisco Patches Critical Vulnerability in Unity Connection Product - Security Week
KyberSlash attacks put quantum encryption projects at risk (bleepingcomputer.com)
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Security Week
CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA
Attacks aimed at vulnerable Apache RocketMQ servers underway | SC Media (scmagazine.com)
Fortinet Releases Security Updates for FortiOS and FortiProxy | CISA
Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager (thehackernews.com)
Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Security Week
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week
CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack (thehackernews.com)
CISA Urges Patching of Exploited SharePoint Server Vulnerability - Security Week
Over 150k WordPress sites at takeover risk via vulnerable plugin (bleepingcomputer.com)
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) - Help Net Security
Tools and Controls
Why Red Teams Can't Answer Defenders' Most Important Questions (darkreading.com)
Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cyber Security - Security Week
Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)
APIs are increasingly becoming attractive targets - Help Net Security
Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center
Insufficient Internal Network Monitoring in Cyber Security - Security Boulevard
Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)
How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard
Embracing offensive cyber security tactics for defence against dynamic threats - Help Net Security
Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)
Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)
2024 Cyber Insurance Requirements Predictions (trendmicro.com)
Exposed Secrets are Everywhere. Here's How to Tackle Them (thehackernews.com)
Other News
SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)
SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)
Cyber Focused FBI Agents Deploy to Embassies Globally (darkreading.com)
A cyber attack hit the Beirut International Airport (securityaffairs.com)
Cyber attacks on Island ‘are mostly from Russia’ - Jersey Evening Post
Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center
Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)
Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)
It’s 2024. Time to Have Attribution Standards in Cyber Space - OODA Loop
Protecting Critical Infrastructure Means Getting Back to Basics (darkreading.com)
6 of the biggest threats banks faced in 2023 | American Banker
US to hospitals: Meet security standards or no federal money • The Register
Hospitals Must Treat Patient Data and Health With Equal Care (darkreading.com)
Cyber Security Risk Mitigation for Law Firms in 2024 | US Legal Support - JDSupra
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 09 December 2022
Black Arrow Cyber Threat Briefing 09 December 2022:
-Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime
-Cyber Security Resilience Emerges as Top Priority as 62% of Companies Say Security Incidents Impacted Business Operations
-Cyber Security Should Focus on Managing Risk
-Fear of Cyber Attacks Drives SMBs to Spend More on Software
-Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices
-Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold
-Automated Dark Web Markets Sell Corporate Email Accounts For $2
-Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack
-Security Concerns Scupper Deals for Two-Thirds of Firms
-Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime
Norton released its top cyber trends to watch in 2023, emphasising that the economy will have the greatest impact on the spread of cyber crime next year. Experts predict the pressures associated with economic uncertainty and rising costs will create the perfect environment for scammers to take advantage of people when they are more vulnerable.
It’s expected that cyber criminals will trick victims into surrendering personal information, emptying their bank accounts, or spending money for products, services or “lottery winnings” that never arrive. “We anticipate scammers will continue to prey on the vulnerability of people as economic pressures rise in 2023,” said Norton.
“Cyber criminals love to exploit seasonal opportunities, and consumers are facing a perfect storm of rising prices in the middle of the busiest shopping season of the year when scammers are particularly active. Scams are always harder to detect during the holiday season because consumers expect deep discounts and may believe prices that would normally seem too good to be true. This year, inflation and other unfavourable macroeconomic factors are likely to make people particularly eager to find good deals and they may therefore be at greater risk than in previous years. Taking a few proactive steps today could help you to be safer all year long.”
https://www.helpnetsecurity.com/2022/12/06/economic-uncertainty-cybercrime/
Cyber Security Resilience Emerges as Top Priority, as 62% of Companies Say Security Incidents Impacted Business Operations
Cyber security resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest edition of Cisco's annual Security Outcomes Report.
Resilience has emerged as a top priority as a staggering 62 percent of organisations surveyed said they had experienced a security event that impacted business in the past two years. The leading types of incidents were network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).
These incidents resulted in severe repercussions for the companies that experienced them, along with the ecosystem of organisations they do business with. The leading impacts cited include IT and communications interruption (62.6 percent), supply chain disruption (43 percent), impaired internal operations (41.4 percent) and lasting brand damage (39.7 percent).
With stakes this high, it is no surprise that 96 percent of executives surveyed for the report said that security resilience is high priority for them. The findings further highlight that the main objectives of security resilience for security leaders and their teams are to prevent incidents, and mitigate losses when they occur.
Technology is transforming businesses at a scale and speed never seen before. While this is creating new opportunities, it also brings with it challenges, especially on the security front. To be able to tackle these effectively, companies need the ability to anticipate, identify, and withstand cyber threats, and if breached be able to rapidly recover from one. That is what building resilience is all about.
Security, after all, is a risk business. As companies don't secure everything, everywhere, security resilience allows them to focus their security resources on the pieces of the business that add the most value to an organisation, and ensure that value is protected.
Cyber Security Should Focus on Managing Risk
Preventing all data breaches is an unrealistic goal. Instead, focus on finding and minimising the greatest risks.
There is a common misconception that all problems have clear, straightforward solutions — as long as you look hard enough. While this is a bold and ambitious goal, it's misguided when applied to cyber security. Organisations cannot prevent data breaches or cyberattacks altogether, and avoiding a breach or cyber incident is nearly impossible in the modern era. Organisations can, however, take steps to reduce an attack's negative impacts.
Eradicating risk is an impractical goal because you cannot "solve" something that constantly changes. To understand the risks you need to think like an attacker.
Threat actors are, first and foremost, opportunistic. They will always look for the easiest targets to maximise their financial gain. So intimately understanding an organisation's level of risk is the first step to managing and reducing it — and making yourself less of a target.
In line with Verizon’s "Data Breach Investigations Report" (DBIR) the four critical ways that threat actors most frequently use to compromise organisations large and small are credential compromise, phishing, vulnerability exploitation, and botnets, and these are the areas organisations should look reduce risks.
https://www.darkreading.com/edge-articles/cybersecurity-should-focus-on-managing-risk
Fear of Cyber Attacks Drives SMBs to Spend More on Software
Despite fears of a looming recession, small and medium sized businesses (SMBs) are spending more on software in 2023, according to Capterra’s 2023 SMB Software Buying Trends Survey. 75% of US SMBs estimate they’ll spend more on software in 2023 compared to 2022.
Alongside increased software budgets, Capterra’s survey of over 500 SMBs reveals four other major trends in software buying behaviours and challenges that will impact businesses in 2023:
Fearful of cyber attacks, US businesses rate security as a top motivator for software purchases
Implementation concerns are SMBs’ biggest purchase barrier
Most SMB software purchases are solely handled by IT, disregarding other important stakeholders
Customer reviews sway purchase decisions, and verified reviews are critical
Despite the expected increase in software investments, many US SMBs regret their technology purchases. 61% of US SMBs say they have buyer’s remorse over a technology purchase in the past 12-18 months. Inadequate support services (39%) and higher-than-anticipated costs (34%) are the top reasons behind such regrets.
https://www.helpnetsecurity.com/2022/12/07/smbs-software-spending-2023/
Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices
Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cyber security specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages.
“Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads the report. Trustwave further added that scammers typically obtain mobile numbers from data breaches, social media and data brokers, among other methods. After that, attackers ask victims for a wire transfer, send a copy of an aging report or change a payroll account, luring them into paying for something that should be reimbursed later (but never will).
BEC attacks will always be here so long as they remain profitable. Their continued profitability proves that employee cyber security behaviour is neglected and mismanaged by the compliance-based approach to security awareness.
Security culture needs a reformation that begins with transforming the human layer into an asset which, when empowered by the right training and platform, augments the protect-detect-respond pillars of the [National Institute of Standards and Technology] NIST framework.
Trustwave’s findings were also confirmed in SlashNext’s State of Phishing 2022 report, which recently highlighted a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads. The document also suggested 83% of organisations reported that mobile device threats had been growing more quickly than other device threats.
https://www.infosecurity-magazine.com/news/bec-attacks-expand-toward-mobile/
Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold
Ransomware groups are getting their acts together, growing in sophistication and business acumen while monetising ransomware beyond encryption, including double and triple extortion, as the market for ransomware-as-a-service (RaaS) matures.
In first half of 2022, LockBit, Conti, Alphv, Black Basta, and Vice Society were among the most prolific ransomware gangs, focusing their attack on US-based organisations, according to a LookingGlass report on the topic.
The report confirmed and attributed 1,133 ransomware attacks in the first six months of the year and attributed 207 data leaks across all active threat actor groups throughout the same period. Of the more than 1,300 incidents, the bulk came from the top 15 most active ransomware groups, led by LockBit, Conti, and Alphv.
Ransomware gangs have primarily targeted two sectors during the analysis period: manufacturing and industrial products, followed by engineering and construction and healthcare and life sciences, with the consumer and retail industry rounding out the top five.
The report highlighted the rise of sophisticated software and networks as a principal contributor to the professionalisation of ransomware, with malicious actors now offering RaaS, bug bounties, sales teams, and even customer support.
“This new, more professional ransomware structure can only mean that the problem will continue to grow in the months ahead," the report noted. "We anticipate the adoption of more traditional business practices as the underground economy continues to remain robust”.
Automated Dark Web Markets Sell Corporate Email Accounts For $2
Cyber crime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.
Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.
The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organisations.
Typically, these accounts were stolen via password cracking (brute-forcing) or credential stuffing, had their credentials stolen through phishing, or were bought from other cyber criminals.
Hackers use their access to corporate email accounts in targeted attacks like business email compromise (BEC), social engineering, spear-phishing, and deeper network infiltration.
Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack
Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.
While the company is still investigating the incident and is working on bringing affected systems back online, it says that cyber criminals might also take advantage and exploit this incident for their own purposes.
"If you do receive a message from an individual you do not recognise, do not reply. Please login to your control panel and create a ticket, including details about the message you received," Rackspace said. "We understand that contact such as this may be alarming, but we currently have no evidence to suggest that you are at increased risk as a result of this direct contact."
Rackspace added that customers could easily spot scammers attempting to steal their sensitive information since:
Emails from Rackspace will be sent from @rackspace.com emails (although attackers might still use a spoofed email address and redirect their targets to a landing phishing page)
Rackspace support will not ask for login credentials or personal information (e.g., social security number, driver's license) during phone calls
Even though the company is yet to reveal if it has any evidence that the attackers have stolen data from its systems during the breach, customers were advised to remain vigilant and monitor their credit reports and banking account statements for suspicious activity.
Some customers are also reporting an increase in phishing emails impersonating Rackspace since the ransomware attack. Those affected by the Rackspace ransomware attack and outage should not open any suspicious email attachments or click any suspicious links.
Security Concerns Scupper Deals for Two-Thirds of Firms
Two-thirds (67%) of global organisations have admitted to losing out on acquiring potential customers due to concerns about their security posture, according to LogRhythm.
The security vendor polled 1175 security professionals and executives across five continents to compile its latest report, The State of the Security Team 2022. It found that security due diligence among customers and partners is increasingly rigorous.
Some 91% of respondents said that their security strategy must now align with customers’ security policies and standards, while 85% claimed their company must provide proof that they meet partners’ security requirements.
There was more worrying news from the report: 70% of respondents reported an increase in workplace stress for security teams, with nearly a third (30%) citing a “significant” increase. Among the key stress factors highlighted in the study were growing attack sophistication, greater responsibilities and increasing attack frequency.
Two-fifths (41%) claimed that better integrated solutions would help to relieve these pressures, while a similar number (42%) pointed to the need for more experienced security professionals. The latter would seem unlikely, given the coming recession’s likely impact on budgets, and persistent industry skills shortages. The gap is now 3.4 million globally, including 56,800 in the UK, a massive 73% year-on-year increase, according to ISC2.
https://www.infosecurity-magazine.com/news/security-concerns-scupper-deals/
Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks
Microsoft is gearing up for a slew of Russian cyber attacks this winter, and warns others to stay vigilant. Between missiles, drones, and cyber attacks the onslaught against Ukraine has been a brutal one, and reportedly only set to get worse in the coming months.
"Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support," says Microsoft in a recent blog post. "Recent attacks in Poland suggest that Russian state-sponsored cyber attacks may increasingly be used outside Ukraine in an effort to undermine foreign-based supply chains."
In late October, Russian forces were pushed from formerly occupied territory, retaliating with missile, drone, and cyber strikes that left much of Kyiv in need of simple running water.
The Russian group known to Microsoft as IRIDIUM (aka Sandworm) is thought to be working with the Russian intelligence service, the GRU, in coordinated efforts to inflict suffering on the people of Ukraine. The group has been at large for almost a decade, as Microsoft notes, "Following Russia’s annexation of Crimea in 2014, IRIDIUM launched a series of wintertime operations against Ukrainian electricity providers, cutting power to hundreds of thousands of citizens in 2015 and 2016."
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Professionalization Grows as RaaS Takes Hold (darkreading.com)
Medibank share price slumps ahead of major shutdown and cyber security overhaul (fool.com.au)
Rackspace confirms ransomware behind days-long email outage • The Register
Vice Society: Profiling a Persistent Threat to the Education Sector (paloaltonetworks.com)
Wiper, Disguised as Fake Ransomware, Targets Russian Orgs (darkreading.com)
Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica
Rackspace rocked by ‘security incident’ in hosted Exchange • The Register
Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware (thehackernews.com)
Understanding NIST CSF to assess your organisation's Ransomware readiness (thehackernews.com)
New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security
South Pacific vacations may be wrecked by ransomware • The Register
Gartner: 5 Considerations for I&O Leaders Planning Against Ransomware Attacks - IT Security Guru
Intersport Data Posted On Hive Dark Web Blog - Information Security Buzz
Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022 (thehackernews.com)
Education sector hit by Hive ransomware in November | TechTarget
Ransomware attack forces French hospital to transfer patients (bleepingcomputer.com)
CommonSpirit Health ransomware attack exposed data of 623,000 patients (bleepingcomputer.com)
Ransomware Gang Steals Employee and Customer Data From LJ Hooker (vice.com)
Phishing & Email Based Attacks
Rackspace warns of phishing risks following ransomware attack (bleepingcomputer.com)
Phishing in the Cloud: We're Gonna Need a Bigger Boat (darkreading.com)
Phishing scammers impersonate WhatsApp by buying a top ad spot on Google | PC Gamer
How to Recognize Phishing Emails: Cyber security Experts Give Advice - WSJ
Investment Fraud Gang May Have Made $500m - Infosecurity Magazine (infosecurity-magazine.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Infostealer Malware Market Booms, as MFA Fatigue Sets In (darkreading.com)
Hardening Identities With Phish-Resistant MFA (darkreading.com)
'I had £8,000 stolen but Revolut won't refund it' - BBC News
Malware
Infostealer Malware Market Booms, as MFA Fatigue Sets In (darkreading.com)
Malware Authors Inadvertently Take Down Own Botnet (darkreading.com)
Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines (darkreading.com)
Mobile
Code of practice for app store operators and app developers - GOV.UK (www.gov.uk)
Android malware apps with 2 million installs spotted on Google Play (bleepingcomputer.com)
Privacy changes set Apple at odds with UK government over online safety bill | Apple | The Guardian
Android malware infected 300,000 devices to steal Facebook accounts (bleepingcomputer.com)
Android December 2022 security updates fix 81 vulnerabilities (bleepingcomputer.com)
Telcom and BPO Companies Under Attack by SIM Swapping Hackers (thehackernews.com)
Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide (thehackernews.com)
SIM swapper gets 18-months for involvement in $22 million crypto heist (bleepingcomputer.com)
Compromised Android keys used to sign info-stealing malware • The Register
Largest mobile malware marketplace identified by Resecurity in the Dark Web - Security Affairs
Internet of Things – IoT
How IoT is changing the threat landscape for businesses - Help Net Security
What's the Matter with digital trust in smart home devices? - Help Net Security
Security Risks Found in Millions of XIoT Devices - Infosecurity Magazine (infosecurity-magazine.com)
Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities | SecurityWeek.Com
Data Breaches/Leaks
Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED
Personal data of 10,000 Australians found for sale online | 7NEWS
Stolen data of 600,000 Indians sold on bot markets so far - study | Reuters
Organised Crime & Criminal Actors
Of Exploits and Experts: The Professionalization of Cyber Crime (darkreading.com)
Economic uncertainty will greatly impact the spread of cyber crime - Help Net Security
Automated dark web markets sell corporate email accounts for $2 (bleepingcomputer.com)
DHS Cyber Safety Board to review Lapsus$ gang’s hacking tactics (bleepingcomputer.com)
BlackProxies proxy service increasingly popular among hackers (bleepingcomputer.com)
Chart: Cyber crime Expected To Skyrocket in Coming Years | Statista
Metaparasites: The cyber criminals who rip each other off • Graham Cluley
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps (thehackernews.com)
Microsoft: Hackers target cryptocurrency firms over Telegram (bleepingcomputer.com)
UK finalises plans for regulation of ‘wild west’ crypto sector | Financial Times (ft.com)
North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Even cyber criminals fall for online scams: $2.5m last year • The Register
'I had £8,000 stolen but Revolut won't refund it' - BBC News
Suspects arrested for hacking US networks to steal employee data (bleepingcomputer.com)
Australia arrests 'Pig Butchering' suspects for stealing $100 million (bleepingcomputer.com)
Cyber criminals are scamming each other, tipping off law enforcement - Help Net Security
Elon Musk "Freedom Giveaway" crypto scam promoted via Twitter lists (bleepingcomputer.com)
SIM swapper gets 18-months for involvement in $22 million crypto heist (bleepingcomputer.com)
Metaparasites: The cyber criminals who rip each other off • Graham Cluley
Investment Fraud Gang May Have Made $500m - Infosecurity Magazine (infosecurity-magazine.com)
Deepfakes
AML/CFT/Sanctions
Insurance
What you should know when considering cyber insurance in 2023 | CSO Online
Cyber Insurance Policy Underwriting Explained (trendmicro.com)
Dark Web
Supply Chain and Third Parties
Antwerp's city services down after hackers attack digital partner (bleepingcomputer.com)
Transport And Shipping Beware – Supply Chains Under Attack - Information Security Buzz
Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED
Software Supply Chain
Denial of Service DoS/DDoS
3 Types Of DDoS Attack Types You Should Care About - Information Security Buzz
Microsoft warning after DDoS attack disrupts Russian bank • The Register
Cloud/SaaS
Phishing in the Cloud: We're Gonna Need a Bigger Boat (darkreading.com)
How to implement least privilege access in the cloud | TechTarget
Hybrid/Remote Working
Encryption
WhatsApp raises threat of UK shutdown in encryption row (telegraph.co.uk)
Governments want to avert quantum's encryption apocalypse (axios.com)
API
Open Source
Ping of death! FreeBSD fixes crashtastic bug in network tool – Naked Security (sophos.com)
Research reveals where 95% of open source vulnerabilities lie - Help Net Security
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Taiwan bans state-owned devices from running TikTok • The Register
Critical Vulnerabilities Force Twitter Alternative Hive Social Offline | SecurityWeek.Com
Does Hive's Security Problem Make It Unsafe to Use? (lifehacker.com)
Elon Musk "Freedom Giveaway" crypto scam promoted via Twitter lists (bleepingcomputer.com)
US States label TikTok a malicious and menacing threat • The Register
Training, Education and Awareness
Engage your employees with better cyber security training - Help Net Security
Lack of Cyber security Expertise Poses Threat for Public-Safety Orgs (darkreading.com)
4 cyber security predictions for 2023 --- SANS analysts look ahead | VentureBeat
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK finalises plans for regulation of ‘wild west’ crypto sector | Financial Times (ft.com)
What Stricter Data Privacy Laws Mean for Your Cyber security Policies (thehackernews.com)
Governance, Risk and Compliance
Cyber security Risk Management In The Real World - Information Security Buzz
Economic uncertainty will greatly impact the spread of cyber crime - Help Net Security
Models, Frameworks and Standards
Understanding NIST CSF to assess your organisation's Ransomware readiness (thehackernews.com)
PCI Secure Software Standard 1.2 released - Help Net Security
How compliance leaders can encourage employees to report misconduct - Help Net Security
The changing role of the MITRE ATT@CK framework | CSO Online
Don't Wait to Become CMMC Compliant - Information Security Buzz
Three Ways to Improve Defence Readiness Using MITRE D3FEND | SecurityWeek.Com
Data Protection
Remote workers losing laptops are bigger threat to companies than hackers (telegraph.co.uk)
How companies time data leak disclosures - Help Net Security
What Stricter Data Privacy Laws Mean for Your Cyber security Policies (thehackernews.com)
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Suspects arrested for hacking US networks to steal employee data (bleepingcomputer.com)
Australia arrests 'Pig Butchering' suspects for stealing $100 million (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Apple Faces Critics Over Its Privacy Policies | SecurityWeek.Com
Privacy changes set Apple at odds with UK government over online safety bill | Apple | The Guardian
Apple announces new security and privacy measures amid surge in cyber-attacks | Apple | The Guardian
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
NATO Readies for Cyber War: Simulation Shows Unified Front Against Attack - MSSP Alert
Microsoft warns of Russian cyber attacks throughout the winter (bleepingcomputer.com)
Microsoft warning after DDoS attack disrupts Russian bank • The Register
Russian Espionage APT Callisto Focuses on Ukraine War Support Organisations | SecurityWeek.Com
Russian Actors Use Compromised Healthcare Networks Against Ukrainian Orgs (darkreading.com)
Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict (substack.com)
Nation State Actors
Nation State Actors – Russia
Microsoft encourages 'strong cyber hygiene' in light of increasing Russian cyber attacks | PC Gamer
Russian Hackers Spotted Targeting US Military Weapons and Hardware Supplier (thehackernews.com)
The surprising ineffectiveness of Russia’s cyber-war | The Economist
Nation State Actors – China
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks (thehackernews.com)
Chinese hackers stole millions worth of US COVID relief money, Secret Service says | Reuters
Amnesty International Canada breached by suspected Chinese hackers (bleepingcomputer.com)
China Operates More Than 100 Secret 'Police Stations' Globally: Report (businessinsider.com)
US Congress rolls back proposal to restrict use of Chinese chips | Computerworld
Nation State Actors – North Korea
North Korean tech freelancers' earnings fund nukes, missiles • The Register
North Korean Hackers Spread AppleJesus Malware Disguised as Cryptocurrency Apps (thehackernews.com)
Google Documents IE Browser Zero-Day Exploited by North Korean Hackers | SecurityWeek.Com
APT37 Uses Internet Explorer Zero-Day to Spread Malware (darkreading.com)
Google: State hackers still exploiting Internet Explorer zero-days (bleepingcomputer.com)
North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News
Nation State Actors – Iran
Vulnerabilities
Attackers take over expired domain to deliver web skimming scripts - Help Net Security
Google discovers Windows exploit framework used to deploy spyware (bleepingcomputer.com)
Cisco discloses high-severity IP phone bug with exploit code (bleepingcomputer.com)
Google Chrome emergency update fixes 9th zero-day of the year (bleepingcomputer.com)
Google Documents IE Browser Zero-Day Exploited by North Korean Hackers | SecurityWeek.Com
For Cyber attackers, Popular EDR Tools Can Turn into Destructive Data Wipers (darkreading.com)
A new Linux flaw can be chained with other two bugs to gain full root privileges - Security Affairs
Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities | SecurityWeek.Com
Google Chrome Flaw Added to CISA Patch List (darkreading.com)
Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS | SecurityWeek.Com
Research reveals where 95% of open source vulnerabilities lie - Help Net Security
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)
Google: State hackers still exploiting Internet Explorer zero-days (bleepingcomputer.com)
APT37 Uses Internet Explorer Zero-Day to Spread Malware (darkreading.com)
WAFs of Several Major Vendors Bypassed With Generic Attack Method | SecurityWeek.Com
Google Chrome zero-day exploited in the wild (CVE-2022-4262) - Help Net Security
Sophos fixed a critical flaw in its Sophos Firewall version 19.5 - Security Affairs
Tools and Controls
Security pros feel threat detection and response workloads have increased - Help Net Security
Single Sign-on: It's Only as Good as Your Ability to Use It (darkreading.com)
Leveraging the full potential of zero trust - Help Net Security
Understanding malware analysis and its challenges | TechTarget
Using XDR to Consolidate and Optimize Cyber security Technology (thehackernews.com)
Reports Published in the Last Week
Other News
Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet | SecurityWeek.Com
Where Advanced Cyber attackers Are Heading Next: Disruptive Hits, New Tech (darkreading.com)
43 Trillion Security Data Points Illuminate Our Most Pressing Threats (darkreading.com)
7 reasons why you must embed trust into the core of your business - Help Net Security
Risky online behaviour ‘almost normalised’ among young people, says study | Internet | The Guardian
Top 7 factors boosting enterprise cyber security resilience - Help Net Security
Machine Learning Models: A Dangerous New Attack Vector (darkreading.com)
Consumers want convenience without sacrificing security - Help Net Security
4 cyber security predictions for 2023 --- SANS analysts look ahead | VentureBeat
3 of the Worst Data Breaches in the World That Could Have Been Prevented - Security Affairs
Removing the Barriers to Security Automation Implementation | SecurityWeek.Com
Cyber security Should Focus on Managing Risk (darkreading.com)
Deal with sophisticated bot attacks: Learn, adapt, improve - Help Net Security
Want to detect Cobalt Strike? Look to process memory • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 14 October 2022
Black Arrow Cyber Threat Briefing 14 October 2022:
-Ransomware Report: Most Organisations Unprepared for an Attack, Lack Incident Playbook, Research Finds
-LinkedIn Scams, Fake Instagram Accounts Hit Businesses, Execs
-Study Highlights Surge in Identity Theft and Phishing Attacks
-Increase in Cyber Liability Insurance Claims as Cyber Crime Skyrockets
-UK Government Urges Action to Enhance Supply Chain Security
-For Most Companies Ransomware Is the Scariest Of All Cyber Attacks
-EDR Is Not a Silver Bullet
-Attackers Use Automation to Speed from Exploit to Compromise
-Rising Premiums, More Restricted Cyber Insurance Coverage Poses Big Risk for Companies
-Why CISO Roles Require Business and Technology Savvy
-Wi-Fi Spy Drones Used to Snoop on Financial Firm
-Magniber Ransomware Attacking Individuals and Home Users
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Report: Most Organisations Unprepared for an Attack, Lack Incident Playbook, Research Finds
Some organisations have made significant improvements to their ransomware readiness profile in the last year, Axio said in a newly released report. However, a lack of fundamental cyber security practices and controls, inadequate vulnerability patching and employee training continues to leave ransomware defences lacking in potency.
Axio’s report reveals that only 30% of organisations have a ransomware-specific playbook for incident management in place. In 2021’s report Axio, maker of a cloud-based cyber management software platform, identified seven key areas emerged where organisations were deficient in implementing and sustaining basic cyber security practices.
The same patterns showed up in the 2022 report:
Managing privileged access.
Improving basic cyber hygiene.
Reducing exposure to supply chain and third-party risk.
Monitoring and defending networks.
Managing ransomware incidents.
Identifying and addressing vulnerabilities in a timely manner.
Improving cyber security training and awareness.
Overall, most organisations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include:
The number of organisations with a functional privileged access management solution in place increased by 10% but remains low at 33% overall.
Limitations on the use of service and local administrator accounts remain average overall, with nearly 50% of organisations reporting implementing these practices.
Approximately 40% of organisations monitor third-party network access, evaluate third-party cyber security posture, and limit the use of third-party software.
Less than 50% of respondents implement basic network segmentation and only 40% monitor for anomalous connections.
Critical vulnerability patching within 24 hours was reported by only 24% of organisations.
Active phishing training has improved but is still not practiced by 40% of organisations.
LinkedIn Scams, Fake Instagram Accounts Hit Businesses, Execs
Business owners with public social media accounts are easy targets for scammers who lift information to create fake accounts. The arduous process for removing fraudulent accounts leaves victims frustrated and vulnerable to further data privacy issues. Victims say platform providers, particularly Facebook and Instagram, must improve their responses to reports of fraud.
Impersonation of a brand or executive contributed to more than 40% of all phishing and social media incidents in the second quarter, according to the Agari and Phish Labs Quarterly Threat Trends and Intelligence Report released in August. Q2 marks the second quarter that impersonation attacks have represented the majority of threats, despite a 6.1% decrease from Q1.
Executive impersonation has been on the rise over the past four quarters — representing more than 15% of attacks, according to the report — as impersonating a corporate figure or company on social media is simple and effective for threat actors.
Thom Singer, CEO for the Austin Technology Council and a public speaker, was recently impersonated on Instagram. A scammer created a fake Instagram account with his name and photos, creating a handle with an extra "r" at the end of Singer. That account appeared to amass over 2,300 followers – nearly as many as Singer's own account – lending to its appearance of authenticity.
He learned of the fake account from a contact who texted to ask if he'd reached out on Instagram, which wasn't a channel Singer typically uses to communicate. Singer reported the fraudulent account using the platform's report button and asked his followers to do the same.
"You can't reach anyone at these platforms, so it takes days to get a fake account removed," Singer said. "These social media sites have no liability, nothing to lose when fraud is happening. They need to up their game and have a better process to get [fraud] handled in a timely manner."
Study Highlights Surge in Identity Theft and Phishing Attacks
A new study from behavioural risk firm CybSafe and the National Cybersecurity Alliance (NCA) has been launched and it highlights an alarming surge in phishing and identity theft attacks.
The report, titled ‘Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors report’, studied the opinions of 3,000 individuals across the US, the UK and Canada towards cyber security and revealed that nearly half (45%) of users are connected to the internet all the time, however, this has led to a surge in identity theft with almost 1 in 4 people being affected by the attack.
Furthermore, 1 in 3 (36%) respondents revealed they have lost money or data due to a phishing attack. Yet the study also revealed that 70% of respondents feel confident in their ability to identify a malicious email, but only 45% will confirm the authenticity of a suspicious email by reaching out to the apparent sender.
When it comes to implementing cyber security best practices, only 33% of respondents revealed they use a unique password for important online accounts, while only 16% utilise passwords of over 12 characters in length. Furthermore, only 18% of participants have downloaded a stand-alone password manager, while 43% of respondents have not even heard of multi-factor authentication.
Increase in Cyber Liability Insurance Claims as Cyber Crime Skyrockets
A cyber insurer, Acuity Insurance, is reporting an increased need for cyber liability insurance across both personal and business policyholders. From June 2021 to June 2022, the insurer saw cyber liability insurance claims on its commercial insurance policies increase by more than 50%. For personal policies, they saw more than a 90% increase in cyber claims being reported in 2021 compared with 2020.
Our lives, homes and businesses are more connected than ever before. Being connected leads to a greater risk of cyber attacks, which aren't covered under standard homeowners or business insurance policies.
The insurance experts caution that everyone is at risk — whether you are a small business owner or an individual — as cyber attacks continue to pose a serious financial threat. From 2019 to 2021, cyber attacks were up 50% from the previous year, according to recent research. Wire fraud and gift card scams are two of the most common types of cyber attacks impacting both businesses and individuals.
Scams involving social engineering are some of the easiest to fall for, as fraudsters exploit a person's trust to obtain money or personal information, which can then be used for unauthorised withdrawals of money. Cyber insurance can protect you from financial loss caused by wire transfer fraud, phishing attacks, cyber extortion, cyberbullying and more, Acuity reported.
While all cyber crimes have a financial impact, fraudulent wire transfers often come with greater losses. Banks are typically not responsible for funds lost as a result of a fraudulent wire transfer inadvertently authorised by the customer. Whether it's a wrongful money transfer by a business or an individual, cyber insurance can help mitigate some of the financial loss caused by these scams.
UK Government Urges Action to Enhance Supply Chain Security
The UK government has warned organisations to take steps to strengthen their supply chain security.
New National Cyber Security Centre (NCSC) guidance has been issued amid a significant increase in supply chain attacks in recent years, such as the SolarWinds incident in 2020. The NCSC cited official government data showing that just over one in 10 businesses review the risks posed by their immediate suppliers (13%), while the proportion covering the wider supply chain is just 7%.
Aimed at medium-to-large organisations, the document sets out practical steps to better assess cyber security across increasingly complex supply chains. This includes a description of typical supplier relationships and ways that organisations are exposed to vulnerabilities and cyber-attacks via the supply chain, and the expected outcomes and key steps needed to assess suppliers’ approaches to security.
The new guidance followed a government response to a call for views last year which highlighted the need for further advice. Supply chain attacks are a major cyber threat facing organisations and incidents can have a profound, long-lasting impact on businesses and customers. With incidents on the rise, it is vital organisations work with their suppliers to identify supply chain risks and ensure appropriate security measures are in place.
https://www.infosecurity-magazine.com/news/uk-government-supply-chain-security/
For Most Companies Ransomware Is the Scariest Of All Cyber Attacks
SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyber attacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.
“No one is safe from cyber attacks — businesses or individuals,” said SonicWall Executive Chairman of the Board Bill Conner. “Today’s business landscape requires persistent digital trust to exist. Supply-chain attacks have dramatically changed the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before.
“It’s likely we’ll see continued acceleration and evolution of ransomware tactics, as well as other advanced persistent threats (APTs), as cyber crime continues to scale the globe seeking both valuable and weak targets.”
Companies are not only losing millions of dollars to unending malware and ransomware strikes, but cyber attacks on essential infrastructure are impacting real-world services. Despite the growing concern of cyber attacks, organisations are struggling to keep pace with the fast-moving threat landscape as they orient their business, networks, data and employees against unwavering cyber attacks.
“The evolving cyber threat landscape has made us train our staff significantly more,” said Stafford Fields, IT Director, Cavett Turner & Wyble. “It’s made us spend more on cyber security. And what scares me is that an end-user can click on something and bring all our systems down — despite being well protected.”
https://www.helpnetsecurity.com/2022/10/12/customers-concerned-ransomware/
EDR Is Not a Silver Bullet
Old lore held that shooting a werewolf, vampire, or even just your average nasty villain with a silver bullet was a sure-fire takedown: one hit, no more bad guy.
As cyber security professionals, we understand – much like folks in the Old West knew – that there are no panaceas, no actual silver bullets. Yet humans gravitate towards simple solutions to complex challenges, and we are constantly (if unconsciously) seeking silver bullet technology.
Endpoint Detection and Response (EDR) tools have become Standard Operating Procedures for cyber security regimes. They are every CIO’s starting point, and there’s nothing wrong with this. In a recent study by Cymulate of over one million tests conducted by customers in 2021, the most popular testing vector was EDR.
Yet cyber security stakeholders should not assume that EDR is a silver bullet. The fact is that EDR’s efficacy and protective prowess as a standalone solution has been slowly diminished over the decade since the term was first coined by Gartner. Even as it became a mainstay of enterprise and SMB/SME security posture – attacks have skyrocketed in frequency, severity, and success. Today, EDR is facing some of its greatest challenges, including threats laser-targeting EDR systems like the highly-successful Grandoiero banking trojan.
While EDR should not be your only line of defence against advanced threats, including it in a defence solution array is paramount. It should be installed on all organisational servers – including Linux-based ones. Yet installation is not enough. Your organisation is at significant risk if the underlying OS and EDR are not both implemented and fine-tuned.
https://www.helpnetsecurity.com/2022/10/11/edr-is-not-a-silver-bullet/
Attackers Use Automation to Speed from Exploit to Compromise
A report from Laceworks examines the cloud security threat landscape over the past three months and unveils the new techniques and avenues cyber criminals are exploiting for profit at the expense of businesses. In this latest edition, the Lacework Labs team found a significantly more sophisticated attacker landscape, with an increase in attacks against core networking and virtualisation software, and an unprecedented increase in the speed of attacks following a compromise. Key trends and threats identified include:
Increased speed from exposure to compromise: Attackers are advancing to keep pace with cloud adoption and response time. Many classes of attacks are now fully automated to capitalise on timing. Additionally, one of the most common targets is credential leakage. In a specific example from the report, a leaked AWS access key was caught and flagged by AWS in record time. Despite the limited exposure, an unknown adversary was able to log in and launch tens of GPU EC2 instances, underscoring just how quickly attackers can take advantage of a single simple mistake.
Increased focus on infrastructure, specifically attacks against core networking and virtualisation software: Commonly deployed core networking and related infrastructure consistently remains a key target for adversaries. Core flaws in infrastructure often appear suddenly and are shared openly online, creating opportunities for attackers of all kinds to exploit these potential targets.
Continued Log4j reconnaissance and exploitation: Nearly a year after the initial exploit, the Lacework Labs team is still commonly observing vulnerable software targeted via OAST requests. Analysis of Project Discovery (interact.sh) activity revealed Cloudflare and DigitalOcean as the top originators.
Rising Premiums, More Restricted Cyber Insurance Coverage Poses Big Risk for Companies
Among the many consequences of the rising number of costly data breaches, ransomware, and other security attacks are pricier premiums for cyber security insurance. The rise in costs could put many organisations out of the running for this essential coverage, a risky proposition given the current threat landscape.
Cyber insurance is a type of specialty insurance that protects organisations against a variety of risks related to information security attacks such as ransomware and data breaches. Ordinarily, these types of risks aren’t included with traditional commercial general liability policies or are not specifically defined in these insurance plans.
Given the rise in attacks, the growing sophistication of these incidents and the potential financial impact, having cyber insurance coverage has become critical for many organisations. Premiums for these plans have been on the rise because of the increase in security-related losses and rising demand for coverage.
Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 compared with the fourth quarter of 2021, according to the Council of Insurance Agents & Brokers (CIAB), an association for commercial insurance and employee benefits intermediaries.
Among the primary drivers for the continued price increases were a reduced carrier appetite for the risk and high demand for coverage, CIAB said. The high demand for cyber coverage is in part fueled by greater awareness among companies of the threat cyber risk poses for businesses of all sizes, it said.
https://www.cnbc.com/2022/10/11/companies-are-finding-it-harder-to-get-cyber-insurance-.html
Why CISO Roles Require Business and Technology Savvy
Listening and communicating to both the technical and business sides is critical to successfully leading IT teams and business leaders to the same end-goal.
Of all the crazy postings that advertise for CISO jobs, the one asking for a CISO to code in Python was probably the most outrageous example of the disconnect about a CISO’s role, says Joe Head, CISO search director at UK-based search firm, Intaso. This was a few years ago, and one can only guess that the role had been created by a technologist who didn’t care about or didn’t understand the business — or, inversely by a businessperson who didn’t understand enough about technology.
In either case, the disconnect is real. However, Head and other experts say that when it comes to achieving the true, executive role and reporting to the CEO and board, business skills rule. That doesn’t mean, however, that most CISOs know nothing about technology, because most still start out with technology backgrounds.
In the 2022 CISO survey by executive placement firm, Heidrick & Struggles, most CISOs come from a functional IT background that reflects the issues of the time. For example, in 2022 10% of CISOs came from software engineering backgrounds, which tracks with the White House directive to protect the software supply chain. The report notes that the majority of CISOs have experience in the financial services industry, which has a low risk tolerance and where more money is spent on security.
The survey also indicates that only a small core of CISOs (working primarily for the Fortune 500) rise to the executive level with the combination of business and technical responsibilities that come with the role. In it, more than two-thirds of CISOs responding to the survey worked for companies worth over $5 billion. So, instead of bashing a CISO’s lack of IT skills, the real need lies in developing business skills for the technologists coming up the ranks.
Wi-Fi Spy Drones Used to Snoop on Financial Firm
Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place.
The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe, but now these sort of attacks are actually taking place. A security researcher recently recounted an incident that occurred over the summer at a US East Coast financial firm focused on private investment.
The hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company's network. The company's security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. That is to say, the user was active off-site but someone within Wi-Fi range of the building was trying to wirelessly use that user's MAC address, which is a red flag. The team then took steps to trace the Wi-Fi signal and used a Fluke system to identify the Wi-Fi device.
This led the team to the roof, where two modified commercially available consumer drones series were discovered. One drone was in fine condition and had a modified Wi-Fi Pineapple device, used for network penetration testing. The second drone was carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. It had landed near the building's heating and ventilation system and appeared to be damaged but still operable.
During their investigation, they determined that the first drone had originally been used a few days prior to intercept a worker's credentials and Wi-Fi, and this data was then hard coded into the tools that were deployed on the second drone.
https://www.theregister.com/2022/10/12/drone-roof-attack/
Magniber Ransomware Attacking Individuals and Home Users
A recent analysis shows that Magniber ransomware has been targeting home users by masquerading as software updates.
Reports have shown a ransomware campaign isolated by HP Wolf Security in September 2022 saw Magniber ransomware spread. The malware is known as a single-client ransomware family that demands $2,500 from victims. Magniber was previously primarily spread through MSI and EXE files, but in September 2022 HP Wolf Security began seeing campaigns distributing the ransomware in JavaScript files.
HP Wolf Security reported that some malware families rely exclusively on JavaScript, but have done so for some time. Currently, analysts are also seeing more HTML smuggling, such as with Qakbot and IcedID. This technique also makes use of JavaScript to decode malicious content. The only difference is that the HTML file is executed in the context of the browser and therefore usually requires further user interaction.
Remarkably, HP Wolf Security said, the attackers used clever techniques to evade detection, such as running the ransomware in memory, bypassing User Account Control (UAC) in Windows, and bypassing detection techniques that monitor user-mode hooks by using syscalls instead of standard Windows API libraries.
It appears that with the UAC bypass, the malware deletes the infected system’s shadow copy files and disables backup and recovery features, preventing the victim from recovering their data using Windows tools.
Having recently described the ransomware campaign in a recent interview, HP Wolf noted that the infection chain starts with a web download from an attacker-controlled website.
Threats
Ransomware and Extortion
More and more ransomware is just data theft, no encryption • The Register
Magniber ransomware now infects Windows users via JavaScript files (bleepingcomputer.com)
Fake adult sites push data wipers disguised as ransomware (bleepingcomputer.com)
It was LockBit that forced NHS tech supplier to shut down • The Register
Ransomware posing as Windows antivirus update will just empty your wallet | TechRadar
Microsoft: New Prestige ransomware targets orgs in Ukraine, Poland (bleepingcomputer.com)
BlackByte ransomware uses new EDR evasion technique (techtarget.com)
Prevent Ransomware Attacks on Critical Infrastructure (trendmicro.com)
Microsoft Exchange servers hacked to deploy LockBit ransomware (bleepingcomputer.com)
Harvard Business Publishing licensee hit by ransomware - Security Affairs
LockBit affiliates compromise Microsoft Exchange servers to deploy ransomware - Security Affairs
Police tricks DeadBolt ransomware out of 155 decryption keys (bleepingcomputer.com)
Phishing & Email Based Attacks
Caffeine service lets anyone launch Microsoft 365 phishing attacks (bleepingcomputer.com)
A whole load of phishing emails make it past Microsoft Defender, researchers say | TechRadar
Google Forms abused in new COVID-19 phishing wave in the U.S. (bleepingcomputer.com)
US election workers hit with phishing, malware emails • The Register
Cyber criminals are having it easy with phishing-as-a-service - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Malware
How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica
Banks face their 'darkest hour' as crimeware powers up • The Register
Emotet Rises Again With More Sophistication, Evasion (darkreading.com)
QAKBOT Attacks Spike Amid Concerning Cyber Criminal Collaborations (darkreading.com)
Hackers behind IcedID malware attacks diversify delivery tactics (bleepingcomputer.com)
Eternity threat group’s LilithBot: A criminal multitool • The Register
Here's another excellent reason not to browse adult websites at work | TechRadar
Experts analysed the evolution of the Emotet supply chain - Security Affairs
Mobile
Modified WhatsApp App Caught Infecting Android Devices with Malware (thehackernews.com)
Meta uncovers 400 malicious apps on Android and iOS apps | SC Media (scmagazine.com)
‘Zero-Click’ Spyware Emerges as a Menacing Mobile Threat - Bloomberg
Mullvad: Android may leak information when connected to a VPN - gHacks Tech News
Android Security Updates Patch Critical Vulnerabilities | SecurityWeek.Com
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware (thehackernews.com)
Mystery iPhone update patches against iOS 16 mail crash-attack – Naked Security (sophos.com)
Internet of Things – IoT
Data Breaches/Leaks
Client data exfiltrated in Advanced NHS cyber attack (digitalhealth.net)
Mormon Church data stolen in 'state-sponsored' cyber attack • The Register
2K Customer Data Stolen, Sold Online After Support Desk Scam (kotaku.com)
Toyota discloses data leak after access key exposed on GitHub (bleepingcomputer.com)
Fast Company says Executive Board member info was not stolen in attack (bleepingcomputer.com)
State Bar of Georgia Confirms Data Breach Following Ransomware Attack | SecurityWeek.Com
Singtel's second unit faces cyber attack weeks after Optus data breach | Reuters
Zoetop pays $1.9m to settle customer data theft case • The Register
CommonSpirit Health IT still suffering after cyber attack • The Register
Over 80,000 DJI drone IDs exposed in data leak: Report (dronedj.com)
High-Value Targets: String of Aussie Telco Breaches Continues (darkreading.com)
Data of 380K patients compromised in hack of 13 anesthesia practices | SC Media (scmagazine.com)
Australian police secret agents exposed in Colombian data leak (bleepingcomputer.com)
Toyota Reveals Data Leak of 300,000 Customers - Infosecurity Magazine (infosecurity-magazine.com)
Organised Crime & Criminal Actors
INTERPOL arrests ‘Black Axe’ cyber crime syndicate members (bleepingcomputer.com)
Caffeine Phishing-as-a-Service toolkit available in the underground - Security Affairs
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korea's Crypto Hackers Are Paving the Road to Nuclear Armageddon - CNET
Fake Solana Phantom security updates push crypto-stealing malware (bleepingcomputer.com)
'Baby Al Capone' to pay $22m to SIM-swap crypto-heist victim • The Register
Fraud, Scams & Financial Crime
Alternative payment methods are creating new fraud risks - Help Net Security
Prison inmate charged with $11m fraud via cell phone • The Register
Mastercard moves to protect ‘risky and frisky’ transactions • The Register
Deepfakes
AML/CFT/Sanctions
Insurance
Dark Web
Software Supply Chain
Denial of Service DoS/DDoS
US airports' sites taken down in DDoS attacks by pro-Russian hackers (bleepingcomputer.com)
Russian DDoS attack project pays contributors for more firepower (bleepingcomputer.com)
Cloud/SaaS
Encryption
Microsoft Office 365 uses insecure block ciphers • The Register
Microsoft Office 365 email encryption could expose message content (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Training, Education and Awareness
Parental Controls and Child Safety
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
Backup and Recovery
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Vladimir Putin’s hybrid war has begun and the West must be ready | Evening Standard
Internet outages hit Ukraine following Russian missile strikes (bitdefender.com)
Seven 'Creepy' Backdoors Used by Lebanese Cyberspy Group in Israel Attacks | SecurityWeek.Com
Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers (thehackernews.com)
We must tackle Europe’s winter cyber threats head-on – POLITICO
Researchers Detail Malicious Tools Used by Cyber Espionage Group Earth Aughisky (thehackernews.com)
‘Zero-Click’ Spyware Emerges as a Menacing Mobile Threat - Bloomberg
SpaceX’s Starlink terminals in Ukraine back online after outages | Financial Times
Nation State Actors
Nation State Actors – Russia
German Cyber security Chief Accused of Russian Contact Faces Sacking - IT Security Guru
Russian DDoS attack project pays contributors for more firepower (bleepingcomputer.com)
Extreme Networks admits sales to banned Russian arms maker • The Register
Nation State Actors – China
UK Spy Chief to Warn of 'Huge' China Tech Threat | SecurityWeek.Com
China’s attack motivations, tactics, and how CISOs can mitigate threats | CSO Online
China will manipulate new tech for global influence, warns GCHQ boss | Metro News
UK telcos legally required to remove Huawei equipment • The Register
Chinese-linked hackers targeted U.S. state legislature, researchers say - CyberScoop
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems (thehackernews.com)
UK to designate China a ‘threat’ in hawkish foreign policy shift | Foreign policy | The Guardian
WIP19, a new Chinese APT targets IT Service Providers and Telcos - Security Affairs
China-linked Budworm APT returns to target a US entity - Security Affairs
We must tackle China’s satellite-busting technology, says GCHQ chief | News | The Times
GCHQ boss: China could use Digital Yuan to swerve sanctions • The Register
Young people using TikTok is no problem, GCHQ chief says | TikTok | The Guardian
Nation State Actors – North Korea
Nation State Actors – Misc
Vulnerability Management
Vulnerabilities
Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows (darkreading.com)
Microsoft October 2022 Patch Tuesday fixes zero-day used in attacks, 84 flaws (bleepingcomputer.com)
Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched (darkreading.com)
Auth bypass bug in FortiOS, FortiProxy is exploited in the wild (CVE-2022-40684) - Help Net Security
Chrome 106 Update Patches Several High-Severity Vulnerabilities | SecurityWeek.Com
Researchers Detail Windows Zero-Day Vulnerability Patched Last Month (thehackernews.com)
Almost 900 servers hacked using Zimbra zero-day flaw (bleepingcomputer.com)
Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce | SecurityWeek.Com
Aruba fixes critical RCE and auth bypass flaws in EdgeConnect (bleepingcomputer.com)
WordPress Vulnerability In Shortcodes Ultimate Impacts 700,000 Sites (searchenginejournal.com)
Critical Open Source vm2 Sandbox Escape Bug Affects Millions (darkreading.com)
VMware vCenter Server bug disclosed last year still not patched (bleepingcomputer.com)
Other News
Board members should make CISOs their strategic partners - Help Net Security
5 Attack Elements Every Organisations Should Be Monitoring (darkreading.com)
Ukraine’s Starlink problems show the dangers of digital dependency | Financial Times (ft.com)
Here's 5 of the world's riskiest connected devices - Help Net Security
Older, Stored Data Is Cyber Security Risk, Report Warns - MSSP Alert
What the Uber Breach Verdict Means for CISOs in the US (darkreading.com)
Increasing network visibility is critical to improving security posture - Help Net Security
What the Uber Hack can teach us about navigating IT Security (bleepingcomputer.com)
Consumers want more transparency on how companies manage their data - Help Net Security
Gaming Is Booming. That’s Catnip for Cyber criminals. - The New York Times (nytimes.com)
Fear of cyber criminals drives cyber security improvements - Help Net Security
The next Ford Mustang won’t be easy to tune; blame cyber security | Ars Technica
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.