Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 19 January 2024
Black Arrow Cyber Threat Intelligence Briefing 19 January 2024:
-World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
-Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
-Researcher Uncovers One of The Biggest Password Dumps in Recent History
-Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
-75% of Organisations Hit by Ransomware in 2023
-The Dangers of Quadruple Blow Ransomware Attacks
-Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
-It’s a New Year and a Good Time for a Cyber Security Checkup
-Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
-Cyber Threats Top Global Business Risk Concern for 2024
-Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
-With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
-Digital Resilience – a Step Up from Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.
The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.
Sources: [ITPro] [The Debrief]
Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.
However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.
Sources: [ITPro] [Law Society] [Security Brief] [Financial Times] [Infosecurity Magazine]
Researcher Uncovers One of The Biggest Password Dumps in Recent History
Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.
Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.
Source: [Ars Technica]
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.
Source: [Infosecurity Magazine]
75% of Organisations Hit by Ransomware in 2023
A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.
Source: [Infosecurity Magazine]
The Dangers of Quadruple Blow Ransomware Attacks
With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.
This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.
Source: [TechRadar]
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.
Source: [Infosecurity Magazine]
It’s a New Year and a Good Time for a Cyber Security Checkup
2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.
Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.
Source: [JDSupra]
Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.
In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.
Source: [The Hacker News]
Cyber Threats Top Global Business Risk Concern for 2024
Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.
Source: [Insurance Journal]
Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company. When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.
Source: [Quartz]
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.
Source: [Dark Reading]
Digital Resilience: a Step Up from Cyber Security
In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [CSO Online] [Financial Times]
Governance, Risk and Compliance
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Improving Supply Chain Security, Resiliency (informationweek.com)
Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
How to Recover After Failing a Cyber Security Audit - Security Boulevard
Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Security considerations during layoffs: Advice from an MSSP - Help Net Security
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
How to improve cyber resilience across your workforce (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)
3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)
Ransomware causes mental, physical trauma to security pros • The Register
The dangers of quadruple blow ransomware attacks | TechRadar
Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security
TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)
Ransomware negotiation: When cyber security meets crisis management - Help Net Security
Ransomware Victims
Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
British Library to share learning from cyber attack - Museums Association
British Library starts restoring services online after hack - BBC News
British cosmetics firm Lush confirms cyber attack (therecord.media)
Delay to Manx Care dental services after cyber attack - BBC News
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)
A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar
Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)
Phishing & Email Based Attacks
Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar
US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard
Artificial Intelligence
AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)
How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)
Adversaries exploit trends, target popular GenAI apps - Help Net Security
The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
2FA/MFA
Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Malware
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)
Data-theft malware exploits Windows Defender SmartScreen • The Register
MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
5 malware mistakes most people make while traveling and trying to charge (nypost.com)
Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)
Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar
JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard
$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Modernising print security for today’s working world | TechRadar
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Data Breaches/Leaks
Insufficient cyber security caused PSNI data breach (iapp.org)
Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Organised Crime & Criminal Actors
Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard
Illegal online casinos spread crypto-crime across Asia • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)
Illegal online casinos spread crypto-crime across Asia • The Register
Insider Risk and Insider Threats
Insurance
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)
Supply Chain and Third Parties
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
Improving Supply Chain Security, Resiliency (informationweek.com)
Cloud/SaaS
Insurance website's buggy API leaked Office 365 password • The Register
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
3 ways to combat rising OAuth SaaS attacks - Help Net Security
FBI: Beware of cloud-credential thieves building botnets • The Register
Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Researcher uncovers one of the biggest password dumps in recent history | Ars Technica
Insurance website's buggy API leaked Office 365 password • The Register
FBI: Beware of cloud-credential thieves building botnets • The Register
Social Media
Malvertising
Training, Education and Awareness
The right strategy for effective cyber security awareness - Help Net Security
Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard
How to improve cyber resilience across your workforce (ft.com)
Regulations, Fines and Legislation
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
IT consultant in Germany fined for exposing shoddy security • The Register
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK
Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard
Home improvement marketers dial up trouble from regulator • The Register
Models, Frameworks and Standards
10 cyber security frameworks you need to know about - Help Net Security
NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST
Backup and Recovery
Data Protection
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
Careers, Working in Cyber and Information Security
Ransomware causes mental, physical trauma to security pros • The Register
Protecting the protectors: combating stress in the cyber security industry | The Independent
Best practices to mitigate alert fatigue - Help Net Security
Universities not delivering the right skills for cyber security (betanews.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
Nation State Actors
China
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)
Russia
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)
Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)
Russia finds way around sanctions on battlefield tech: report – POLITICO
Moscow imports a third of battlefield tech from western companies (ft.com)
Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
CISA: Critical SharePoint vuln is under active exploitation • The Register
Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)
Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)
VMware Urges Customers to Patch Critical Aria Automation Vulnerability - SecurityWeek
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)
Two more Citrix NetScaler bugs exploited in the wild • The Register
Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Windows 10 security update requires some major changes - experts only need apply | TechRadar
GitLab Patches Critical Password Reset Vulnerability - SecurityWeek
Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek
Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)
New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)
Tools and Controls
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
Key elements for a successful cyber risk management strategy - Help Net Security
Preventing insider access from leaking to malicious actors - Help Net Security
Over 90 percent of organisations set to increase data protection spending (betanews.com)
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
Best practices to mitigate alert fatigue - Help Net Security
Modernising print security for today’s working world | TechRadar
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
Digital nomads amplify identity fraud risks - Help Net Security
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
The right strategy for effective cyber security awareness - Help Net Security
SOC-as-a-Service: The Five Must-Have Features - Security Boulevard
Other News
What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)
How news organisations became a prime target for cyber attacks (pressgazette.co.uk)
UK doubles spending on overseas cyber security projects (ft.com)
Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 June 2022
Black Arrow Cyber Threat Briefing 03 June 2022
-Turbulent Cyber Insurance Market Sees Rising Prices and Sinking Coverage
-Ransomware Attacks Still The #1 Threat to Businesses and Organisations
-Third of UK Firms Have Experienced a Security Breach Since 2020
-There Is No Good Digital Transformation Without Cyber Security
-Ransomware Gang Now Hacks Corporate Websites to Show Ransom Notes
-Attackers Are Leveraging Follina, a Critical Microsoft Windows Vulnerability Affecting Nearly All Versions of Windows and Windows Server. What Can You Do?
-Ransomware Attacks Need Less Than Four Days to Encrypt Systems
-57% Of All Digital Crimes In 2021 Were Scams
-Intelligence Is Key to Strategic Business Decisions
-How Cyber Criminals Are Targeting Executives at Home and Their Families
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Turbulent Cyber Insurance Market Sees Rising Prices And Sinking Coverage
As insurers and brokers reckon with unexpected losses, they're charging more for policies and setting higher requirements.
Chaos reigns in the cyber insurance market. Brokers and cyber insurance carriers — the companies that actually offer the policies — are tightening requirements on what applicants need to do to obtain policies due to losses the insurers have suffered from ransomware coverage. During the past year, premiums grew 18% in the first quarter of 2021 and were up 34% in the fourth quarter of 2021, according to Jess Burn, senior analyst at Forrester.
Organisations often find they cannot obtain cyber insurance, are not being renewed for coverage they already have, or are faced with soaring prices and shrinking coverage. Despite the value many organisations put on cyber insurance — in some cases, they're required to carry it to comply with regulations — obtaining such policies is getting more difficult.
While raising premiums, some insurers are reducing coverage. If an organisation bought $10 million worth of coverage for a given price in 2021, for example, renewing that policy in 2022 might see the coverage amount fall to $3 million and the premiums for that lower coverage rise. This phenomenon is due, in part, to insurers trying to strike the right balance of customers' risk profile versus their risk-mitigation efforts.
Ransomware Attacks Still The #1 Threat To Businesses And Organisations
In 2021, ransomware attacks continued to be one of the most prominent threats targeting businesses and organisations worldwide.
High-profile attacks disrupted operations of companies in various sectors.
For example, the Colonial Pipeline attack interrupted critical infrastructure, the JBS Foods attack influenced food processing, and the CNA breach disrupted the insurance industry.
Following the attacks, pressure of law enforcement on ransomware gangs intensified, though simultaneously these threat actors continued to evolve.
They are not only becoming more technologically sophisticated but are also extensively leveraging the growing cyber crime ecosystem looking to find new partners, services and tools for their operations.
https://www.helpnetsecurity.com/2022/05/30/ransomware-trends-video/
Third Of UK Firms Have Experienced A Security Breach Since 2020
Cyber threats are behind soaring fraud and economic crime in the UK, where rates are now second only globally to South Africa, according to PwC.
The consulting giant’s latest Global Economic Crime Survey revealed that nearly two-thirds (64%) of UK businesses experienced fraud, corruption or other economic/financial crime during the past 24 months, a significant increase on the 56% recorded in 2020, and 50% in 2018.
It’s also much higher than the 2022 global average of 46%, PwC said.
Cyber crime was the most commonly reported fraud type, although figures here dropped from 42% in 2020 to 32% in 2022. Included for the first time in the report, supply chain incidents accounted for 19%.
Most (51%) reported fraud cases in the UK were traced back to external parties, versus just 43% globally. The top three culprits were cited as customers, hackers and vendors/suppliers.
https://www.infosecurity-magazine.com/news/third-uk-security-breach-2020/
There Is No Good Digital Transformation Without Cyber Security
Network engineers and CIOs agree that cyber security issues represent the biggest risk for organisations that fail to put networks at the heart of digital transformation plans. According to research commissioned by Opengear, 53% of network engineers and 52% of CIOs polled in the US, UK, France, Germany, and Australia rank cyber security among the list of their biggest risks.
The concerns are fuelled by an escalating number of cyber attacks. In fact, 61% of CIOs report an increase in cyber security attacks/breaches from 2020-21 compared to the preceding two years. For digital transformation of networking, 70% of network engineers say security is the most important focus area, and 31% say network security is their biggest networking priority.
Digital transformation is a priority, but cyber security risk remains. CIOs also understand the importance of the issues. 51% of network engineers say their CIOs have consulted them on investments to deliver digital transformation plans, the highest priority in the survey.
What’s more, 41% of CIOs rank cyber security among their organisation’s most important investment priorities over the next year, with 35% stating it is among the biggest over the next five years. In both cases, cyber security ranks higher than any other factor.
https://www.helpnetsecurity.com/2022/05/31/digital-transformation-cybersecurity-risk/
Ransomware Gang Now Hacks Corporate Websites To Show Ransom Notes
A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes.
This new extortion strategy is being conducted by Industrial Spy, a data extortion gang that recently began using ransomware. As part of their attacks, Industrial Spy will breach networks, steal data, and deploy ransomware on devices. The threat actors then threaten to sell the stolen data on their Tor marketplace if a ransom is not paid.
When ransomware gangs extort a victim, they typically give them a short window, usually a few weeks, to negotiate and pay a ransom before they start leaking data.
During this negotiation process, the threat actors promise to keep the attack secret, provide a decryption key, and delete all data if a ransom is paid.
After this period, the threat actors will use various methods to increase pressure, including DDoS attacks on corporate websites, emailing customers and business partners, and calling executives with threats.
These tactics are all done privately or with minimal exposure on their data leak sites, which are usually only visited by cyber security researchers and the media.
However, this is the first time we have seen a ransomware gang defacing a website to very publicly display a ransom note.
Attackers Are Leveraging Follina, A Critical Microsoft Windows Vulnerability Affecting Nearly All Versions of Windows and Windows Server. What Can You Do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns.
Microsoft has described CVE-2022-30190 as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability, confirmed it affects an overwhelming majority of Windows and Windows Server versions, and advised on a workaround to be implemented until a patch is ready.
https://www.helpnetsecurity.com/2022/06/03/patch-cve-2022-30190/
Ransomware Attacks Need Less Than Four Days To Encrypt Systems
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019.
This change reflects a more streamlined approach that developed gradually over the years to make large-scale operations more profitable.
At the same time, improvements in incident response and threat detection have forced threat actors to move quicker, to leave defenders with a smaller reaction margin.
The data was collected by researchers at IBM's X-Force team from incidents analysed in 2021. They also noticed a closer collaboration between initial access brokers and ransomware operators.
Previously, network access brokers might wait for multiple days or even weeks before they found a buyer for their network access.
In addition, some ransomware gangs now have direct control over the initial infection vector, an example being Conti taking over the TrickBot malware operation.
Malware that breaches corporate networks is quickly leveraged to enable post-exploitation stages of the attack, sometimes completing its objectives in mere minutes.
57% Of All Digital Crimes In 2021Were Scams
Group-IB shares its analysis of the landscape of the most widespread cyber threat in the world: scams. Accounting for 57% of all financially motivated cyber crime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups.
The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to SaaS (Scam-as-a-Service), in 2021 the number of cyber criminals in one scam gang increased 10 times compared to 2020 and now reaches 100.
Traffic has become the circulatory system of scam projects: researchers emphasise that the number of websites used for purchasing and providing “grey” and illegal traffic and that lure victims into fraudulent schemes has increased by 1.5 times. Scammers are going into 2022 on a new level of scam attack automation: no more non-targeted users. Scammers are now attracting specific groups of victims to increase conversion rates. Social media are more often becoming the first point of contact between scammers and their potential victims.
https://www.helpnetsecurity.com/2022/05/31/scams-widespread-cyber-threat/
Intelligence Is Key To Strategic Business Decisions
Businesses have a growing need for greater relevance in the intelligence they use to inform critical decision-making. Currently just 18% of professionals responsible for security, risk, or compliance in their organisation feel that the intelligence they receive is “very specific and focused on their business”, a S-RM research reveals.
6 in 10 respondents also say the intelligence they receive takes too much time to analyse, meaning it does not always result in better informed decision making. This was the top reason behind dissatisfaction with external intelligence, identified by over 200 professionals working at companies with revenues of over $250 million.
The second most likely reason was that information was not tailored to business needs (47%), followed by too much information (35%).
Growing demand for the use of strategic intelligence has been prompted by increasing cyber (51%) and regulatory concerns (50%). And while these two factors have been climbing the boardroom agenda for years, geopolitical uncertainty has made the need to respond to these developments more acute. In particular, the Russia-Ukraine conflict has created a complex sanctions regime for businesses to operate.
Additionally, navigating the complexities of the COVID-19 pandemic has been a key challenge for businesses in the past three years, with 40% citing this as a catalyst in driving a growing need for strategic intelligence.
https://www.helpnetsecurity.com/2022/06/03/intelligence-decision-making/
How Cyber Criminals Are Targeting Executives At Home And Their Families
Top executives and their families are increasingly being targeted on their personal devices and home networks, as sophisticated threat actors look for new ways to bypass corporate security and get direct access to highly sensitive data.
https://www.helpnetsecurity.com/2022/06/01/cybercriminals-targeting-executives-video/
Threats
Ransomware
Cyber criminals Expand Attack Radius and Ransomware Pain Points | Threatpost
FBI, CISA warn: Don't get caught in Karakurt's web • The Register
Conti ransomware targeted Intel firmware for stealthy attacks (bleepingcomputer.com)
YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links (darkreading.com)
Conti Leaks Reveal Ransomware Gang's Interest in Firmware-based Attacks (thehackernews.com)
Evil Corp switches to LockBit ransomware to evade sanctions (bleepingcomputer.com)
Ransomware attack sends New Jersey county back to 1977 • The Register
Ransomware roundup: System-locking malware dominates headlines | CSO Online
What if ransomware evolved to hit IoT in the enterprise? • The Register
How Costa Rica found itself at war over ransomware | CSO Online
Experts warn of ransomware attacks on government orgs of small states - Security Affairs
Foxconn confirms ransomware attack disrupted production in Mexico (bleepingcomputer.com)
Why Ransomware Timeline Shrinks By 94%? – Information Security Buzz
Hundreds of Elasticsearch databases targeted in ransom attacks (bleepingcomputer.com)
BEC – Business Email Compromise
Phishing & Email Based Attacks
Watch out for phishing emails that inject spyware trio • The Register
Telegram’s blogging platform abused in phishing attacks (bleepingcomputer.com)
Other Social Engineering
Vishing attacks: What they are and how organisations can protect themselves - Help Net Security
Beware the Smish! Home delivery scams with a professional feel… – Naked Security (sophos.com)
Malware
New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers (thehackernews.com)
LuoYu APT delivers WinDealer malware via man-on-the-side attacks - Security Affairs
EnemyBot malware adds enterprise flaws to exploit arsenal • The Register
Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network (thehackernews.com)
Logic bombs explained: Definition, examples, and prevention | CSO Online
Mobile
Top 10 Android banking trojans target apps with 1 billion downloads (bleepingcomputer.com)
WhatsApp accounts hijacked by call forwarding | Malwarebytes Labs
SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities (thehackernews.com)
SMSFactory Android malware sneakily subscribes to premium services (bleepingcomputer.com)
Phishers Having a Field Day on WhatsApp, Telegraph (darkreading.com)
Apple blocked 1.6 millions apps from defrauding users in 2021 (bleepingcomputer.com)
Organised Crime & Criminal Actors
FBI warns of Ukrainian charities impersonated to steal donations (bleepingcomputer.com)
Euro Cops Bust $47m Money Laundering Operation - Infosecurity Magazine (infosecurity-magazine.com)
Three Nigerian Users of Agent Tesla RAT Arrested | SecurityWeek.Com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Americans report losing over $1 billion to cryptocurrency scams (bleepingcomputer.com)
Clipminer malware gang stole $1.7M by hijacking crypto payments (bleepingcomputer.com)
Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack (bleepingcomputer.com)
WatchDog hacking group launches new Docker cryptojacking campaign (bleepingcomputer.com)
Fraud, Scams & Financial Crime
$39.5 billion lost to phone scams in last year - Help Net Security
Britain's biggest bank issues 'urgent warning' over new scam (telegraph.co.uk)
Scams account for most of all financially motivated cyber crime - Help Net Security
AML/CFT/Sanctions
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Open Source
Linux malware is on the rise—6 types of attacks to look for | CSO Online
The Open Source Software Security Mobilization Plan: Takeaways for security leaders | CSO Online
Privacy
Vodafone plans carrier-level user tracking for targeted ads (bleepingcomputer.com)
Europe's hope to scan devices for unlawful files criticized • The Register
Passwords & Credential Stuffing
Regulations, Fines and Legislation
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
NSA general confirms US offensive cyber ops in Ukraine war • The Register
Deadly Secret: Electronic Warfare Shapes Russia-Ukraine War | SecurityWeek.Com
Anonymous: Operation Russia after 100 days of war - Security Affairs
Chinese LuoYu hackers deploy cyber-espionage malware via app updates (bleepingcomputer.com)
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
China-linked TA413 group actively exploits Microsoft Follina Zero-Day flawSecurity Affairs
Chinese state media propaganda found in 88% of Google, Bing news searches - CyberScoop
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor (thehackernews.com)
How Beijing’s surveillance cameras crept into Britain’s corridors of power (telegraph.co.uk)
Nation State Actors – North Korea
Nation State Actors – Iran
Nation State Actors – Misc APT
Vulnerability Management
Vulnerabilities
CISA adds 75 vulnerabilities to catalogue in 3 days- IT Security Guru
Fighting Follina: Application Vulnerabilities and Detection Possibilities (darkreading.com)
Yet another zero-day (sort of) in Windows “search URL” handling – Naked Security (sophos.com)
Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover (darkreading.com)
Microsoft Azure vulnerabilities pose new cloud security risk - Protocol
GitLab Issues Security Patch for Critical Account Takeover Vulnerability (thehackernews.com)
New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email (thehackernews.com)
Sector Specific
Financial Services Sector
Government
Health/Medical/Pharma Sector
Twice as Many Healthcare Organisations Now Pay Ransom - Infosecurity Magazine
Novartis says no sensitive data was compromised in cyber attack (bleepingcomputer.com)
Costa Rica’s public health agency hit by Hive ransomware (bleepingcomputer.com)
Transport and Aviation
CNI, OT, ICS, IIoT and SCADA
Food and Agriculture
Web3
Other News
How Failing to Prioritize Cyber Security can Hurt Your Company (analyticsinsight.net)
Bad news: The cyber security skills crisis is about to get even worse | ZDNet
Nearly Three-Quarters of Firms Suffer Downtime from DNS Attacks - Infosecurity Magazine
CIOs and network engineers rank cyber security among the biggest risks - Help Net Security
How USB Drives Can Be a Danger to Your Computer (howtogeek.com)
Australian digital driver's licenses hackable in minutes • The Register
Over 3.6 million MySQL servers found exposed on the Internet (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 December 2020
Black Arrow Cyber Threat Briefing 11 December 2020: Cyber crime costs the world more than $1 trillion, 50% increase from 2018; One of the world's largest security firms breached; Chinese Breakthrough in Quantum Computing a Warning for Security Teams; Ransom payouts hit record-highs, surging 178% in a year; Ransomware Set to Continue to Evolve
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
Cyber crime costs the world more than $1 trillion, a 50% increase from 2018
Cyber crime costs the world economy more than $1 trillion, or just more than one percent of global GDP, which is up more than 50 percent from a 2018 study that put global losses at close to $600 billion. Beyond the global figure, the report also explored the damage reported beyond financial losses, finding 92 percent of companies felt effects beyond monetary losses.
https://www.helpnetsecurity.com/2020/12/07/cybercrime-costs-world/
FireEye, one of the world's largest security firms, discloses security breach
FireEye, one of the world largest security firms, said today it was hacked and that a "highly sophisticated threat actor" accessed its internal network and stole hacking tools FireEye uses to test the networks of its customers.
The firm said the threat actor also searched for information related to some of the company's government customers.
The attacker was described as a "highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack."
Chinese Breakthrough in Quantum Computing a Warning for Security Teams
China’s top quantum-computer researchers have reported that they have achieved quantum supremacy, i.e., the ability to perform tasks a traditional supercomputer cannot. And while it’s a thrilling development, the inevitable rise of quantum computing means security teams are one step closer to facing a threat more formidable than anything before.
https://threatpost.com/chinese-quantum-computing-warning-security/161935/
Ransom payouts hit record-highs, surging 178% in a year
Average ransom payouts increased by 178% in the third quarter of this year, from $84,000 (£63,000) to almost £234,000, compared with the year before. Ransomware payments reached record-highs in 2020 as employees shifted to remote working to curb the spread of the coronavirus pandemic, creating more attack vectors for hackers.
Ransomware Set for Evolution in Attack Capabilities in 2021
Ransomware is set to evolve into a greater threat in 2021 as service offerings and collaborations increase. The year turned out “different than predicted” and the shift to working from home also impacted the e-crime landscape. “This created an industrialization of e-crime groups and their abilities to extend from single groups into business pipelines”
https://www.infosecurity-magazine.com/news/ransomware-evolution-capabilities/
How Organisations Can Prevent Users from Using Breached Passwords
There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door?
https://thehackernews.com/2020/12/how-organizations-can-prevent-users.html
Threats
Ransomware
Hackers demand $34.7 million in Bitcoin after ransomware attack on Foxconn
Ransomware forces hosting provider Netgain to take down data centers
Ransomware-struck schools reject £1m demand from crims in timely reminder to always mind the air-gap
Phishing
IOT
Malware
Qbot malware switched to stealthy new Windows autostart method
Microsoft exposes Adrozek, malware that hijacks Chrome, Edge, and Firefox
Social media sharing icons could harbor info-stealing malware
All-new Windows 10 malware is excellent at evading detection
Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping
Vulnerabilities
Critical, Unpatched Bugs Open GE Radiological Devices to Remote Code Execution
Amnesia:33 vulnerabilities impact millions of smart and industrial devices
Expert discloses zero-click, wormable flaw in Microsoft Teams
Data Breaches
FireEye, one of the world's largest security firms, discloses security breach
Hackers leak data from Embraer, world's third-largest airplane maker
Threat Actors
Insider Threats
Other News
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.