Executive summary

After a multi-year collaborative effort across industry, academia, and governments around the world, The US National Institute of Standards and Technology have released version 2.0 of their globally recognised and internationally respected cyber security framework (CSF). The new framework builds on it’s long standing principles, adding to governance to the original 5 functions (identify, protect, detect, respond and recover). The framework also directly addresses supply chain risk.

What can I do?

Businesses now have access to an updated framework which reflects, addresses and helps to mitigates the cyber threats we are seeing today. The framework offers a taxonomy of high-level cyber security outcomes that can be used by any organisation, regardless of size, sector or maturity, to better understand, assess, prioritise and communicate its cyber security efforts.

The official NIST release can be found below:

https://www.nist.gov/cyberframework

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape

The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.

The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.

Sources: [ITPro] [The Debrief]

Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge

The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.

However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.

Sources: [ITPro] [Law Society] [Security Brief] [Financial Times]  [Infosecurity Magazine]

Researcher Uncovers One of The Biggest Password Dumps in Recent History

Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.

Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.

Source: [Ars Technica]

Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023

Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.

Source: [Infosecurity Magazine]

75% of Organisations Hit by Ransomware in 2023

A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.

Source: [Infosecurity Magazine]

The Dangers of Quadruple Blow Ransomware Attacks

With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.

This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.

Source: [TechRadar]

Human Error and Insiders Expose Millions in UK Law Firm Data Breaches

UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.

Source: [Infosecurity Magazine]

It’s a New Year and a Good Time for a Cyber Security Checkup

2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.

Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.

Source: [JDSupra]

Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster

Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.

In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.

Source: [The Hacker News]

Cyber Threats Top Global Business Risk Concern for 2024

Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.

Source: [Insurance Journal]

Generative AI has CEOs Worried About Cyber Security, PwC Survey Says

A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company.  When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.

Source: [Quartz]

With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too

As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.

Source: [Dark Reading]

Digital Resilience: a Step Up from Cyber Security

In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [CSO Online] [Financial Times]

Governance, Risk and Compliance

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• JPMorgan suffers 45bn cyber attacks a day (ft.com)

• Improving Supply Chain Security, Resiliency (informationweek.com)

• Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)

• As hacks worsen, SEC turns up the heat on CISOs | TechCrunch

• It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Digital resilience – a step up from cyber security | CSO Online

• How to Recover After Failing a Cyber Security Audit - Security Boulevard

• Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK

• Cyber incident response impaired by stress | SC Media (scmagazine.com)

• Key Considerations for Successful Cyber Security Supply Chain Risk Management (C-SCRM) - Security Boulevard

• Security considerations during layoffs: Advice from an MSSP - Help Net Security

• Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)

• InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

• Applying the Tyson Principle to Cyber Security: Why Attack Simulation is Key to Avoiding a KO (thehackernews.com)

• How to improve cyber resilience across your workforce (ft.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• UK finance firms faced a torrent of ransomware attacks in 2023 as threat actors ramped up activities | ITPro

• Veeam Data Protection Trends Report 2024 Finds Cyber Attacks the #1 Cause of Business Outages | Business Wire

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

• Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)

• The Top 10 Ransomware Groups of 2023 - Security Boulevard

• 3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)

• Ransomware causes mental, physical trauma to security pros • The Register

• The dangers of quadruple blow ransomware attacks | TechRadar

• Ransomware: how financial institutions can prepare to react quickly through regulatory compliance (finextra.com)

• Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert

• Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security

• Outsmarting Ransomware’s New Playbook - SecurityWeek

• TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)

• Ransomware negotiation: When cyber security meets crisis management - Help Net Security

Ransomware Victims

• Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)

• Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)

• British Library to share learning from cyber attack - Museums Association

• British Library starts restoring services online after hack - BBC News

• British cosmetics firm Lush confirms cyber attack (therecord.media)

• Delay to Manx Care dental services after cyber attack - BBC News

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

• Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)

• A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar

• Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)

Phishing & Email Based Attacks

• Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar

• Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Vendor Email Attacks Surged by 137% in Financial Sector in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Modular laptop maker Framework contacts customers after phishing scheme hooks internal spreadsheet packed with personal data | Tom's Hardware (tomshardware.com)

• US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar

• Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)

• Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security

• US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

• Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard

Artificial Intelligence

• AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)

• Adversaries exploit trends, target popular GenAI apps - Help Net Security

• The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)

• The power of AI in cyber security - Help Net Security

• Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security

• AI Could Make Cyber Threats Harder to Detect (newswise.com)

• If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

2FA/MFA

• Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)

• Out with the old and in with the improved: MFA needs a revamp - Help Net Security

• MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)

Malware

• GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)

• Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)

• Data-theft malware exploits Windows Defender SmartScreen • The Register

• Windows PCs targeted by dangerous new threat that even gets around Defender - and even though there's a fix, you could still be at risk | TechRadar

• MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)

• 5 malware mistakes most people make while traveling and trying to charge (nypost.com)

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine (infosecurity-magazine.com)

• Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)

• Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar

• JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard

• $80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)

• Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)

• Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)

• Securing Public Sector Against IoT Malware in 2024 - Security Boulevard

Mobile

• 5 malware mistakes most people make while traveling and trying to charge (nypost.com)

• New Tool Identifies Pegasus and Other iOS Spyware - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Environmental Websites Hit by DDoS Surge in COP28 Crossfire - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Your washing machine could be sending 3.7 GB of data a day — LG washing machine owner disconnected his device from Wi-Fi after noticing excessive outgoing daily data traffic | Tom's Hardware (tomshardware.com)

• Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)

• Modernising print security for today’s working world | TechRadar

• Securing Public Sector Against IoT Malware in 2024 - Security Boulevard

Data Breaches/Leaks

• Human Error and Insiders Expose Millions in UK Law Firm Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Insufficient cyber security caused PSNI data breach  (iapp.org)

• Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360

• Modular laptop maker Framework contacts customers after phishing scheme hooks internal spreadsheet packed with personal data | Tom's Hardware (tomshardware.com)

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

Organised Crime & Criminal Actors

• Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)

• GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)

• Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard

• Illegal online casinos spread crypto-crime across Asia • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine (infosecurity-magazine.com)

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Illegal online casinos spread crypto-crime across Asia • The Register

Insider Risk and Insider Threats

• Human Error and Insiders Expose Millions in UK Law Firm Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Preventing insider access from leaking to malicious actors - Help Net Security

Insurance

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)

• Fighting ransomware: A guide to getting the right cyber security insurance | SC Media (scmagazine.com)

Supply Chain and Third Parties

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)

• Improving Supply Chain Security, Resiliency (informationweek.com)

• Key Considerations for Successful Cyber Security Supply Chain Risk Management (C-SCRM) - Security Boulevard

Cloud/SaaS

• Insurance website's buggy API leaked Office 365 password • The Register

• As Enterprise Cloud Grows, So Do Challenges (darkreading.com)

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• 3 ways to combat rising OAuth SaaS attacks - Help Net Security

• FBI: Beware of cloud-credential thieves building botnets • The Register

• Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)

Identity and Access Management

• Digital nomads amplify identity fraud risks - Help Net Security

Encryption

• New Report Charts Roadmap To A Quantum-Secure Financial System – Eurasia Review

Passwords, Credential Stuffing & Brute Force Attacks

• Researcher uncovers one of the biggest password dumps in recent history | Ars Technica

• GitHub scrambles to rotate keys after credentials in production containers were potentially exposed | ITPro

• Insurance website's buggy API leaked Office 365 password • The Register

• FBI: Beware of cloud-credential thieves building botnets • The Register

Social Media

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Latest Adblock update causes massive YouTube performance hit (bleepingcomputer.com)

Training, Education and Awareness

• The right strategy for effective cyber security awareness - Help Net Security

• Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard

• How to improve cyber resilience across your workforce (ft.com)

Regulations, Fines and Legislation

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

• As hacks worsen, SEC turns up the heat on CISOs | TechCrunch

• IT consultant in Germany fined for exposing shoddy security • The Register

• Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register

• A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK

• Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard

• Home improvement marketers dial up trouble from regulator • The Register

Models, Frameworks and Standards

• 10 cyber security frameworks you need to know about - Help Net Security

• NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST

Backup and Recovery

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

Data Protection

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

Careers, Working in Cyber and Information Security

• Ransomware causes mental, physical trauma to security pros • The Register

• Protecting the protectors: combating stress in the cyber security industry | The Independent

• Best practices to mitigate alert fatigue - Help Net Security

• Universities not delivering the right skills for cyber security (betanews.com)

Law Enforcement Action and Take Downs

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK

Misinformation, Disinformation and Propaganda

• Staying cyber secure in the age of misdirection | The Independent

• FBI Warns of More Election Chaos in 2024 (darkreading.com)

• Election Security 2024: Biggest Cyber Threats and Practical Solutions - Infosecurity Magazine (infosecurity-magazine.com)

• OODA Loop - Elections Are Coming: Time to Sound Misinformation’s Clarion Call… Again

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• Cyberwar continues to underperform (reason.com)

Nation State Actors

China

• End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)

• Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)

• Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)

• China warns of AirDrop de-anonymisation flaw • The Register

Russia

• FBI Warns of More Election Chaos in 2024 (darkreading.com)

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)

• Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)

• Russia finds way around sanctions on battlefield tech: report – POLITICO

• Moscow imports a third of battlefield tech from western companies (ft.com)

• Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop

• Ukrainian hackers successfully attack payment website of one of Russia's regional energy companies (yahoo.com)

Iran

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Threat-hunter says Iran is stepping up the sophistication of its cyber attacks (therecord.media)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• Ukrainian hackers successfully attack payment website of one of Russia's regional energy companies (yahoo.com)

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)

• New Tool Identifies Pegasus and Other iOS Spyware - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Why we must bring order to cyber vulnerability chaos | TechRadar

Vulnerabilities

• CISA: Critical SharePoint vuln is under active exploitation • The Register

• Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)

• Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)

• Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)

• VMware Urges Customers to Patch Critical Aria Automation Vulnerability  - SecurityWeek

• Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)

• Two more Citrix NetScaler bugs exploited in the wild • The Register

• Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)

• Millions of GPUs from Apple, AMD and Qualcomm have a serious security flaw — and it could put literally all your data at risk if it isn't fixed | TechRadar

• End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)

• Apple Magic Keyboards are at risk from security attacks – update now to protect your Mac or iPad | TechRadar

• Windows 10 security update requires some major changes - experts only need apply | TechRadar

• GitLab Patches Critical Password Reset Vulnerability - SecurityWeek

• Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)

• Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek

• Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek

• Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)

• New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica

• China warns of AirDrop de-anonymisation flaw • The Register

• Drupal Releases Security Advisory for Drupal Core | CISA

• Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)

Tools and Controls

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Digital resilience – a step up from cyber security | CSO Online

• If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online

• Key elements for a successful cyber risk management strategy - Help Net Security

• Preventing insider access from leaking to malicious actors - Help Net Security

• Applying the Tyson Principle to Cyber Security: Why Attack Simulation is Key to Avoiding a KO (thehackernews.com)

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• As Enterprise Cloud Grows, So Do Challenges (darkreading.com)

• Best practices to mitigate alert fatigue - Help Net Security

• Modernising print security for today’s working world | TechRadar

• APIs in peril: Wallarm's latest report exposes uptick in API attacks and highlights security predictions for 2024 | Business Wire

• MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)

• Cyber incident response impaired by stress | SC Media (scmagazine.com)

• Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)

• InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)

• Digital nomads amplify identity fraud risks - Help Net Security

• Out with the old and in with the improved: MFA needs a revamp - Help Net Security

• The right strategy for effective cyber security awareness - Help Net Security

• SOC-as-a-Service: The Five Must-Have Features - Security Boulevard

Other News

• Post Office scandal latest: MPs 'shocked' by evidence from Fujitsu and Post Office boss - as victims Alan Bates and Jo Hamilton say they were 'gaslit' | UK News | Sky News

• Post Office syndrome: why we’re more vulnerable than ever to Horizon-like computer systems | The Independent

• What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)

• How news organisations became a prime target for cyber attacks (pressgazette.co.uk)

• UK doubles spending on overseas cyber security projects (ft.com)

• Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)

• NCSC Builds New “Cyber League” Threat Tracking Community - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Boardrooms on Notice: Cyber Security Oversight More Important Than Ever

In 2023, the rise in security breaches and cyber attacks caused cyber security to transcend its usual confines and emerge as a critical boardroom concern, prompting executives to recognise the need for proactive engagement. The current landscape has necessitated executive decision-makers to proactively engage in cyber security, instead of just passively observing. It is no surprise that in a survey from KMPG of over 300 CEO’s, dealing with cyber risk was designated as the top priority for the foreseeable three to five years.

When a company faces a substantial fine or penalty from a breach, it serves two crucial purposes. Firstly, it sets a precedent for ensuring companies across the board understand the repercussions of lax cyber security measures and secondly, it pushes organisations towards proactive investment in robust cyber security frameworks. Many organisations are beginning to realise that the cost of a breach, both financial and reputational, far outweighs that of prevention. Furthermore, many frameworks are now placing the board as directly responsible.

Sources: [Lexology] [Security Brief]

Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023

Ransomware reported to the UK financial regulator in 2023 doubled, and the impact is clear. In a survey of CISOs based in the UK, one-third confessed to paying ransomware groups millions in recent years in a bid to alleviate the impact of an attack. The minimum ransom paid by UK businesses across a five year period stood at around $250,000, the study found. Ransomware is the dominant threat that continues to plague organisations, and it is important that your organisation is doing all it can to prevent such an attack, and has plans in place to recover when such an attack happens.

Sources: [Data Breaches] [UK mortgage news] [The Hacker News]

Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever

As organisations find themselves more and more reliant on digital technology than ever before, the impact of not having it becomes greater and greater. As reliance on these systems grows, the level of cyber threat grows as well. A recent report found 68% of those surveyed believed they would not survive more than a single day without their IT systems, up from 46% in 2017. The report found that 54% of organisations said they experienced some form of cyber attack last year, with ransomware cited as the most disruptive.

Source: [TechRadar]

Cyber Insecurity and Misinformation Top WEF Global Risk List

In the latest report by the World Economic Forum, misinformation and disinformation have emerged as the most severe global risk anticipated over the next two years, with the risk becoming more likely as elections in several economies take place this year. As artificial intelligence models become easier to use and more accessible to the general population, this will enable an explosion of false information and synthetic content such as cloned voices and fake websites.

Another top concern identified in the report is the risk of cyber attacks and cyber insecurities. Currently the production of AI technologies is highly concentrated; this creates a significant supply chain risk, as the reliance of one or two models could give rise to systemic cyber vulnerabilities, paralysing critical infrastructure.

Source: [Infosecurity Magazine]

Why Effective Cyber Security and Risk Management are Crucial for Business Growth

Technology has changed, enhanced and transformed how business is conducted. However, these new advancements such as cloud, IoT and AI have introduced a range of new cyber security risks. It is crucial for leaders to grasp the accompanying risks to ensure the safety of their organisations, customers and products. Given the inevitability of business risk, particularly cyber risk, leaders should focus on managing it by identifying mission-critical aspects of their organisation and then determining how best to protect them. The first step to a proactive approach to cyber security is to devise a robust and tailored cyber security strategy aligned to the organisation’s risk profile. This not only improves the safety and security of the organisation, but also the trust of its customers and products in an increasingly digital world.

Source: [World Economic Forum]

The Cost of Dealing with a Cyber Attack Doubled Last Year

New research by Dell claims that the cost of global cyber attacks reached a new high in 2023, topping out at $1.41 million per attack, up $660,000 from the previous year. It was found that almost half (48%) of UK based organisations reported suffering either a cyber attack or incident that prevented access to company data.

Over half of global respondents report that malicious links in spam or phishing emails, hacked devices, and stolen credentials are the most common entry points for cyber attacks.

Source: [TechRadar]

Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved

Merck’s long legal battle with its insurers over the damage caused by the infamous NotPetya attack has finally come to an end, with the Merck agreeing to settle with their insurer providers who had refused to pay $699 million of the $1.4 million that was claimed in damages.

The legal battle began when Merck, who did not have cyber insurance, had made a claim under its ‘all-risks’ coverage. In 2022, it was stated that the NotPetya attack “is not sufficiently linked to a military action or objective as it was a non-military cyber attack against an accounting software provider” and in May 2023, this decision was upheld, forcing the insurers to settle.

Source: [Security Week] [Dark Reading]

Mandiant, SEC Lose Control of X Accounts Without 2FA

While security teams are focused on preventing the gamut of different levels of cyber attack sophistication, it can be easy for even the sharpest teams to overlook the simple stuff. This was recently seen when Google’s cyber security operation, Mandiant, temporarily lost control of its account on X (formerly known as Twitter) due to not having two-factor authentication (2FA). A separate high-profile incident also occurred this week, as the US Securities and Exchange Commission (SEC) account on X was hijacked to post a fake announcement about bitcoin, raising its value by 5%.

In March of 2023, X changed the way multi-factor authentication (MFA) worked, so that only premium subscribers have access to it. The two high-profile attacks, which were due to accounts not having MFA, show that cyber criminals are taking advantage of these changes. These incidents serve as a clear reminder that organisations must prioritise even the most fundamental security practices, such as MFA, to protect their digital assets.

Further, the attack on the SEC has opened them to criticism from firms such as SolarWinds who the SEC had previously reprimanded for cyber security failures.

Source: [Dark Reading]

If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis

A question to ask is why, in the event of a data security incident, is there an overwhelming feeling that the company is doomed? Yet when there are other issues, such as internal investigations, the feeling is not as strong. For a lot of companies, these cyber incidents are the first time that their cyber response plan (if they have one at all) is enacted and it is this lack of preparation that causes such a feeling.  Companies looking to increase their cyber resilience should look to have and regularly test a cyber incident response plan; you do not want to be in the position of having to learn your plan and deal with a cyber incident at the same time.

Source: [Help Net Security]

82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year

A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them according to a recent report. For many, the issue is caused by a lack of proper remediation solutions; this formed part of the reason why 87% of surveyed organisations reported plans to enhance vulnerability and exposure remediation within the next year. The need increases when considering last year there were more than 28,000 new vulnerabilities; that is the equivalent of nearly 80 every day.

Sources: [Infosecurity Magazine] [SecurityWeek]

Cyber Security is the Number One Priority for the Financial Sector Again

In Softcat's annual Business Tech Priorities Report, the financial sector's tech investments for the coming year have been unveiled. Notably, cyber security remains the top priority for the sector with 55% prioritising cyber security before anything else, reflecting the critical need to protect against the escalating threat landscape. It's important to understand that cyber security is not merely an IT problem; it is a business imperative. As consumers increasingly embrace digital banking, the impact of digitalisation on the financial sector is evident. With cyber incidents on the rise, investment in cyber security, including zero-trust security and AI threat hunting, is imperative for safeguarding not only data but the entire business.

Sources: [The Fintech Times] [Islamic Finance News]

Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’

In 2024, cyber crime marketplaces are expected to surge even more, transitioning every cyber threat further into the “as-a-service” model. The term “as-a-service” refers to the provision of specific functionalities or tools as a service, typically offered on a subscription or pay-as-you-go basis. This allows malicious actors with limited technical skills to launch sophisticated attacks. This trend was already being spotted at the end of 2023 as a report found that 73% of all internet traffic is currently composed of malicious bots and related fraud farm activities. This highlights the need for organisations to have accurate threat intelligence and analysis to understand the digital terrain ahead of these continued and expanding “as-a-service” threats.

Source: [Security Boulevard]

Governance, Risk and Compliance

• Businesses can't survive without their IT systems - and they're under attack more than ever | TechRadar

• If you prepare, a data security incident will not cause an existential crisis - Help Net Security

• 82% of Companies Struggle to Manage Security Exposure - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Insecurity and Misinformation Top WEF Global Risk List - Infosecurity Magazine (infosecurity-magazine.com)

• IFN – Cyber Security: Not an IT problem, but a business one (islamicfinancenews.com)

• Cyber incidents hit 15% of global firms (tribune.com.pk)

• The cost of dealing with a cyber attack doubled last year | TechRadar

• Board Priorities 2024: Cyber preparedness & resilience - Lexology

• Boardrooms on notice: Cyber security oversight more important than ever (securitybrief.co.nz)

• What the Board Needs to Know About Exponential Disruption, Cyber Security, Risk Management and Strategy - OODA Loop

• Why cyber security and risk management are crucial for growth | World Economic Forum (weforum.org)

• XM Cyber's 2024 Survey on the State of Security Posture Reveals Remediation Efforts Falling Behind Surging Exposures (prnewswire.com)

• How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard

• The expanding scope of CISO duties in 2024 - Help Net Security

• War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)

• 2023 was a big year for cyber crime – here’s how we can make our systems safer | World Economic Forum (weforum.org)

• The Reality Of Cyber In 2024: What Dangers Do Businesses Face? - Minutehack

• Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)

• The power of basics in 2024's cyber security strategies - Help Net Security

• Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)

• DSIT launches UK Cyber Governance Project | UKAuthority

Threats

Ransomware, Extortion and Destructive Attacks

• Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week

• How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)

• British Library ransomware cyber attack ‘set to cost £7million’ (yahoo.com)

• Richard Osman among authors missing royalties amid ongoing cyber attack on British Library | British Library | The Guardian

• There is a Ransomware Armageddon Coming for Us All (thehackernews.com)

• UK CISO’s are cowing to ransomware demands more than you think, here’s why they shouldn’t pay up (databreaches.net)

• Ransomware incidents reported to UK financial regulator doubled in 2023 - The Intermediary - Latest UK mortgage news

• Ransomware victims targeted in follow-on extortion attacks • The Register

• Swatting: The new normal in ransomware extortion tactics • The Register

• Another top US mortgage firm hit by major cyber attack | TechRadar

• Capital Health attack claimed by LockBit ransomware, risk of data leak (bleepingcomputer.com)

• Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)

• Babuk ransomware decryptor updated with Tortilla support • The Register

• "Security researcher" offers to delete data stolen by ransomware attackers - Help Net Security

• Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)

• Finland warns of Akira ransomware wiping NAS and tape backup devices (bleepingcomputer.com)

• Diving deep into Phobos ransomware. (thecyberwire.com)

• Ransomware payment ban: Wrong idea at the wrong time • The Register

Ransomware Victims

• In $1.4B coverage over cyber attack, Merck settles with insurers (fiercepharma.com)

• Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week

• British Library says final cost of cyber attack is ‘not confirmed’ | Evening Standard

• 'Totally and utterly bereft' — the devastating repercussions of the British Library cyber attack (yahoo.com)

• Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals - Neowin

• Mortgage firm loanDepot cyber attack impacts IT systems, payment portal (bleepingcomputer.com)

• Toronto Zoo: Ransomware attack had no impact on animal wellbeing (bleepingcomputer.com)

• LockBit ransomware gang claims the attack on Capital Health (securityaffairs.com)

• Fidelity National Financial says hackers stole data on 1.3 million customers | TechCrunch

• ICO hits hacked firm with GDPR reprimand | AccountingWEB

• HMG Healthcare Says Data Breach Impacts 40 Facilities - Security Week

• Full reopening of Isle of Man dentist delayed by 'serious cyber attack' | iomtoday.co.im

• Ransomware wrecks Paraguay’s largest telco (databreaches.net)

Phishing & Email Based Attacks

• Uncovering the hidden dangers of email-based attacks - Help Net Security

• Inside a $20 Million Coinbase Phishing Ring (404media.co)

• Framework discloses data breach after accountant gets phished (bleepingcomputer.com)

• Female cyber pros group targeted in phishing scam | IT Business

Artificial Intelligence

• Hackers are deliberately "poisoning" AI systems to make them malfunction, and there's no way to defend against it | ITPro

• Adapting Security to Protect AI/ML Systems (darkreading.com)

• AI-Powered Misinformation is the World’s Biggest Short-Term Threat, Davos Report Says - Security Week

• NIST identifies AI cyber security vulnerabilities (iapp.org)

• NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week

• Why Cyber Security Is Foundational To AI Safety (forbes.com)

• FTC offers $25,000 prize for detecting AI-enabled voice cloning (bleepingcomputer.com)

• The growing challenge of cyber risk in the age of synthetic media - Help Net Security

• Securing AI systems against evasion, poisoning, and abuse - Help Net Security

• Staying One Step Ahead of Hackers When It Comes to AI | WIRED

• New AI tools spawn fears of greater 2024 election threats, survey finds - Nextgov/FCW

• AI discovers that not every fingerprint is unique (techxplore.com)

• VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)

2FA/MFA

• Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)

• Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley

Malware

• Malware Takedowns Show Progress, But Fight Against Cyber Crime Not Over - Infosecurity Magazine (infosecurity-magazine.com)

• This new macOS backdoor lets hackers take over your Mac remotely — how to stay safe | Tom's Guide (tomsguide.com)

• A new macOS backdoor could let hackers hijack your device without you knowing | TechRadar

• Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months (bleepingcomputer.com)

• North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)

• SpectralBlur: New macOS Backdoor Threat from North Korean Hackers (thehackernews.com)

• Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)

• Stuxnet: The malware that cost a billion dollars to develop? • Graham Cluley

• Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)

• Linux devices are under attack by a never-before-seen worm | Ars Technica

• Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)

• ‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)

• Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (thehackernews.com)

• Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)

Mobile

• CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)

• Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week

Internet of Things – IoT

• Russia Hacked Residential Cameras in Ukraine to Spy on Air Defence, Critical Infrastructure - Security Week

• Coming Soon to a Network Near You: More Shadow IoT - Security Week

• The Connection Between Alaska Airlines, Blown Out Windows, and IoT Security - Security Boulevard

• Surveyed drivers prefer low-tech cars over data-sharing ones • The Register

• VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)

Data Breaches/Leaks

• Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected - Security Week

• Framework discloses data breach after accountant gets phished (bleepingcomputer.com)

• Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications (securityaffairs.com)

• 2.2 billion records compromised by security incidents In Dec 2023 (itsecuritywire.com)

• Texas-based care provider HMG Healthcare says hackers stole unencrypted patient data | TechCrunch

• Midwives clinic takes nine months to deliver news of data breach (bitdefender.com)

Organised Crime & Criminal Actors

• Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’ - Security Boulevard

• 19 xDedic Cyber Crime Market Users and Admins Face Prison - Infosecurity Magazine (infosecurity-magazine.com)

• 2023 was a big year for cyber crime – here’s how we can make our systems safer | World Economic Forum (weforum.org)

• Cyber Attacks Drain $1.84bn from Web3 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)

• Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)

• Move Over, APTs: Common Cyber Criminals Begin Critical Infrastructure Targeting (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Inside a $20 Million Coinbase Phishing Ring (404media.co)

• What Is Cryptojacking, and Why Is Higher Education Being Targeted? | EdTech Magazine

• UK politician criticizes X (formerly Twitter) after account hijacked by crypto scam (therecord.media)

• X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)

• North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023 (thehackernews.com)

• Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)

• Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)

• Cryptocurrency community lost over $100 million last week (coinpaper.com)

• ‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)

• Child Abusers Are Getting Better at Using Crypto to Cover Their Tracks | WIRED

• Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks (thehackernews.com)

Insider Risk and Insider Threats

• Bribed US Navy sailor sold secrets to China for just $14k • The Register

Insurance

• How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)

• War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)

• 2024 Cyber Insurance Requirements Predictions (trendmicro.com)

Supply Chain and Third Parties

• Framework discloses data breach after accountant gets phished (bleepingcomputer.com)

• Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack  - Security Week

Cloud/SaaS

• SaaS cyber crime levels are expected to rise this year - Digital Journal

• Widening Disparities and Growing Threats Cloud Global Cyber security Outlook for 2024 > Press releases | World Economic Forum (weforum.org)

• Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears - Security Week

• Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)

Identity and Access Management

• Authentication is more complicated than ever. 4 ways to improve cyber defences for our new reality | ZDNET

Linux and Open Source

• Linux devices are under attack by a never-before-seen worm | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)

• Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley

• What is credential stuffing and how do you keep your accounts safe from it (engadget.com)

Social Media

• SEC's Twitter account hacked to say Bitcoin ETFs approved. Politicians and lawyers demand investigation into security breach (bitdefender.com)

• Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)

• Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley

• X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)

• Fake Recruiters Defraud Facebook Users via Remote Work Offers (darkreading.com)

• Sexual assault in the metaverse investigated by British police • Graham Cluley

• Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)

• UK politician criticizes X (formerly Twitter) after account hijacked by crypto scam (therecord.media)

• Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)

• Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)

• Coinbase Offers SEC Security Assistance After X Account Hack (beincrypto.com)

Malvertising

• X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)

• Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)

• Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)

Regulations, Fines and Legislation

• ICO hits hacked firm with GDPR reprimand | AccountingWEB

• US DOD’s CMMC 2.0 rules lift burdens on MSPs, manufacturers | CSO Online

• SEC Speech on Cyber Security Disclosure | Paul Hastings LLP - JDSupra

• What does the EU’s Cyber Security Regulation aim to achieve? (siliconrepublic.com)

• SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)

• SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)

• Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)

• Cyber Criminal Whistleblowers will Get Smarter - Security Boulevard

• Ofcom poaches Big Tech staff in push to enforce new internet curbs (ft.com)

• Cyber Security | UK Regulatory Outlook January 2024 - Osborne Clarke | Osborne Clarke

Models, Frameworks and Standards

• NIST Fortifies Chatbots and Self-Driving Cars Against Digital Threats - Infosecurity Magazine (infosecurity-magazine.com)

• NIST identifies AI cyber security vulnerabilities (iapp.org)

• NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week

Data Protection

• ICO hits hacked firm with GDPR reprimand | AccountingWEB

Careers, Working in Cyber and Information Security

• 68% of organizations face risks due to cyber security skills shortage | Security Magazine

Law Enforcement Action and Take Downs

• Malware Takedowns Show Progress, But Fight Against Cyber Crime Not Over - Infosecurity Magazine (infosecurity-magazine.com)

• 19 xDedic Cyber Crime Market Users and Admins Face Prison - Infosecurity Magazine (infosecurity-magazine.com)

• BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)

• Watchdog finds ‘sufficient’ cyber threat sharing at agencies, but barriers remain - Government Executive (govexec.com)

• Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• Cyber Insecurity and Misinformation Top WEF Global Risk List - Infosecurity Magazine (infosecurity-magazine.com)

• AI-Powered Misinformation is the World’s Biggest Short-Term Threat, Davos Report Says - Security Week

• Only 4% of US States Fully Prepared for Cyber Attacks Targeting Electi - Infosecurity Magazine (infosecurity-magazine.com)

• New AI tools spawn fears of greater 2024 election threats, survey finds - Nextgov/FCW

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)

• Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)

• Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week

• How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)

Nation State Actors

China

• AI is helping US spies catch stealthy Chinese hacking ops, NSA official says | CyberScoop

• Bribed US Navy sailor sold secrets to China for just $14k • The Register

• China Claims It Caught a Foreign Consultant Spying for UK’s MI6 | TIME

• Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week

• China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Security Week

Russia

• Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)

• Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week

• Russia Hacked Residential Cameras in Ukraine to Spy on Air Defence, Critical Infrastructure - Security Week

• Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)

• Military briefing: Russia has the upper hand in electronic warfare with Ukraine (ft.com)

• Russia's Sandworm blamed for Kyivstar telecom cyber attack • The Register

• Media: Ukrainian hackers hit Russian internet provider, claim they are preparing 'revenge for Kyivstar' (kyivindependent.com)

• Ukraine is on the front lines of global cyber security - Atlantic Council

Iran

• Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)

• Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)

• Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)

• Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)

• Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report - Security Week

• Investigation on Stuxnet malware triggers doubt | SC Media (scmagazine.com)

North Korea

• North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)

• North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023 (thehackernews.com)

• South Korea's technological superiority challenged by North Korea's cyber attacks - The Korea Times

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies (thehackernews.com)

• Turkish Hackers Target Microsoft SQL Servers in Americas, Europe - Security Week

• Turkish Cyber Spies Targeting Netherlands - Security Week

• Young Britons exposed to online radicalisation following Hamas attack - BBC News

• Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)

• Media: Ukrainian hackers hit Russian internet provider, claim they are preparing 'revenge for Kyivstar' (kyivindependent.com)

• Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)

• CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)

Vulnerability Management

• 82% of Companies Struggle to Manage Security Exposure - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs - Security Week

• Researchers develop technique to prevent software bugs - Help Net Security

• Best Practices for Vulnerability Scanning: When and How Often to Perform - Security Boulevard

Vulnerabilities

• Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs (bleepingcomputer.com)

• Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws (securityaffairs.com)

• Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security (darkreading.com)

• Ivanti warns of Connect Secure zero-days exploited in attacks (bleepingcomputer.com)

• Cisco Patches Critical Vulnerability in Unity Connection Product - Security Week

• This new macOS backdoor lets hackers take over your Mac remotely — how to stay safe | Tom's Guide (tomsguide.com)

• KyberSlash attacks put quantum encryption projects at risk (bleepingcomputer.com)

• QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Security Week

• CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA

• Attacks aimed at vulnerable Apache RocketMQ servers underway | SC Media (scmagazine.com)

• Flaw in AI Plugin Exposes 50,000 WordPress Sites to Remote Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Fortinet Releases Security Updates for FortiOS and FortiProxy | CISA

• Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager (thehackernews.com)

• Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week

• SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Security Week

• Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week

• CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack (thehackernews.com)

• CISA Urges Patching of Exploited SharePoint Server Vulnerability - Security Week

• Over 150k WordPress sites at takeover risk via vulnerable plugin (bleepingcomputer.com)

• SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) - Help Net Security

• Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks (thehackernews.com)

Tools and Controls

• Why Red Teams Can't Answer Defenders' Most Important Questions (darkreading.com)

• Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cyber Security - Security Week

• Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)

• APIs are increasingly becoming attractive targets - Help Net Security

• Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center

• Insufficient Internal Network Monitoring in Cyber Security - Security Boulevard

• Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)

• 4 ways data and AI tip the cyber security scales towards the defenders | World Economic Forum (weforum.org)

• How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard

• Authentication is more complicated than ever. 4 ways to improve cyber defences for our new reality | ZDNET

• Embracing offensive cyber security tactics for defence against dynamic threats - Help Net Security

• Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)

• Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)

• 2024 Cyber Insurance Requirements Predictions (trendmicro.com)

• Exposed Secrets are Everywhere. Here's How to Tackle Them (thehackernews.com)

Other News

• SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)

• SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)

• Cyber Security is the Number One Priority for the Financial Sector Again, Says Softcat | The Fintech Times

• Cyber Focused FBI Agents Deploy to Embassies Globally (darkreading.com)

• A cyber attack hit the Beirut International Airport (securityaffairs.com)

• Cyber attacks on Island ‘are mostly from Russia’ - Jersey Evening Post

• Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center

• Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)

• Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)

• XM Cyber's 2024 Survey on the State of Security Posture Reveals Remediation Efforts Falling Behind Surging Exposures (prnewswire.com)

• It’s 2024. Time to Have Attribution Standards in Cyber Space - OODA Loop

• Protecting Critical Infrastructure Means Getting Back to Basics (darkreading.com)

• 6 of the biggest threats banks faced in 2023 | American Banker

• Study reveals cyber risks to US elections | Computer Weekly

• US to hospitals: Meet security standards or no federal money • The Register

• After Barrage of Hacks, Hospitals Will Face New Federal Cyber Security Rules Tied to Funding (databreaches.net)

• Hospitals Must Treat Patient Data and Health With Equal Care (darkreading.com)

• Softcat reveals cyber security is top IT priority for the retail sector in 2024 | Retail Technology Review

• Cyber Security Risk Mitigation for Law Firms in 2024 | US Legal Support - JDSupra

• Cyber security challenges escalate for renewable energy amidst geopolitical crises - NS Energy (nsenergybusiness.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.