Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable

The best defence against a ransomware attack is assuming it will happen before it does.  Research by Visa Inc found that ransomware continues to rapidly rise. One of the main factors is the use of AI services to mass produce highly personalised and plausible emails. The second is the proliferation of highly professional do-it-yourself ransomware kits, which frequently come with 24/7 tech support. These two factors drastically lower the skill level required for cyber criminals to successfully pull off an attack.

Another new ransomware trend is “dual ransomware attacks”. This is where criminals carry out two or more attacks in close proximity of each other, ranging between 48 hours to a maximum of 10 days. With an 80% chance of re-attack, small and medium sized businesses in hard-hit industries including healthcare and manufacturing are primary targets; organisations must be extra vigilant as the holidays approach because this is when cyber criminals are most likely to attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Venture Beat] [SC Media] [Help Net Security] [Infosecurity Magazine] [Help Net Security] [Tech Crunch]

Are You and Your Clients Soft Targets?

Cyber attacks are not a matter of "if" but "when," and the question you need to ask yourself is, ‘Are you a soft target?’. A soft target is a network or organisation that is relatively unprotected or vulnerable to cyber attacks.

You may feel confident in your ability to recover from an attack, but if you've never thoroughly tested your backup and recovery procedures, and when the time comes you find that it does not work, the result will leave you more likely to pay a ransom in an encryption based ransomware scenario. Reliance on legacy antivirus, which often fails to detect modern threats, can also render your network a soft target. Additionally, the absence of a rigorous vulnerability scanning and patching process leaves vulnerabilities undiscovered, and attackers are quick to exploit them. If you rely solely on prevention measures like firewalls and endpoint protection platforms, you are making yourself an appealing soft target for cyber criminals.

No organisation is entirely immune to cyber attacks. The key to defending you and your client's information effectively is to anticipate attacks, understand your security posture, recognise potential adversaries, and recover correctly in the event of an attack.

Source: [MSSP Alert]

Cyber Attacks Cause Revenue Losses in 42% of Small Businesses

Small businesses may be discouraged from investing in preventive cyber security measures due to the expense involved and the mistaken belief that only larger companies are the target of cyber crimes. However, according to a recent report nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information. The report found that employee and customer data continue to be the most impacted categories of information in data breaches with 42% of small businesses losing revenue due to a cyber event.

The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses, with malware, phishing and botnets being the most common threats. Daily malware activity has doubled year over year, and peaks in holiday seasons.

Sources: [Help Net Security] [Security Magazine] [Help Net Security] [JDSupra]

Executives May be The Biggest Risk to Your Business as One in Five Share Work Passwords Outside the Company

According to a recent report, nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do. The research reported one in five sharing their work password with someone outside the company, 77% using easy-to-remember passwords including birth dates, and a third admitting to accessing unauthorised files and data with nearly two-thirds having the ability to edit those files/data.

Additionally, the C-suite was found to be more than three times as likely than regular users to share work devices with unauthorised users. An essential approach to reducing the risks is a tailored training programme that enables all users, including the C-suite, to understand the objective of security controls and the risks caused by bypassing them. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.

Sources: [Infosecurity Magazine] [Tech Radar] [Security Magazine] [Help Net Security]

Organisations Can Only Stop 57 Percent of Cyber Attacks

According to a report from Tenable, over the last two years, the average organisation's cyber security program was prepared to preventatively defend against, or block, just 57 percent of the cyber attacks it encountered. The report found that 58% of respondents focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. This is put down largely to a struggle to obtain an accurate picture of their attack surface. When it came to risks, 75% viewed cloud infrastructure as the greatest source of exposure risk in their organisation.

Source: [Beta News]

Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT

Generative AI has revolutionised many aspects of life, offering new opportunities that have also greatly benefited malicious actors. A report has found that since the launch of ChatGPT, phishing attacks have increased by 1,265%. A separate report found that many businesses remain unprepared for the impact of AI, with just 16% of respondents satisfied in their organisation’s understanding of these AI tools.

Sources: [Decrypt] [Infosecurity Magazine] [Emerging Risks]

Business Email Compromise is Most Common Entry Point for Cyber Attack

According to cyber insurance provider Hiscox, almost half of UK businesses have experienced a cyber attack in the last year, an increase of 9% from the previous year. Business email compromise was recorded as the most common point of entry, mentioned by 35% of companies who suffered an attack.

The report found that 20% of attacked organisations received a ransomware demand, slightly up from 19% the previous year. The proportion paying the ransom fell from 66% to 63%, but the median ransom rose 13%.

Sources: [Hiscox] [Digital Journal]

US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures

The US Securities and Exchange Commission (SEC) announced plans to charge a Chief Information Security Officer (CISO) with fraud for their role in allegedly lying to investors, overstating cyber security practices, and understating or failing to disclose known risks. A key piece of evidence presented by the SEC involved a presentation that was shared with the CISO, detailing a lack of security in the CISO employer’s setup. The presentation highlighted how exploitation could lead to major reputational and financial loss.

The case represents a larger shift in the dynamics and corporate reporting of security issues and within this, lies the professionalism of the CISO role. It is likely that this incident could become the start of something larger.

Sources: [The Record] [Security Week ] [Forbes]

Companies Scramble to Integrate Immediate Recovery into Ransomware Plans

A survey found that 66% of companies are reevaluating their data protection and cyber resilience strategies. Despite this, 35% are not prioritising recovery and only half (56.6%) focused on both recovery and prevention.

Whilst it is important to prevent attacks, nothing is 100% secure and organisations need to ensure that their ransomware plans include recovery as a part of this. If, or when, you experience an attack, you will not want to improvise your recovery.

Source: [Help Net Security]

Your End-Users are Reusing Passwords: That’s a Big Problem

Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until it turns up in the form of hackers using compromised credentials as an initial access vector. A recent survey revealed that 53% of people admit to reusing passwords, making it easier for attackers to gain access to multiple applications with a single compromised password.

While it is difficult for organisations to maintain visibility over who is reusing passwords, especially if employees are reusing passwords outside of the organisation, there are still ways to combat this. Implementing tools that can check for compromised passwords, using multi-factor authentication and ensuring all employees carry out cyber security and awareness training are a few methods to help combat password re-use.

Source: [Bleeping Computer]

Cyber Workforce Demand is Outpacing Supply

A study by ISC2 stated that we would need to double the cyber workforce to adequately protect organisations and their critical assets. The study found that the gap between the demand and supply grew 12.6%. For organisations, this can mean a struggle in hiring cyber expertise.

To address the challenge of attracting and retaining quality senior security professionals, Black Arrow offers a fractional CISO service that gives flexible access to a whole team of specialists with wide expertise, experience and backgrounds in technology, governance and transformation, for less than the cost of hiring one individual.

Source: [Cyber Scoop]

What the Boardroom Is Missing: CISOs

According to a new study only 12% of S&P 500 companies have board directors with relevant cyber credentials, highlighting a major gap in expertise needed to keep organisations secure. As most organisations shift to digital and cloud-first strategies, businesses of all shapes and sizes must protect their assets. Unfortunately, there's a considerable gap between security leaders and the board directors responsible for managing businesses. A recent Harvard Business Review survey revealed just 47% regularly interact with their company's Chief Information Security Officer (CISO). That's a severe knowledge gap for a company's security and business leaders.

Introducing CISOs to the boardroom is not just about compliance, it's also about ensuring transparency and accountability. CISOs are already building security programs from the ground up. They provide business compliance, hire the right people, and find the right technology to supplement their team's efforts. Security posture is critical to an enterprise's future success, and having a CISO on the board that speaks the language can help a board understand if their business is making suitable security investments.

Source: [Dark Reading]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek

• SolarWinds Is A Game Changer - You Cannot Sugarcoat Cyber security (forbes.com)

• Part of an executive team? You might be the biggest security risk to your business | TechRadar

• One in five executives have shared work passwords outside the company | Security Magazine

• Half of Execs Request Security Bypass Over Past Year - Infosecurity Magazine (infosecurity-magazine.com)

• Organisations can only stop 57 percent of cyber attacks (betanews.com)

• Cyber attacks cause revenue losses in 42% of small businesses - Help Net Security

• Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger

• Only 1 in 5 Business Leaders 'Extremely Prepared' to Manage Cyber security Threats at Workplace: Survey Report, Business News - AsiaOne

• 'Are we adversary aligned?' is the new 'Are we secure?' (betanews.com)

• Cyber security habits and behaviours executives need to be aware of - Help Net Security

• The hidden costs of data breaches for small businesses - Help Net Security

• Cyber workforce demand is outpacing supply, survey finds | CyberScoop

• How Do We Truly Make Security 'Everyone's Responsibility'? (darkreading.com)

• Why lack of training can put cyber security at risk [Q&A] (betanews.com)

• Cyber security Awareness Month Series: Cyber security is Important for Small Business Too. | Jackson Lewis P.C. - JDSupra

• Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)

• Are startups underestimating their cyber vulnerability? | Insurance Business America (insurancebusinessmag.com)

• The CISO’s toolkit must include political capital within the C-suite | CSO Online

• Do You Really Need a CISO? (securityintelligence.com)

• CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)

• What the Boardroom Is Missing: CISOs (darkreading.com)

• Is it time to merge your fraud and cyber teams? - Raconteur

• OODA Loop - Deciphering the CISO Accountability Landscape: A Comparative Analysis with the AML Officer's Evolution

• Why there’s no one-size-fits all solution to security maturity | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Never Sleeps - But It Strikes Whilst You Do - Infosecurity Magazine (infosecurity-magazine.com)

• Ransom Groups Threaten Physical Violence as Social Engineering Tactic (darkreading.com)

• Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security

• Surviving a ransomware attack begins by acknowledging it's inevitable | VentureBeat

• Mass exploitation of CitrixBleed vulnerability, including a ransomware group | by Kevin Beaumont | Oct, 2023 | DoublePulsar

• The dangers of dual ransomware attacks - Help Net Security

• Do government sanctions against ransomware groups work? | TechCrunch

• Why rookie hackers are capitalizing on ransomware | SC Media (scmagazine.com)

• Experts Reconsider Banning Ransom Payments as Ransomware Attacks Surge (pymnts.com)

• Why ransomware victims can’t stop paying off hackers | TechCrunch

• Key Learnings from “Big Game” Ransomware Campaigns - SecurityWeek

• New Hunters International ransomware possible rebrand of Hive (bleepingcomputer.com)

• SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)

• One of the most dangerous ransomware kits around might have just gotten a rebrand | TechRadar

• Forty Countries Agree Not to Pay Cyber crime Ransoms - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks set to break records in 2023 - Help Net Security

• Know When and How to Stop Ransomware Attacks (finextra.com)

• HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)

• Data Encrypted in 75% of Ransomware Attacks on Healthcare Organisation - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Victims

• Boeing Confirms Cyber Attack, System Compromise (darkreading.com)

• CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch

• Stanford University investigating security incident • The Register

• Clop group obtained access to the email addresses of about 632,000 US federal employees (securityaffairs.com)

• Massive ransomware attack hinders services in 70 German municipalities (therecord.media)

• Medical research exec hit in SIM-swap attack by Alphv gang • The Register

• Caesars Hackers Accessed Customer Data; Costs to Be Determined (bloomberglaw.com)

• Mortgage and loan giant Mr. Cooper blames cyber attack for ongoing outage | TechCrunch

• Ransomware attack shuts down Central Florida radiology imager sites (wmfe.org)

• British, Toronto Libraries Struggle After Cyber Incidents (darkreading.com)

• Ace Hardware says 1,202 devices were hit during cyber attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• Report Links ChatGPT to 1,265% Rise in Phishing Emails - Infosecurity Magazine (infosecurity-magazine.com)

• McAfee Celebrity Hot List 2023 - gHacks Tech News

• Phishing Scams, Bad Actors Bedevil Military Mass Tort Settlements (bloomberglaw.com)

Artificial Intelligence

• Email Phishing Attacks Up 1,265% Since ChatGPT Launched: SlashNext - Decrypt

• AI poses new cyber threats with many businesses unprepared (emergingrisks.co.uk)

• AI is making cyber attacks even smarter and more dangerous | TechRadar

• The People Hacker: AI a Game-Changer in Social Engineering Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Risk managers beware – generative AI spells serious concerns for security | Insurance Business America (insurancebusinessmag.com)

• 28 Countries Sign Bletchley Declaration on Responsible AI - Infosecurity Magazine (infosecurity-magazine.com)

• Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)

• UK AI Safety Summit is targeting evil sentience, but there are bigger problems to solve | Tom's Guide

• AI Safety Summit: OWASP Urges Governments to Agree on AI Standards - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprise AI applications are threatening security | TechRadar

• What Lurks in the Dark: Taking Aim at Shadow AI (darkreading.com)

• ChatGPT, Bard, lack effective defences against fraudsters, Which? warns | Computer Weekly

• Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger

• The future of AIs fighting AIs is already here - POLITICO

• AI promises incredible benefits, but also terrible risks. It’s not luddism to rein it in | Sonia Sodha | The Guardian

Malware

• Over a million Windows and Linux systems infected by this tricky new malware | TechRadar

• DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)

• Daily malware activity doubled year over year for small businesses | Security Magazine

• Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)

• Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)

• Windows PCs are being targeted with a nasty new malware - here's what you need to know | TechRadar

• Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware (thehackernews.com)

• These Seemingly Innocent Search Terms Could Lead Kids to Malware-Filled Websites (pcmag.com)

• Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks (darkreading.com)

• Arid Viper Camouflages Malware in Knockoff Dating App (darkreading.com)

• Scarred Manticore Targets Middle East With Advanced Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Ghostpulse Malware Targets Windows PCs With Fake App Installers (pcmag.com)

• Latest RAT attack surge bypasses Microsoft's XLL block • The Register

• Mozi malware botnet goes dark after mysterious use of kill-switch (bleepingcomputer.com)

• Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek

• Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection (thehackernews.com)

Mobile

• 16 more infected Android apps you need to delete ASAP (bgr.com)

• iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld

• Android 14’s user-profile data bug seems indistinguishable from ransomware | Ars Technica

• New banking scams delivered instantly via WhatsApp - F-Secure Blog

• Every day, half a million malware apps are created for scamming. Who’s behind them? - CNA (channelnewsasia.com)

• Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware | PCMag

• Google One data breach: Dark web report at your hand - gHacks Tech News

• SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register

• SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)

• Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)

Denial of Service/DoS/DDOS

• DDoS attacks are getting bigger and more powerful, and that's a really bad thing | TechRadar

• Why Does "Anonymous" Launch DDoS Cyber Attacks? (makeuseof.com)

Internet of Things – IoT

• IoT's convenience comes with cyber security challenges - Help Net Security

• RCE exploit for Wyze Cam v3 publicly released, patch now (bleepingcomputer.com)

Data Breaches/Leaks

• CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch

• Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)

• ServiceNow Data Exposure: A Wake-Up Call for Companies (thehackernews.com)

• LastPass breach linked to theft of $4.4 million in crypto (bleepingcomputer.com)

• Public exposure of data breaches is becoming inevitable – Help Net Security

• Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)

• Seiged Sec Breach Top Israeli Telecom, Leak Customers Data (dailydot.com)

Organised Crime & Criminal Actors

• ‘Prolific Puma’ Hacker Gives Cyber criminals Access to .us Domains (darkreading.com)

• Two Russians indicted for hacking JFK taxi dispatch system • The Register

• How cyber criminals adapt and thrive amidst changing consumer trends – Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto thief steals $4.4M in a day as toll rises from LastPass breach (cointelegraph.com)

• UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)

• Sam Bankman-Fried found guilty of defrauding FTX customers out of billions | Sam Bankman-Fried | The Guardian

Insider Risk and Insider Threats

• How human behaviour research informs security strategies - Help Net Security

Insurance

• The rise of the cyber security insurance market | CSO Online

• Cyber insurance: why it pays to be responsible | TechRadar

Supply Chain and Third Parties

• N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (thehackernews.com)

• North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)

• Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)

Cloud/SaaS

• Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cyber securitynews.com)

• Cryptojackers steal AWS credentials from GitHub in 5 minutes • The Register

• Microsoft is Getting Serious About Security. Again. - Thurrott.com

• Microsoft is overhauling its software security after major Azure cloud attacks - The Verge

Identity and Access Management

• Identity-based security threats are growing rapidly: report | CSO Online

Encryption

• UK Banks Warn Quantum Will Imperil Entire Payment System - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Your end-users are reusing passwords – that’s a big problem (bleepingcomputer.com)

• One in five executives have shared work passwords outside the company | Security Magazine

• Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cybersecuritynews.com)

• Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)

Social Media

• DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)

• Russian hacking tool floods social networks with bots, researchers say (therecord.media)

Malvertising

• Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)

Training, Education and Awareness

• Finding the right approach to security awareness - Help Net Security

• Why lack of training can put cyber security at risk [Q&A] (betanews.com)

Regulations, Fines and Legislation

• FTC orders non-bank financial firms to report breaches in 30 days (bleepingcomputer.com)

• SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek

• Why The SEC Cyber Security Disclosure Rules Will Improve Cybersecurity (forbes.com)

• The UK Online Safety Bill Becomes Law, What Does It Mean? | Hackaday

• Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)

• Setting the standard for cyber security across the EU | Business Post

Models, Frameworks and Standards

• Top 12 IT security frameworks and standards explained | TechTarget

• MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile  - SecurityWeek

Careers, Working in Cyber and Information Security

• UK cyber skills gap grows 29% despite record hiring (computing.co.uk)

• Cyber workforce demand is outpacing supply, survey finds | CyberScoop

• Cyber security workforce shortages: 67% report people deficits - Help Net Security

• CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)

• What the Boardroom Is Missing: CISOs (darkreading.com)

Law Enforcement Action and Take Downs

• Pirate IPTV network in Austria dismantled and $1.74 million seized (bleepingcomputer.com)

• SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register

• UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

• Cyber War: Power, Prestige, International Governance, and Strategy in the Age of Global Polycrisis

Geopolitical Threats/Activity

• Hacktivist Activity Related to Gaza Conflict Dwindles (darkreading.com)

• New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (bleepingcomputer.com)

• Scarred Manticore Targets Middle East With Advanced Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)

China

• Spies and Lies: China’s Cyber Espionage Is on an Unprecedented Level | Mind Matters

• Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop

Russia

• Boeing. ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia - The Messenger

• IT Army of Ukraine disrupted internet providers in territories occupied by Russia (securityaffairs.com)

• Russian hacking tool floods social networks with bots, researchers say (therecord.media)

• Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor - Infosecurity Magazine (infosecurity-magazine.com)

• FSB arrests Russian hackers working for Ukrainian cyber forces (bleepingcomputer.com)

• Russia to launch its own version of VirusTotal due to US snooping fears (therecord.media)

• A Ukrainian Company Shares Lessons in Wartime Resilience (darkreading.com)

• Two Russians indicted for hacking JFK taxi dispatch system • The Register

Iran

• Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)

• Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek

• In Cyber attacks, Iran Shows Signs of Improved Hacking Capabilities - The New York Times (nytimes.com)

• New Iranian state-sponsored hacking campaign uncovered - SiliconANGLE

• FBI Director Warns of Increased Iranian Attacks (darkreading.com)

• Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign (thehackernews.com)

• 'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet (darkreading.com)

North Korea

• North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)

• Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)

• North Korean Hackers Target macOS Crypto Engineers With Kandykorn - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)

• 20 Years Later, Is Patch Tuesday Enough? (darkreading.com)

• CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (scmagazine.com)

• Vulnerability management metrics: How to measure success - Help Net Security

• From Windows 9x to 11: Tracing Microsoft's security evolution - Help Net Security

• It's Cheap to Exploit Software — and That's a Major Security Problem (darkreading.com)

Vulnerabilities

• Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (bleepingcomputer.com)

• F5 fixes BIG-IP auth bypass allowing remote code execution attacks (bleepingcomputer.com)

• Mass exploitation of CitrixBleed vulnerability, including a ransomware group | by Kevin Beaumont | Oct, 2023 | DoublePulsar

• Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (bleepingcomputer.com)

• Cisco Patches 27 Vulnerabilities in Network Security Products - SecurityWeek

• Chrome 119 Patches 15 Vulnerabilities - SecurityWeek

• Atlassian warns users: patch critical Confluence flaw ASAP • The Register

• Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (thehackernews.com)

• Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (thehackernews.com)

• D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges (gbhackers.com)

• 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (bleepingcomputer.com)

• More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library (darkreading.com)

• No patches yet for Apple iLeakage side-channel attack | TechTarget

• HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)

• iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld

Tools and Controls

• Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security

• Vulnerability management metrics: How to measure success - Help Net Security

• 6 steps to accelerate cyber security incident response | SC Media (scmagazine.com)

• Ethical hackers are helping more and more business stay safe | TechRadar

• Getting Smart With Cyber security: AI Can Help the Good Guys, Too (darkreading.com)

• Massive cyber crime URL shortening service uncovered via DNS data (bleepingcomputer.com)

• The state of API security in 2023 | InfoWorld

• Is There a Silver Bullet in Threat Detection? | MSSP Alert

• Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger

• Defence in depth: Layering your security coverage (securityintelligence.com)

• Finding the right approach to security awareness - Help Net Security

• Is state intervention needed for cyber insurance? (ft.com)

• CISA Announces New Release of Logging Made Easy | CISA

• Security Advice For Virtualization: Protecting Information And Programs (informationsecuritybuzz.com)

• Mainframes are around to stay, it’s time to protect them - Help Net Security

• Responsible Cyber Operations: From Theory to Reality - Infosecurity Magazine (infosecurity-magazine.com)

Reports Published in the Last Week

Cyber Readiness Report 2023 UK - Hiscox

Other News

• Are You and Your Clients Soft Targets? | MSSP Alert

• Four Under-The-Radar Security Risks That Can Endanger Your Business (forbes.com)

• ING CISO says data sharing is key to financial cyber security (finextra.com)

• Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)

• F5 Labs Report Reveals Rise in Malicious Automation | The Fintech Times

• Microsoft Vows to Revamp Security Products After Repeated Hacks - Bloomberg

• Microsoft launches Secure Future Initiative to bolster security | TechTarget

• The 5 Cs of effective cyber defence: Beyond traditional technical skills | SC Media (scmagazine.com)

• 9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month (darkreading.com)

• How governments can keep data secure in a digital age - New Statesman

• Are startups underestimating their cyber vulnerability? | Insurance Business America (insurancebusinessmag.com)

• Preventing and preparing for law firm cyber security attacks is fundamental to success | Casetext - JDSupra

• Cyber security insights for secure manufacturing - Aerospace Manufacturing and Design

• Demystifying the top five OT security myths | Computer Weekly

• 20 scary cyber security facts and figures for a haunting Halloween (welivesecurity.com)

• Construction among industries most at risk from cyber attacks, insurer warns | News | Building

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year

A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.

In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.

Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.

Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]

The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation

In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.

Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.

Source: [News Week] [Beta News]

Ransomware Infection Times Fall from 5 Days to 5 Hours

The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.

This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.

The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.

Sources: [Cision] [PC Mag] [Security Magazine]

80% of Security Leaders See AI as the Biggest Threat to Business

A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.

In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.

With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.

Sources: [Diginomica] [Infosecurity Magazine]

Is Your Board Cyber-Ready?

With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.

Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.

Sources: [Harvard.edu] [JDSupra]

Cyber Security Should Be a Business Priority for CEOs

A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.

Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.

Source: [HelpNet Security]

The Looming Threat of a Single Phishing Click to Your Business

A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.

Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CMS-lawnow]

40% of Organisations Leave Ransomware to IT

A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.

By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [MSSP Alert]

Auditors’ Growing Concern About Cyber Security

The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.

Source: [Accounting Today]

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.

Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.

Source: [Dark Reading]

Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone

The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.

It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.

Sources: [Bleeping Computer] [Infosecurity Magazine]

Organisations Grapple with Detection and Response Despite Rising Security Budgets

A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.

The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.

Source: [CSO Online]

Governance, Risk and Compliance

• Half of CISOs Now Report to CEO as Influence Grows - Infosecurity Magazine (infosecurity-magazine.com)

• Auditors more worried about cyber security than AI risks | Accounting Today

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• CEOs concerned about organisations’ ability to avert cyber attacks, despite understanding their impact: Report - The Hindu

• Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar

• Warning as more businesses fall victim to cyber attacks | Insurance Times

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)

• 90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)

• The world was already horrifying — technology is making it more so - The Hustle

• State of Cyber Awareness in the Boardroom (harvard.edu)

• What The Board Needs To Know: Cyber Attack Costs - WSJ

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Is Your Board Cyber-Ready? Leadership Steps to Support Corporate Cyber Security | Jackson Lewis P.C. - JDSupra

• Cyber security should be a business priority for CEOs - Help Net Security

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• The undeniable benefits of making cyber resiliency the new standard | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• Cyber insurance costs pressure business budgets - Help Net Security

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023

• New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)

• Should businesses follow Google’s footsteps in cyber security? | TechRadar

• Cyber security is booming but it comes at a human cost (betanews.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)

• 6 steps to getting the board on board with your cyber security program (welivesecurity.com)

Threats

Ransomware, Extortion and Destructive Attacks

• First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine

• Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber criminals can go from click to compromise in less than a day - Help Net Security

• Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)

• Almost 60% Of Businesses Are 'Very' To 'Extremely' Concerned About Ransomware Attacks - Hornetsecurity Annual Ransomware Survey (Prnewswire.Com)

• Ransomwared health insurer wasn't using anti-virus software • The Register

• Everest searching for corporate insiders amid rare pivot • The Register

• HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)

• How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)

Ransomware Victims

• MGM Suffers $100mn loss following cyber attack, hopes insurance cover will be sufficient (insuranceinsider.com)

• Cyber attack victim Estes making ‘steady progress’ - FreightWaves

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Ransomwared health insurer wasn't using anti-virus software • The Register

• BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)

• Ransomware group starts leaking data allegedly from NJ cardiology consultants group (databreaches.net)

Phishing & Email Based Attacks

• The looming threat of a single phishing click to your business (cms-lawnow.com)

• Hackers are using AI for phishing | Windows Central

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Phishing, the campaigns that are affecting Italy (securityaffairs.com)

BEC – Business Email Compromise

• What is business email compromise (BEC)? | ITPro

Other Social Engineering; Smishing, Vishing, etc

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Artificial Intelligence

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• 'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)

• Cyber security pros predict rise of malicious AI - Help Net Security

• Downing Street trying to agree statement about AI risks with world leaders | Artificial intelligence (AI) | The Guardian

• Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Hackers are using AI for phishing | Windows Central

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

• US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)

• Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)

• How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)

2FA/MFA

• Account Hacking Over Starlink Sparks Calls For Two-Factor Authentication (pcmag.com)

Malware

• Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)

• Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)

• How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)

• Endpoint malware attacks decline as campaigns spread wider - Help Net Security

Mobile

• Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)

• Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)

• 5 quick tips to strengthen your Android phone security today | ZDNET

Botnets

• Mirai DDoS malware botnet variant expands targets with 13 router exploits (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)

• Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert

Internet of Things – IoT

• Connected vehicles can be at risk of hacking, consumer awareness paramount: experts - Victoria Times Colonist

• Automotive cyber security: A decade of progress and challenges - Help Net Security

• Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

• Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week

• Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)

Data Breaches/Leaks

• 3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)

• US Smashes Annual Data Breach Record With Three Months Left - Infosecurity Magazine (infosecurity-magazine.com)

• 23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)

• Hackers compile database of people of Jewish descent using stolen 23andMe user data - Washington Times

• DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)

• Lyca Mobile says customer data was stolen during cyber attack | TechCrunch

• Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Air Europa customers urged to cancel cards following hack on payment system (therecord.media)

• Dymocks breach happened while changing providers | Information Age | ACS

• 88% of Hospitals And Other Health-Care Organisations Faced Cyber Attacks Last Year (databreaches.net)

• Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The cyber villains are getting bolder. Businesses need to up their game - Raconteur

• Minister:  ‘Cyber criminals are often in uncooperative jurisdictions – making international collaboration essential’ – PublicTechnology

• Protecting your business against the cyber criminal enterprise (techuk.org)

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

Insider Risk and Insider Threats

• Everest searching for corporate insiders amid rare pivot • The Register

• Time to safeguard the financial sector? Navigating employee turnover to defend against cyber attacks - Digital Journal

• Former US soldier accused of trying to pass secrets to China • The Register

• The Mind of the Inside Attacker (informationweek.com)

• Understanding the human factor of digital safety | TechRadar

Fraud, Scams & Financial Crime

• Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media

• Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• UK users of illicit streaming services warned of risk of fraud or police visit | TV streaming | The Guardian

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• Never click on bank-draining words if message pops up, expert warns (ladbible.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Deepfakes

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

AML/CFT/Sanctions

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

Insurance

• Cyber insurance costs pressure business budgets - Help Net Security

• Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News

• Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)

Supply Chain and Third Parties

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• Cyber attack hits electronics firm Volex (cityam.com)

Software Supply Chain

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

Cloud/SaaS

• The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)

• Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology

• Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits (thehackernews.com)

• Securely Moving Financial Services to the Cloud (darkreading.com)

Identity and Access Management

• Why identity infrastructure is the new cyber attack surface (siliconrepublic.com)

Encryption

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

API

• You can't avoid APIs, so you need to secure them (betanews.com)

Open Source and Linux

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

• US Government Issues Open-Source Security Guidance for Critical Infras - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA publishes top 10 most common security misconfigurations • The Register

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

Social Media

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)

• What should you do if your Facebook is hacked? (pocket-lint.com)

Parental Controls and Child Safety

• New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise (thehackernews.com)

Regulations, Fines and Legislation

• SEC Adopts New and Burdensome Cyber Cecurity Disclosure Rules | Kohrman Jackson & Krantz LLP - JDSupra

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

Models, Frameworks and Standards

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

Data Protection

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

Careers, Working in Cyber and Information Security

• Work-related stress “keeps cyber professionals up at night” | ITPro

• Fifth of UK Cyber Security Pros Work Excessive Hours - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security is booming but it comes at a human cost (betanews.com)

• eBook: Cyber security career hacks for newcomers - Help Net Security

• Turning military veterans into cyber security experts - Help Net Security

• CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week

• Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)

Law Enforcement Action and Take Downs

• European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State/Cyber Warfare

• Cyber Attacks Targeting Israel Are on the Rise After Hamas Attack | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

• Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)

• Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week

• Israel Cyber Attacks: What MSSPs Need to Know | MSSP Alert

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

• The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cyber crime. (thecyberwire.com)

• Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)

• The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

Russia

• Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)

• Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)

• Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba

• Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

China

• A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)

• Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)

• Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Former US soldier accused of trying to pass secrets to China • The Register

• Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants (thehackernews.com)

Iran

• Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)

North Korea

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• North Korea's State-Sponsored APTs Organise & Align (darkreading.com)

Vulnerability Management

• Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)

• Microsoft Patch Tuesday turns 20 • The Register

• Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert

Vulnerabilities

• Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws (securityaffairs.com)

• Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)

• Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week

• Google Chrome 118 is a massive security update - gHacks Tech News

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)

• WhatsApp exploits commanding multi-million prices (computing.co.uk)

• High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)

• Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week

• Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)

• Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica

• New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)

• libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)

• D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• Apple releases iOS 16.7.1 to plug critical security holes | Macworld

• The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• 35 Squid proxy bugs still unpatched after 2 years • The Register

• Fortinet Releases Security Updates for Multiple Products | CISA

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

Tools and Controls

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

• 16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)

• A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)

• You can't avoid APIs, so you need to secure them (betanews.com)

• What is External Attack Surface Management (EASM)? | UpGuard

• Why You Should Phish In Your Own (informationsecuritybuzz.com)

• Why zero trust delivers even more resilience than you think - Help Net Security

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

• Unmasking the limitations of yearly penetration tests - Help Net Security

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Keep on keeping your organisation informed to stay cyber secure (techuk.org)

• Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)

Reports Published in the Last Week

• Global Incident Response Threat Report (vmware.com)

Other News

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Large law firms experiencing two 'cyber incidents' a month - Legal Futures

• Small businesses growing target for cyber criminals (planetradio.co.uk)

• The world was already horrifying — technology is making it more so - The Hustle

• Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)

• Subsea cable business seeks to plug its security holes (lightreading.com)

• Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)

• Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)

• Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star

• Proactive not reactive: adjusting the approach to cyber crime in education

• Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)

• As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security

• Social care and cyber-crime - Social care (blog.gov.uk)

• Electric Power System Cyber Security Vulnerabilities (trendmicro.com)

• Cable Giant Volex Targeted in Cyber Attack - Security Week

• Securing the Food Pipeline from Cyber Attacks (newswise.com)

• US construction giant reports cyber security incident • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• How to Keep Cyber Attacks from Tanking Your Balance Sheet

According to a recent Forrester report, last year saw 1 billion records exposed in the top 35 breaches, $2.6 billion stolen in the top nine cryptocurrency breaches, and $2.7 billion in fines levied to the top 35 violators.

The average cost of a data breach reached $4.35 million in 2022, according to IBM’s Cost of a Data Breach Report for that year, which represents a 2.6% increase over the prior year, and a 12.7% increase from 2020. For ransomware, a report found the average payment in 2021 was approximately $1.85 million, more than double the $760,000 figure from 2020. These are just direct costs; indirect costs are far greater and can include lost business, lost customers, reputational loss and regulatory fines.

When it comes to managing cyber risk, corporate boards should look to understand cyber security as a strategic business enabler, understand the impacts, align risk-management with business needs, ensure the organisation supports cyber security, incorporate cyber security expertise into governance and encourage systemic resilience.

https://hbr.org/2023/06/how-to-keep-cyberattacks-from-tanking-your-balance-sheet

• Company Size Doesn’t Matter When It Comes to Cyber Attacks

65% of large organisations suffered a cyber attack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to a recent report. The most common security incidents were the same for all companies; these were phishing, ransomware and user account compromise, also known as business email compromise (BEC).

Smaller companies often underestimate their risk, with the reasoning that cyber criminals want the biggest targets as they will likely have more intellectual property, however all businesses have valuable data and are therefore a target. Additionally, smaller organisations can sometimes be seen as a way into larger organisations that use their services.

https://www.helpnetsecurity.com/2023/05/29/larger-organizations-cyberattacks/

• ‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief

The threat of cyber attacks is growing at an “unprecedented” pace, according to the chief security officer at multinational teleco BT, Howard Watson, but it is not just large organisations such as BT who will be impacted by this increase.

Watson highlighted that the increase in sophisticated technology poses the biggest threat in the long run: “Technological advancement, as ever, is a double-edged sword in security. Quantum and AI have great potential for benefits in the right hands, or to cause massive damage in the wrong hands. But we know that cyber criminals will utilise these technologies, so we have to be able to respond in kind.”  Adding to this, the chief security officer highlighted that events that were previously considered as ‘exceptional’ need to be assessed and planned for as a probability, rather than a possibility.

https://www.thetimes.co.uk/article/exceptional-cyberattacks-now-normal-says-bt-security-chief-nd2kfp3gc

• How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs

Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers who collected data from over 200,000 SMB customers. Proofpoint identified a rise in phishing campaigns originating from such state-sponsored APT groups, who are highly skilled and typically state-sponsored groups with distinct strategic goals. These goals range from espionage and intellectual property theft to destructive attacks, state-sponsored financial theft, and disinformation campaigns.

Unfortunately, SMBs often lack adequate cyber security measures, making them vulnerable to all kinds of cyber threats. APT actors exploit this weakness by targeting SMBs as a stepping stone towards achieving their larger goals.

Alongside phishing campaigns, it was identified that APTs are increasingly targeting regional outsourced IT providers/Managed Service Providers (MSPs) to mount supply chain attacks. By compromising regional MSPs within geographies that align with the strategic collection requirements of APT actors, threat actors can gain access to multiple SMBs to extract sensitive information or execute further attacks.

https://www.helpnetsecurity.com/2023/05/31/apt-targeting-smbs/

• Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection

According to research, 2022 saw a 25% increase in the use of phishing kits. These phishing kits are a set of tools that enable cyber criminals to effortlessly create and maintain large scale sophisticated phishing campaigns. It is this sophistication that allows cyber criminals to circumnavigate conventional detections; in fact, the research found a 40% increase in the use of anti-bot technologies designed to prevent automated scanners from identifying content as phishing.

In some cases (11% of observed phishing kits) malicious links would not be detected when tested by anti-phishing controls because those controls do not use the exact device parameters, geolocation and referrer of the intended target victim’s profile; therefore the malicious link is allowed to be delivered to the intended target.

https://www.helpnetsecurity.com/2023/06/01/advanced-detection-evasion-techniques/

• Don't be Polite When you Get a Text from a Wrong Number

You should immediately be suspicious of any text you get from a number not in your contacts, even if it may be innocent looking. Your first reaction may be to be polite and let them know they have the wrong number, but this person is a stranger. Strangely, despite teaching our children not to talk to strangers, many are comfortable with divulging information to them. Although letting them know they made a mistake seems harmless, responding opens you up to being scammed and you’ve just let them know you’re a real person. Every bit of helpful information you provide has the potential to be leveraged by an attacker.

https://www.kens5.com/article/money/consumer/wrong-number-text-messages/273-c94cd68b-6117-4add-bf16-e010f7e16726

• Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches

90 organisations have reported breaches of personal information held by Capita after the outsourcing group had suffered a cyber attack, according to Britain’s data watchdog. The attack on Capita, which occurred in March, is still impacting businesses, with the UK Information Commissioners Office (ICO) making enquiries. Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach.

The impact of the attack, and its knock-on effect, highlights the need for organisations to consider their third party security, no matter the size of the third party they use.

https://www.theguardian.com/business/2023/may/30/capita-cyber-attack-data-breaches-ico

• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

A recent survey from McAfee found that nearly a third (30%) of adults have fallen victim or know someone who has fallen victim to an online scam when bargain hunting for travel deals during the summer season, with a full two-thirds of victims losing up to $1,000.

This has extended to the corporate environment, with threat actors impersonating the HR department and exploiting the trust users place in their employers, a report has found. The attack leverages regular HR procedures associated with holiday requests and taps into the anticipation and excitement surrounding the summer travel season, to capitalise on exploiting the user.

https://www.darkreading.com/endpoint/travel-themed-phishing-bec-campaigns-smarter-summer-season

• Organisations Spend 100 Hours Battling Post-Delivery Email Threats

Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organisation, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. The research shows that cyber criminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.

While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks. On average, organisations take nearly 100 hours to identify, respond to, and remediate a post-deliver email threat: 43 hours to detect the attack and 56 hours to respond and remediate after the attack is detected.

Users at companies with more than a 50% remote workforce report higher levels of suspicious emails: 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce. Companies with more than a 50% remote workforce also reported that it takes longer to both detect and respond to email security incidents: 55 hours to detect and 63 hours to respond and mitigate, compared to an average of 36 hours and 51 hours respectively for organisations with fewer remote workers.

https://www.helpnetsecurity.com/2023/05/30/2023-spear-phishing-trends/

• Ransomware Gangs Adopting Business-like Practices to Boost Profits

Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised. This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring.

The underground marketplace now includes entities including ransomware-as-a-service (RaaS) groups, Initial Access Brokers (IAB), crypter-as-a-service (CaaS), cryptojackers, malware-as-a-service (MaaS) groups and nation-state actors. This allows nation-states to use tools available on the underground market to gain access to networks and systems without being detected. Ultimately, this trend towards professionalisation makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors.

https://www.infosecurity-magazine.com/news/ransomware-gangs-business-practices/

• The Sobering Truth about Ransomware—for the 80% Who Paid Up

Newly published research of 1,200 organisations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research, 80% of the organisations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This is despite 41% of those organisations having a “do not pay” policy in place, which only goes to reinforce the cold hard fact that cyber crime isn’t an easy landscape to navigate. This is something that’s especially true when your business is facing the real-world impact of dealing with a ransomware attack.

Of the 960 organisations that paid a ransom, 201 of them (21%) were still unable to recover their lost data. The same number also reported that ransomware attacks were now excluded from their insurance policies. Of those organisations with cyber insurance cover, 74% reported a rise in premiums. Another report, published by Sophos, revealed that 32% of those surveyed opted to pay the ransom but a shocking 92% failed to recover all their data and 29% were unable to recover more than half of the encrypted data.

Some groups have switched to stealing sensitive customer or corporate data instead, with the ransom demanded in return for them not selling it to the highest bidder or publishing it online. Many groups combine the two for a double extortion ransomware attack.

https://www.forbes.com/sites/daveywinder/2023/05/30/the-sobering-truth-about-ransomware-for-the-80-percent-who-paid-up 

• The Great CISO Resignation: Why Security Leaders are Quitting in Droves

With the rise in AI tools such as ChatGPT broadening an attacker’s arsenal, this places greater and greater pressure on security leaders who are already dealing with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly quitting. A recent report found that nearly a third (32%) of CISOs in the US and UK were considering leaving their current organisation and 9 out of 10 reported themselves as “moderately” or “tremendously” stressed.

This so-called Great CISO Resignation is concerning, because what happens when there’s nobody guarding the gate and rallying the troops?

https://www.sdxcentral.com/articles/analysis/the-great-ciso-resignation-why-security-leaders-are-quitting-in-droves/2023/05/

• When is it Time for a Cyber Hygiene Audit?

Effective cyber hygiene practices limit threats against your systems, devices and users, preventing breaches that could compromise sensitive business information, database information, and personal data. But cyber hygiene isn’t a static or one-off process. It requires routine execution and, occasionally, a full audit. This audit typically covers a range of aspects including encryption, documentation, authentication, patches, security and ongoing cyber hygiene.

Good cyber hygiene is a necessary part of maintaining IT security. Setting up processes and procedures within your organisation’s regular operating procedures is an effective way to maintain cyber hygiene. Although the responsibilities may differ by position, everyone in the organisation plays a role.

An audit provides important information on where and where you need to improve. It also provides a baseline for measuring improvement and effectiveness. The key to success is to integrate hygiene into routine process starting top down from policies into every part of the business and making use of third party experts to help aid in the process.

https://www.trendmicro.com/en_us/devops/23/e/cyber-hygiene-audit-best-practices.html

Governance, Risk and Compliance

• Company size doesn't matter when it comes to cyber attacks - Help Net Security

• How to Keep Cyber attacks from Tanking Your Balance Sheet (hbr.org)

• When is it Time for a Cyber Hygiene Audit? (trendmicro.com)

• The great CISO resignation: Why security leaders are quitting in droves - SDxCentral

• ‘Exceptional’ cyber attacks now normal, says BT security chief (thetimes.co.uk)

• HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• The strategic importance of digital trust for modern businesses - Help Net Security

• Vendors: Threat actor taxonomies are confusing but essential | TechTarget

• Experts Not Willing To Wager A Candy Bar On Their Security (forbes.com)

• Breaking Enterprise Silos and Improving Protection – Security Week

• Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)

• Insider risk management: Where your program resides shapes its focus | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• Attackers leave organisations with no recovery option - Help Net Security

• Ransomware Gangs Adopting Business-like Practices to Boost Profits - Infosecurity Magazine (infosecurity-magazine.com)

• The Sobering Truth About Ransomware—For The 80% Who Paid Up (forbes.com)

• Rogue IT security worker failed to cover his tracks | Tripwire

• Organisations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation – Security Week

• The Week in Ransomware - May 26th 2023 - Cities Under Attack (bleepingcomputer.com)

• Cyble — Obsidian ORB Ransomware Demands Gift Cards as Payment

• AceCryptor: Cyber criminals' Powerful Weapon, Detected in 240K+ Attacks (thehackernews.com)

• BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration (securityintelligence.com)

• BlackCat claims the hack of the Casepoint legal technology platform used by US agencies - Security Affairs

• Investigating BlackSuit Ransomware’s Similarities to Royal (trendmicro.com)

• Fighting ransomware: Perspectives from cyber security professionals - Help Net Security

Ransomware Victims

• New York county still dealing with ransomware 8 months later • The Register

• ABB confirms data stolen in Black Basta ransomware attack | SC Media (scmagazine.com)

• SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)

• Industrial Giant ABB Confirms Ransomware Attack, Data Theft – Security Week

• MCNA Dental data breach impacts 8.9 million people after ransomware attack (bleepingcomputer.com)

• Harvard Pilgrim Health Care ransomware attack hits 2.5 million people (bleepingcomputer.com)

• Cyble — Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability

Phishing & Email Based Attacks

• Phishing campaigns thrive as evasive tactics outsmart conventional detection - Help Net Security

• Organisations spend 100 hours battling post-delivery email threats - Help Net Security

• Phishing remained the top identity abuser in 2022: IDSA report | CSO Online

• DocuSign-themed email leads to script-based infection

• New phishing technique poses as a browser-based file archiver | CSO Online

• Nigerian Cyber crime Ring's Phishing Tactics Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Sustained 'Red Deer' Phishing Attacks Impersonate Israel Post, Drop RATs (darkreading.com)

• North Korean phishing gang stole rocket tech info • The Register

Artificial Intelligence

• AI is 'a nuclear bomb and the entire world has already got it,' Palantir ethics expert warns (yahoo.com)

• Artificial intelligence is similar extinction risk as nuclear war and pandemics, say experts | Science & Tech News | Sky News

• AI: War crimes evidence erased by social media platforms - BBC News

• Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)

• ChatGPT Plugins Open Security Holes From PDFs, Websites and More | Tom's Hardware (tomshardware.com)

• What not to share with ChatGPT if you use it for work | Mashable

• Is ChatGPT a cyber security disaster? We asked the experts | Digital Trends

• Generative AI: The new attack vector for trust and safety - Help Net Security

• What are the concerns around AI and are some of the warnings 'baloney'? | Science & Tech News | Sky News

2FA/MFA

• PyPI announces mandatory use of 2FA for all software publishers (bleepingcomputer.com)

Malware

• QBot malware abuses Windows WordPad EXE to infect devices (bleepingcomputer.com)

• New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)

• Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)

• Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)

• RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)

• DogeRAT Malware Impersonates BFSI, Entertainment, E-commerce Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Stealthy SeroXen RAT malware increasingly used to target gamers (bleepingcomputer.com)

• Terminator antivirus killer is a vulnerable Windows driver in disguise (bleepingcomputer.com)

• Top macOS Malware Threats: Here Are 6 to Watch (darkreading.com)

• PyPI malware ramps up the threat to the code repository • The Register

• Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks (thehackernews.com)

• Cyber criminals use legitimate websites to obfuscate malicious payloads - Help Net Security

• North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)

Mobile

• Don't be polite when you get a text from a wrong number | kens5.com

• Predator Android Spyware: Researchers Uncover New Data Theft Capabilities (thehackernews.com)

• Android threat: 'Guerrilla' virus sneakily snuck onto 8.9m phones (citizen.co.za)

• Operation Triangulation: previously undetected malware targets iOS devices - Security Affairs

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• Android apps with spyware installed 421 million times from Google Play (bleepingcomputer.com)

Botnets

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

• Threatening botnets can be created with little code experience… – Unified Networking (unifiedguru.com)

• What Are Botnet Attacks & Explained Prevention Techniques | EC-Council (eccouncil.org)

• CAPTCHA-Breaking Services with Human Solvers Helping Cyber criminals Defeat Security (thehackernews.com)

Denial of Service/DoS/DDOS

• SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

Internet of Things – IoT

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

• Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)

• How Safe Is Your Wearable Device? (darkreading.com)

• Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers (thehackernews.com)

• Solar panels vulnerable to hackers, concern for network security - DutchNews.nl

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints (darkreading.com)

• Dutch watchdog looking into alleged Tesla data breach | Reuters

• NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian

• The root causes of API incidents and data breaches - Help Net Security

• Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)

• Retailer Database Error Leaks Over One Million Customer Records - Infosecurity Magazine (infosecurity-magazine.com)

• Yet Another Toyota Cloud Data Breach Jeopardises Thousands of Customers (darkreading.com)

• Hacking forum hacked, user database leaked online • Graham Cluley

• Risk & Repeat: A troubling trend of poor breach disclosures | TechTarget

• New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)

• Workforce platform Prosperix leaks drivers licenses and medical records - Security Affairs

Organised Crime & Criminal Actors

• Types of Cyber Crime: A Comprehensive Guide to Uncover and Prevent Digital Attacks - Security Boulevard

• US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop

• What is the Cyber Crime Atlas? How it can help disrupt cyber crime | CSO Online

• New hacking forum leaks data of 478,000 RaidForums members (bleepingcomputer.com)

• Hacking forum hacked, user database leaked online • Graham Cluley

• Tricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity

• 3 signs your kids may be hackers and what to do about it | Euronews

• “I was a teenage hacker”: Two child hackers share their stories | Euronews

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)

• Hacked DJ's Twitter account costs cryptocurrency investors $170,000 (bitdefender.com)

• Cyber criminals Targeting Apache NiFi Instances for Cryptocurrency Mining (thehackernews.com)

Insider Risk and Insider Threats

• Report: ‘massive’ Tesla leak reveals data breaches, thousands of safety complaints | Tesla | The Guardian

• Rogue IT security worker failed to cover his tracks | Tripwire

• Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)

• Insider risk management: Where your program resides shapes its focus | CSO Online

Fraud, Scams & Financial Crime

• Don't be polite when you get a text from a wrong number | kens5.comTricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity

• HMRC in New Tax Credits Scam Warning - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)

Insurance

• Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf

• Cyber Insurance: A Growth Market for Insurers With Some Caveats (carriermanagement.com)

Dark Web

• The Dark Web: Exploring the Hidden Internet | TechSpot

Supply Chain and Third Parties

• Capita cyber attack: 90 organisations report data breaches | Capita | The Guardian

• Cyber Actors Impact Daily Life in Attacks on Critical Infrastructure, Supply Chains, Report Says - MSSP Alert

Software Supply Chain

• CISO-approved strategies for software supply chain security - Help Net Security

• Where SBOMs Stand Today (darkreading.com)

Cloud/SaaS

• One of Microsoft Azure's top tools has a serious security flaw | TechRadar

• Top public cloud security concerns for the media and entertainment industry - Help Net Security

• Disaster recovery in the cloud | InfoWorld

• Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack

• Why organisations should adopt a cloud cyber security framework - Help Net Security

• Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)

• Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace (darkreading.com)

Hybrid/Remote Working

• Navigating cyber security in the age of remote work - Help Net Security

Shadow IT

• The shadow IT fight — 2023 style | Computerworld

Identity and Access Management

• Digital nomads drive changes in identity verification - Help Net Security

Encryption

• After 28 years, SSLv2 is still not gone from the internet... but we're getting there

API

• The root causes of API incidents and data breaches - Help Net Security

Open Source

• 2 Lenses for Examining the Safety of Open Source Software (darkreading.com)

• EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cyber security | Electronic Frontier Foundation (eff.org)

Passwords, Credential Stuffing & Brute Force Attacks

• Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)

• Swiss real estate agency Neho fails to put a password on its systems - Security Affairs

• Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)

Social Media

• NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian

• Twitter pulls out of voluntary EU disinformation code - BBC News

• AI: War crimes evidence erased by social media platforms - BBC News

Malvertising

• RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)

Training, Education and Awareness

• Building an Effective Cyber security Training Program (hbr.org)

Travel

• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives (darkreading.com)

• US court finds that border phone searches need a warrant • The Register

Parental Controls and Child Safety

• 3 signs your kids may be hackers and what to do about it | Euronews

• “I was a teenage hacker”: Two child hackers share their stories | Euronews

Regulations, Fines and Legislation

• OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

• Netflix warns it may remove content from UK catalogue over government media bill | The Independent

• EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cyber security | Electronic Frontier Foundation (eff.org)

Models, Frameworks and Standards

• Why organisations should adopt a cloud cyber security framework - Help Net Security

Data Protection

• OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)

Careers, Working in Cyber and Information Security

• Ways to Help Cyber security's Essential Workers Avoid Burnout (darkreading.com)

• Managing mental health in cyber security - Help Net Security

• ISACA pledges to help grow cyber security workforce in Europe | CSO Online

Law Enforcement Action and Take Downs

• US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop

Privacy, Surveillance and Mass Monitoring

• The answer to the FBI's advanced persistent threat • The Register

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• How giant pieces of spyware are shaping our views and our world | Evening Standard

• Twitter pulls out of voluntary EU disinformation code - BBC News

• The 2024 race promises to be 'very, very active' in terms of foreign and domestic meddling, says former CISA chief | CyberScoop

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine war blurs lines between cyber crims and state hacks • The Register

• Pegasus Spyware Is Detected in a War Zone for the First Time | WIRED

• Chinese State-Backed Cyber Operatives Threaten Critical Infrastructure in Espionage Campaign - MSSP Alert

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• How giant pieces of spyware are shaping our views and our world | Evening Standard

• Predator may have more spyware capabilities than we know • The Register

• Cyber Army! US Mulls Creating A New Military Unit That Can 'Track & Whack' Chinese, Russian Aggression (eurasiantimes.com)

• Cyberweapon manufacturers plot to stay on the right side of US | Financial Times (ft.com)

• Suspected Russia-trained spy whale reappears off Sweden’s coast | Sweden | The Guardian

• Pentagon Cyber Policy Cites Learnings from Ukraine War - Infosecurity Magazine (infosecurity-magazine.com)

• AI: War crimes evidence erased by social media platforms - BBC News

Nation State Actors

• How APTs target SMBs - Help Net Security

• Chinese hackers seeking ways to cripple infrastructure 'likely to have targeted UK operators' (inews.co.uk)

• China hacking Guam: Can the US stop foreign cyber attacks? | The Week

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)

• Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)

• Investigation Launched After London City Airport Website Hacked (simpleflying.com)

• Taiwan rushes to prevent China from cutting off internet and phones | The Japan Times

• North Korea says spy satellite launch crashed into sea - BBC News

• Pentagon Cyber Policy Cites Learnings from Ukraine War - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Pink hackers continue to target govt and military organisations (bleepingcomputer.com)

• The next Chinese tech threat is already here | The Spectator

• North Korean phishing gang stole rocket tech info • The Register

• North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks (thehackernews.com)

• North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)

Vulnerability Management

• Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)

• Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)

• 3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them (thehackernews.com)

• Focus Security Efforts on Choke Points, Not Visibility (darkreading.com)

Vulnerabilities

• New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)

• Zero-day vulnerability in MoveIt Transfer under attack | TechTarget

• Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months (thehackernews.com)

• Chrome 114 Released With 18 Security Fixes – Security Week

• WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection (bleepingcomputer.com)

• WordPress force installs critical Jetpack patch on 5 million sites (bleepingcomputer.com)

• Microsoft finds macOS bug that lets hackers bypass SIP root restrictions (bleepingcomputer.com)

• Zyxel patches vulnerability in NAS devices (CVE-2023-27988) - Help Net Security

• Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices (thehackernews.com)

• Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED

• Barracuda Email Security Gateway under active attack • The Register

• MacOS 'Migraine' Bug: Big Headache for Device System Integrity (darkreading.com)

• FTC accuses Amazon of nightmare IoT security fails • The Register

• Critical Vulnerabilities Found in Faronics Education Software – Security Week

Tools and Controls

• HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• When is it Time for a Cyber Hygiene Audit? (trendmicro.com)

• The strategic importance of digital trust for modern businesses - Help Net Security

• Vendors: Threat actor taxonomies are confusing but essential | TechTarget

• 6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cyber crime (thehackernews.com)

• Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)

• Digital nomads drive changes in identity verification - Help Net Security

• Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)

• The Top 10 endpoint security challenges and how to overcome them | VentureBeat

• Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf

• Disaster recovery in the cloud | InfoWorld

• Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack

• Disaster recovery challenges enterprise CISOs face - Help Net Security

• Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)

• Research Reveals UK Firms Plan to Embrace New Era of Digital Identity- IT Security Guru

Reports Published in the Last Week

• Global Threat Intelligence Report April (blackberry.com)

• Top Cyber attacks Revealed in New Threat Intelligence Report (darkreading.com)

Other News

• Undetected Attacks Against Middle East Targets Conducted Since 2020 (darkreading.com)

• 8 best practices for securing your Mac from hackers in 2023 (techrepublic.com)

• Hot Pixels attack checks CPU temp, power changes to steal data (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Boards Need Better Conversations About Cyber Security

In a survey by Harvard Business Review, 65% of directors believed their organisations were at risk of a cyber attack within the next 12 months, and almost half believed they were unprepared to cope with such an attack. Boards that struggle with their role in providing oversight for cyber security create a security problem for their organisations. By not focusing on resilience, boards fail their companies and their stakeholders.

Regarding board interactions with CISOs, just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This is worrying, as this leaves little time for leaders to have a meaningful dialogue about cyber security.

As a result, boards need to discuss their organisations’ cyber security-induced risks and evaluate plans to manage those risks frequently; the CISO should be involved in this. With the right conversations about keeping the organisation resilient, they can take the next step to provide adequate cyber security oversight. To bring more cyber security into the board room, board members may need to gain expertise, whether through frequent training or development programmes.

https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity

• Uber’s Ex-Security Chief Sentenced for Security Breach

Earlier this week, Uber’s former head of cyber security, Joseph Sullivan, faced several years of prison time for covering up a massive security breach at the ride-hailing company seven years ago. When it actually came to sentencing he managed to avoid jail but received three years of probation and 200 hours of community service, despite pleas from the prosecution to throw him in jail.

The case highlights the seriousness of covering up a security breach, as at one point the ex-security chief was looking at 24-30 months of jail time. With increasing regulations and focus on cyber security, it is unlikely that this is a one-off incident.

https://gizmodo.com/uber-security-joe-sullivan-sentenced-prison-data-breach-1850403347

• Global Cyber Attacks Rise by 7% in Q1 2023

Weekly cyber attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1,248 attacks per week according to Check Point’s latest research. The report highlights a number of sophisticated campaigns including using ChatGPT for code generation to help less-skilled threat actors effortlessly launch cyber attacks.

The Check Point report also shows that 1 in 31 organisations worldwide experienced a ransomware attack weekly over the first quarter of 2023. To defend against such threats, the security researchers recommended a series of cyber safety tips, such as keeping computers and servers up-to-date, conducting regular cyber awareness training and utilising better threat prevention tools, among others.

https://www.infosecurity-magazine.com/news/global-cyber-attacks-rise-7-q1-2023/

• Three-Quarters of Firms Predict a Breach in the Coming Year

Most global organisations anticipate suffering a data breach or cyber attack in the next 12 months. Trend Micro’s six-monthly Cyber Risk Index (CRI) was compiled from interviews with 3,729 global organisations.

While results of the index score move in a positive direction showing organisations are taking steps to improve cyber preparedness, most responding organisations are pessimistic about the year ahead.

Respondents pointed to both negligent insiders and mobile users, and a lack of trained staff, as a key cause of concern going forward. Alongside cloud infrastructure and virtual computing environments, these comprised the top five infrastructure risks.

https://www.infosecurity-magazine.com/news/threequarters-firms-predict-breach/

• The Costly Threat That Many Businesses Fail to Address

Insider attacks such as fraud, sabotage, and data theft plague 71% of businesses, according to a recent report. The report found companies that allow excessive data access are much more likely to suffer insider attacks. However, only 57% of companies limit data appropriately while 31% allow employees access to more data than necessary and 12% allow employees access to all company data.

Alarmingly, of the companies that have experienced insider attacks, one in three (34%) report that the attack involved an employee with privileged access. Data theft was the most common type of insider attack, reported by 38% of businesses.

Insider attacks can damage businesses’ reputations, finances, and competitiveness, and therefore companies should take a proactive approach in preventing these incidents.

https://www.helpnetsecurity.com/2023/05/02/insider-attacks-damage/

• European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes

Recent research revealed that European IT and security leaders may be dangerously over-confident in their ability to avoid cyber attacks and mitigate the risk of serious data compromise. The findings reveal that most organisations have suffered a serious cyber attack in the last two years, with over half of respondents saying their company suffered an attack 1 to 3 times in this time period. Worryingly, 20% of respondents claim to have been attacked 4 to 6 times. Only 18% managed to avoid an attack altogether.

Worryingly, three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. Although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.

Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%). Alarmingly, health-related data is classified as a special category data by GDPR, meaning it requires more protection.

https://www.itsecurityguru.org/2023/05/03/european-data-at-risk-with-tick-box-gdpr-compliance-and-high-cyberattack-volumes

• Understanding Cyber Threat Intelligence for Business Security

Cyber threat intelligence is not a solution itself, but a crucial component of any mature security programme, enabling organisations to gain insights into the motives, targets and behaviours of threat actors. As such, it is crucial for businesses looking to protect themselves from the ever-evolving cyber threat landscape.

Some of the benefits of effective cyber threat intelligence to a business include early threat detection, improved response, regulation compliance, competitive advantage and cost savings. It is important to highlight that an organisation does not need to come up with their own cyber threat intelligence initiative, it can instead be purchased as a service.

https://www.forbes.com/sites/forbestechcouncil/2023/05/04/understanding-cyber-threat-intelligence-for-business-security

• Hackers Are Finding Ways to Evade Latest Cyber Security Tools

As hacking has gotten more destructive and pervasive, new defensive tools continue to be developed. One such tool is called endpoint detection and response (EDR) software, it’s designed to spot early signs of malicious activity on laptops, servers and other devices known as “endpoints” on a computer network — and block them before intruders can steal data or lock the machines.

Experts however, claim hackers have developed workarounds for some forms of the technology, allowing them to slip past products that have become the gold standard for protecting critical systems. Security software is not enough on its own, it is just one of the layers of defence that organisations should employ as part of their cyber resilience; there is no silver bullet.

https://finance.yahoo.com/news/hackers-finding-ways-evade-latest-131600565.html

• Study Shows a 27% Spike in Publicly Known Ransomware Victims

A report released this week highlights a 27% increase in publicly known ransomware victims in the first quarter of the year. Some of the report’s key findings include the fact that manufacturing, technology, education, banking, finance, and healthcare organisations are the largest to be exposed to ransomware.

The report identified an increase in the use of “double extortion” as an attack model. This method is where ransomware groups not only encrypt files but also exfiltrate data. The top five most active ransomware threat actors are LockBit, Clop, AlphV, Royal and BianLian.

https://www.msspalert.com/cybersecurity-news/guidepoint-study-shows-a-27-spike-in-public-ransomware-victims/

• Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves

A recent report found while the number of ransomware incidents that firms responded to dipped in early 2022, it came roaring back toward the end of the year and into early 2023. With this came higher ransom demands and, eventually, payments. The largest ransom demand last year was more than $90 million, with the largest payment exceeding $8 million. Both were larger than in 2021 (more than $60 million and $5.5 million respectively).

Ransomware groups are upping their attacks all the time and you don’t want to be an easy target.

https://www.theregister.com/2023/05/02/data_breach_costs_rise/

• Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers

In a significant ruling this week a court in the US found that pharmaceutical company Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection from 2017. The ruling will also undoubtedly affect the language used in underwriting policies, especially when it comes to risks such as ransomware and cyber warfare.

https://www.theregister.com/2023/05/03/merck_14bn_insurance_payout_upheld/

• 4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus

The technology industry has long been building walls around structured data and communications—with little consideration of how employees use that information. Outlined below are four 4 ways leaders can better protect raw data.

• Recognise that priorities have evolved.

• Understand that security burdens have changed.

• Understand why, despite best efforts, criminals are still successful.

• Evaluate the ways in which you are protecting your most vulnerable data.

https://www.forbes.com/sites/forbesbusinessdevelopmentcouncil/2023/05/02/4-ways-leaders-should-reevaluate-their-cybersecuritys-focus/

Threats

Ransomware, Extortion and Destructive Attacks

• Data loss costs go up, and not just from ransom shakedowns • The Register

• Pension watchdog probes Capita data hack (thetimes.co.uk)

• To Fight Ransomware, Move Beyond Detection to Real-Time Response, Fortinet Study Says - MSSP Alert

• Using Threat Intelligence to Get Smarter About Ransomware – Security Week

• Merck's $1.4B NotPetya insurance payout upheld by court • The Register

• GuidePoint Study Shows a 27% Spike in Public Ransomware Victims - MSSP Alert

• Rapture, a Ransomware Family With Similarities to Paradise (trendmicro.com)

• The Tragic Fallout From a School District’s Ransomware Breach | WIRED

• Hackers leak images to taunt Western Digital's cyber attack response (bleepingcomputer.com)

• ‘Big game hunting’ hackers ALPHV claim major breach of law firm HWL Ebsworth (afr.com)

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

• BlackCat group releases screenshots of stolen Western Digital data | CSO Online

• Ransomware Attack Affects Dallas Police, Court Websites – Security Week

• Studies show ransomware has already caused patient deaths | TechTarget

• Cold storage giant Americold outage caused by network breach (bleepingcomputer.com)

• Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients - Infosecurity Magazine (infosecurity-magazine.com)

• Payment software giant AvidXchange suffers its second ransomware attack of 2023 | TechCrunch

• Ransomware Attack Disrupts IT Network at Hardenhuish School - Infosecurity Magazine (infosecurity-magazine.com)

• City of Dallas hit by Royal ransomware attack impacting IT services (bleepingcomputer.com)

• Ransomware gang hijacks university alert system to issue threats (bleepingcomputer.com)

• Cyber attack cost conveyancing giant £7m - but the insurers paid up | News | Law Gazette

• Bitmarck Halts Operations Due to Cyber security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Teiss - News - Lockbit 3.0 targets Fullerton India, demands a £2.3 million ransom

Phishing & Email Based Attacks

• Malicious HTML Attachment Volumes Surge - Infosecurity Magazine (infosecurity-magazine.com)

• A Comprehensive Look At Email-Based Threats In 2023 (informationsecuritybuzz.com)

• How to Spot a ChatGPT Phishing Website (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Crooks show they don't need ChatGPT to scam victims • The Register

Malware

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)

• Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram – Naked Security (sophos.com)

• Security experts are using malware's own code to protect potential victims | TechSpot

• New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks (thehackernews.com)

• How to Detect and Remove a Keylogger From Your Computer (howtogeek.com)

• Hackers start using double DLL sideloading to evade detection (bleepingcomputer.com)

• Anatomy of a Malicious Package Attack (darkreading.com)

Mobile

• Android Apps Fail to Protect User Data During Device Transfer - Infosecurity Magazine (infosecurity-magazine.com)

• Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register

• Google fought a mountain of malware in 2022 | Android Central

• Google Bans Thousands of Play Store Developer Accounts to Block Malware (darkreading.com)

• Digital Intruders – Top Ways Hackers Can Breach Your Smartphone’s Security (freecodecamp.org)

• Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)

Botnets

• Cyber criminals use proxies to legitimise fraudulent requests - Help Net Security

• Bot Attacks Are Easy to Launch, Human Security Reports - MSSP Alert

Denial of Service/DoS/DDOS

• What’s the Difference Between a DOS and DDoS Attack? (howtogeek.com)

Internet of Things – IoT

• Top 5 IoT Security Risks In 2023 - The Cyber Express

• Hackers exploit 5-year-old unpatched flaw in TBK DVR devices (bleepingcomputer.com)

• CISA warns of Mirai botnet exploiting TP-Link routers • The Register

• Drone goggles maker claims firmware sabotaged to ‘brick’ devices (bleepingcomputer.com)

Data Breaches/Leaks

• Three-Quarters of Firms Predict Breach in Coming Year - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attack sparks fears that criminals could target UK gun owners for firearms | Cyber crime | The Guardian

• UK Gun Owners May Be Targeted After Rifle Association Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Kodi Forum Data Breach - Lessons Learned, Actions Taken | News | Kodi

• T-Mobile suffered the second data breach in 2023 - Security Affairs

• Sensitive data is being leaked from servers running Salesforce software | Ars Technica

• ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)

• Sensitive files about Royal Navy submarine reportedly found in pub toilet | Royal Navy | The Guardian

• Millions of patients’ data confirmed stolen after Fortra mass-hack | TechCrunch

• TikTok security breach allowed attackers to leak personal information (ynetnews.com)

Organised Crime & Criminal Actors

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market-Security Affairs

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Man Gets Four Years for Stealing Bitcoin Seized by Feds - Infosecurity Magazine (infosecurity-magazine.com)

• Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram – Naked Security (sophos.com)

• Crooks broke into AT&T email accounts to empty their crypto wallets - Security Affairs

• Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)

• Hackers stole $93M from crypto projects in April (cryptoslate.com)

Insider Risk and Insider Threats

• The costly threat that many businesses fail to address - Help Net Security

• The hidden security risks in tech layoffs and how to mitigate them | CSO Online

Fraud, Scams & Financial Crime

• Hackers swap stealth for realistic checkout forms to steal credit cards (bleepingcomputer.com)

• Advanced Fee Fraud Surges by Over 600% - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals use proxies to legitimize fraudulent requests - Help Net Security

• UK to ban all cold calls selling financial products - BBC News

• Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)

• UK intelligence agencies to step up anti-fraud efforts | Financial Times (ft.com)

• National Crime Agency urged to crush rogue US candy stores (thetimes.co.uk)

• Clampdown on cold calls and mass texting technology announced in UK | Scams | The Guardian

AML/CFT/Sanctions

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

Dark Web

• Why the Things You Don't Know about the Dark Web May Be Your Biggest Cyber security Threat (thehackernews.com)

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market - Security Affairs

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

Supply Chain and Third Parties

• How to keep calm and carry on in a supply chain attack • The Register

• Pension watchdog probes Capita data hack (thetimes.co.uk)

• SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED

• DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED

• Aviva says it thinks customer data secure after Capita cyber attack (proactiveinvestors.co.uk)

Cloud/SaaS

• Using just-in-time access to reduce cloud security risk - Help Net Security

• Cloud security threats are growing faster than ever | TechRadar

Hybrid/Remote Working

• Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)

• White House seeks information on tools used for automated employee surveillance | Computerworld

Attack Surface Management

• Reigning in ‘Out-of-Control’ Devices – Security Week

Encryption

• The UK’s online safety bill will not keep us safe | Financial Times (ft.com)

API

• Report shows 92% of orgs experienced an API security incident last year | VentureBeat

• Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)

• OpenAI Threatens Popular GitHub Project With Lawsuit Over API Use | Tom's Hardware (tomshardware.com)

• 5 API security best practices you must implement - Help Net Security

• Enterprise Strategy Group Research Reveals 75% of Organisations Change or Update APIs on a Daily or Weekly Basis (darkreading.com)

• Top API vulnerabilities organisations can't afford to ignore - Help Net Security

Open Source

• Unpaid open source maintainers struggle with increased security demands - Help Net Security

• Anatomy of a Malicious Package Attack (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• Your passwords could be cracked using thermal cameras powered by AI | TechRadar

• Your Google Account is getting rid of its password (androidpolice.com)

• PSA. Don’t share your password in your app’s release notes • Graham Cluley

Social Media

• TikTok security breach allowed attackers to leak personal information (ynetnews.com)

• Twitter outage logs you out and won’t let you back in (bleepingcomputer.com)

• Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register

• Strike 3: FTC says Meta still failing to protect privacy • The Register

Malvertising

• Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)

• LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads (thehackernews.com)

Regulations, Fines and Legislation

• European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru

• UK readers may lose access to Wikipedia amid online safety bill requirements | UK news | The Guardian

• White House unveils AI rules to address safety and privacy | Computerworld

Governance, Risk and Compliance

• Hackers Are Finding Ways to Evade Latest Cyber security Tools (yahoo.com)

• Global Cyber Attacks Rise by 7% in Q1 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• There’s No Silver Bullet for Cyber security (hbr.org)

• European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru

• Data loss costs go up, and not just from ransom shakedowns • The Register

• Boards Are Having the Wrong Conversations About Cyber security (hbr.org)

• Three-Quarters of Firms Predict Breach in Coming Year - Infosecurity Magazine (infosecurity-magazine.com)

• Uber Ex-Security Chief Joe Sullivan to Be Sentenced for Breach (gizmodo.com)

• Trends and Insights from the New Global Threat Intelligence Report - MSSP Alert

• Why Your Detection-First Security Approach Isn't Working (thehackernews.com)

• How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)

• Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)

• Reducing Your Attack Surface: A Practical Approach To Vulnerability Remediation And Management (forbes.com)

• What the Cyber security Industry Can Learn From the SVB Crisis (darkreading.com)

• 4 Ways Leaders Should Reevaluate Their Cyber security's Focus (forbes.com)

• Optimising Cyber Security Costs In A Recession (informationsecuritybuzz.com)

• Malicious content lurks all over the web - Help Net Security

• Microsoft Digital Defence Report: Key Cyber crime Trends (darkreading.com)

• Closing up holes: Infoseccers on being less reactive • The Register

• Organisations brace for cyber attacks despite improved preparedness - Help Net Security

• Global Cyber Risk Lowers to Moderate Level in 2H' 2022 (trendmicro.com)

• Japan’s ‘myth of security’ raises cyber attack risk | Financial Times (ft.com)

Secure Disposal

• Your decommissioned routers could be a security disaster | Network World

Careers, Working in Cyber and Information Security

• The importance of being certified • The Register

• UK Cyber Security Council launches certification mapping tool - Help Net Security

• DHS’ cyber talent management system slowly gaining traction | Federal News Network

• The warning signs for security analyst burnout and ways to prevent - Help Net Security

• Google Launches Cyber security Career Certificate Program (darkreading.com)

Law Enforcement Action and Take Downs

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market - Security Affairs

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Open Banking: A Perfect Storm for Security and Privacy? - SecurityWeek

• Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)

• Apple and Google Team Up to Stop Unwanted Tracking by AirTags, Other Devices - CNET

• White House seeks information on tools used for automated employee surveillance | Computerworld

• Strike 3: FTC says Meta still failing to protect privacy • The Register

Artificial Intelligence

• 5 ways threat actors can use ChatGPT to enhance attacks | CSO Online

• Workers are secretly using ChatGPT, AI, with big risks for companies (cnbc.com)

• AI will do 'real damage', warns Microsoft chief (telegraph.co.uk)

• Microsoft’s chief economist says A.I. can be dangerous | Fortune

• It's time to harden AI and ML for cyber security | TechTarget

• Stop using generative-AI tools, Samsung orders staff | Digital Trends

• ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)

• How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)

• PrivateGPT Tackles Sensitive Info in ChatGPT Prompts (darkreading.com)

• Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register

• How AI is reshaping the cyber security landscape - Help Net Security

• White House unveils AI rules to address safety and privacy | Computerworld

• How to Spot a ChatGPT Phishing Website (darkreading.com)

Misinformation, Disinformation and Propaganda

• Is misinformation the newest malware? | CSO Online

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (bleepingcomputer.com)

• Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services - SecurityWeek

• Cat and mouse game: Russian satellite appears to chase US military satellite in space (firstpost.com)

• Russian APT Nomadic Octopus hacked Tajikistani carrier - Security Affairs

• Russia’s APT28 targets Ukraine with bogus Windows updates • The Register

• Russian spy network smuggles sensitive EU tech despite sanctions | Financial Times (ft.com)

• Finnish newspaper hides Ukraine news reports for Russians in online game | Censorship | The Guardian

• Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)

Nation State Actors

• APT groups muddying the waters for MSPs | WeLiveSecurity

• China’s Hackers Vastly Outnumber US. Cyber Agents by 50 to 1, FBI Director Testifies - MSSP Alert

• Chinese APT Uses New 'Stack Rumbling' Technique to Disable Security Software - SecurityWeek

• China 'Innovated' Its Cyber attack Tradecraft, Mandia Says (darkreading.com)

• 'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware (darkreading.com)

• APT41 Subgroup Plows Through Asia-Pacific, Utilizing Layered Stealth Tactics (darkreading.com)

• APT41’s PowerShell Backdoor Download Files From Windows (cyber securitynews.com)

• US Chamber of Commerce warns of major increase in risks for businesses in China | CNN Business

• China’s ‘men in black’ step up scrutiny of foreign corporate sleuths | Financial Times (ft.com)

• Microsoft says Iranian hackers combine influence ops with hacking for maximum impact | CyberScoop

• BouldSpy Android Spyware: Iranian Government's Alleged Tool for Spying on Minority Groups (thehackernews.com)

• Attack on Security Titans: Earth Longzhi Returns With New Tricks (trendmicro.com)

• North Korean APT Gets Around Macro-Blocking With LNK Switch-Up (darkreading.com)

• ‘We have survived!’: China’s Huawei goes local in response to US sanctions | Financial Times (ft.com)

• Apple is a Chinese company | Financial Times (ft.com)

• Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)

• China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register

• Kimsuky hackers use new recon tool to find security gaps (bleepingcomputer.com)

Vulnerability Management

• Reducing Your Attack Surface: A Practical Approach To Vulnerability Remediation And Management (forbes.com)

Vulnerabilities

• WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin (searchenginejournal.com)

• Cisco discloses a bug in Prime Collaboration Deployment solution - Security Affairs

• Cisco Warns of Critical Vulnerability in EoL Phone Adapters - SecurityWeek

• Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register

• Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now (thehackernews.com)

• Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software (thehackernews.com)

• AMD TPM Exploit: faulTPM Attack Defeats BitLocker and TPM-Based Security (Updated) (msn.com)

• Chrome 113 Released With 15 Security Patches - SecurityWeek

• Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation - SecurityWeek

• Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)

• Apple Releases First-Ever Security Updates for Beats, AirPods Headphones - SecurityWeek

• Some of the top AMD chips are suffering a serious security flaw | TechRadar

Tools and Controls

• How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)

• 86 percent of developers knowingly deploy vulnerable code (betanews.com)

• The hidden security risks in tech layoffs and how to mitigate them | CSO Online

• Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)

• Reigning in ‘Out-of-Control’ Devices – Security Week

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• The pros and cons of VPNs for enterprises | TechTarget

• It's time to harden AI and ML for cyber security | TechTarget

• Using just-in-time access to reduce cloud security risk - Help Net Security

• Using multiple solutions adds complexity to your zero trust strategy - Help Net Security

• Your decommissioned routers could be a security disaster | Network World

• Wanted Dead or Alive: Real-Time Protection Against Lateral Movement (thehackernews.com)

• 5 API security best practices you must implement - Help Net Security

• 3 questions CISOs expect you to answer during a security pitch | TechCrunch

• Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)

• 4 Principles for Creating a New Blueprint for Secure Software Development (darkreading.com)

• How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)

• AppSec Making Progress or Spinning Its Wheels? (darkreading.com)

• Windows admins can now sign up for ‘known issue’ email alerts (bleepingcomputer.com)

• Top API vulnerabilities organisations can't afford to ignore - Help Net Security

• How AI is reshaping the cyber security landscape - Help Net Security

• Getting cyber-resilience right in a zero-trust world starts at the endpoint | VentureBeat

• Practical Protection: Limiting the Damage from Local Admin Accounts (practical365.com)

• To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)

• Using Threat Intelligence to Get Smarter About Ransomware – Security Week

• New Generative AI Tools Aim to Improve Security (darkreading.com)

Other News

• Firmware Looms as the Next Frontier for Cyber security (darkreading.com)

• Open Banking: A Perfect Storm for Security and Privacy? – Security Week

• Malicious content lurks all over the web - Help Net Security

• How Public-Private Information Sharing Can Level the Cyber security Playing Field (darkreading.com)

• Eric Idle tells RSAC to look in the bright side of life • The Register

• Your decommissioned routers could be a security disaster | Network World

• FBI Focuses on Cyber security With $90M Budget Request (darkreading.com)

• Google will remove secure website indicators in Chrome 117 (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month

March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.

Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.

The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.

https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/

• Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces

Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.

The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:

• Keeping up with threat intelligence (70%)

• Allocating cyber security resources and budget (47%)

• Visibility into all assets connected to the network (44%)

• Compliance and regulation (39%)

• Convergence of IT and OT (32%)

The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.

https://www.msspalert.com/cybersecurity-news/organizations-overwhelmed-with-cybersecurity-alerts-threats-and-attack-surfaces-armis-study-shows/

• One in Three Businesses Faced Cyber Attacks Last Year

Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.

Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.

https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html

• Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged

Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.

The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.

https://www.darkreading.com/vulnerabilities-threats/why-your-anti-fraud-identity-cybersecurity-efforts-should-be-merged

• Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security

With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.

Cobalt’s recent report found:

• Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.

• Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.

• Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.

https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/

• Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes

Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.

Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.

https://www.hivesystems.io/blog/are-your-passwords-in-the-green

• 83% of Organisations Paid Up in Ransomware Attacks

A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.

Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.

https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/

• Security is a Revenue Booster, Not a Cost Centre

Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.

For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.

In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.

https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center

• Ex-CEO Gets Prison Sentence for Bad Security

A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.

Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.

The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.

https://nakedsecurity.sophos.com/2023/04/18/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence-for-bad-data-security/

• Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers

There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.

https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/

• KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend

KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.

The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.

Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.

https://www.itsecurityguru.org/2023/04/19/knowbe4-q1-phishing-report-reveals-it-and-online-services-emails-drive-dangerous-attack-trend/

• Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack

Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.

While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.

https://www.theguardian.com/business/2023/apr/20/capita-admits-customer-data-may-have-been-breached-during-cyber-attack

• Outdated Cyber Security Practices Leave Door Open for Criminals

A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.

https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/

• Quantifying Cyber Risk Vital for Business Survival

Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.

https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/

• Recycled Network Devices Exposing Corporate Secrets

Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.

Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.

In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.

The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.

https://www.infosecurity-magazine.com/news/recycled-network-exposing/

Threats

Ransomware, Extortion and Destructive Attacks

• 83% of organisations paid up in ransomware attacks  | VentureBeat

• March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

• Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)

• RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• UK Education Sector Suffered Most from Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs

• Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek

• LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)

• Abuse victims' data stolen in ransomware attack (rte.ie)

• Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch

• Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs

• Black Basta claims it's selling off stolen Capita data • The Register

• An Analysis of the BabLock Ransomware (trendmicro.com)

• Ransomware reinfection and its impact on businesses - Help Net Security

• Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)

• Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)

• Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)

• Medusa ransomware crew boasts of Microsoft code leak • The Register

• New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• New Qbot campaign delivers malware by hijacking business emails | CSO Online

• KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend - IT Security Guru

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET

• UK government employees receive average of 2,246 malicious emails per year - IT Security Guru

BEC – Business Email Compromise

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• US charges three men with six million dollar business email compromise plot | Tripwire

2FA/MFA

• How to Prevent 2 Common Attacks on MFA (darkreading.com)

Malware

• Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)

• New Chameleon banking trojan is stealing account info — what you need to know | Tom's Guide (tomsguide.com)

• US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)

• New QBot campaign delivered hijacking business correspondenceSecurity Affairs

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• MacStealer - newly-discovered malware steals passwords and exfiltrates data from infected Macs • Graham Cluley

• 'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)

• What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)

Mobile

• Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

Botnets

• 'Zaraza' Bot Targets Google Chrome to Extract Login Credentials (darkreading.com)

Internet of Things – IoT

• Military helicopter crash blamed on missing software patch • The Register

• Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

• Five Eye nations release new guidance on smart city cyber security | CSO Online

Data Breaches/Leaks

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)

• Volvo retailer leaks sensitive files - Security Affairs

• Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek

• Cyber attack on Insurance Information Bureau of India; data at risk - The Economic Times (indiatimes.com)

• Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek

Organised Crime & Criminal Actors

• Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• Standardized data collection methods can help fight cyber crime | TechTarget

• Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

Insider Risk and Insider Threats

• Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Top risks and best practices for securely offboarding employees | CSO Online

• Critical Infrastructure Firms Concerned Over Insider Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How to Strengthen your Insider Threat Security - IT Security Guru

Fraud, Scams & Financial Crime

• Pre-pandemic techniques are fueling record fraud rates - Help Net Security

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• Trial and error in Kuwait | CyberScoop

• US extradites Nigerian charged in $6m email fraud scam • The Register

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• Three charged over banking fraud for hire website | Computer Weekly

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

• Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur

• FTC orders payments firm to pay $650k over tech support scam • The Register

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Fraudsters impersonating genuine providers cost £177.6m in 2022, UK Finance data suggests | Business News | Sky News

• Scammers using social media to dupe people into becoming money mules - Help Net Security

AML/CFT/Sanctions

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)

• Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek

• Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online

Dark Web

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

Supply Chain and Third Parties

• Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)

• 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant

• Capita admits customer, supplier or colleague data may have been accessed by hackers | Business News | Sky News

• Lazarus APT group employed Linux Malware in recent attacks-Security Affairs

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

Software Supply Chain

• CISA Introduces Secure-by-design and Secure-by-default Development Principles – Security Week

Cloud/SaaS

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• Is there really a march from the public cloud back on-prem? | TechCrunch

• Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs

Attack Surface Management

• Recycled Core Routers Expose Sensitive Corporate Network Info (darkreading.com)

Shadow IT

• The staying power of shadow IT, and how to combat risks related to it - Help Net Security

Identity and Access Management

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)

• The biggest data security blind spot: Authorization - Help Net Security

Encryption

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

API

• Triple-digit Increase in API and App Attacks on Tech and Retail - Infosecurity Magazine (infosecurity-magazine.com)

• There's Been a 400% Increase in Unique API Attackers - The New Stack

Open Source

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Security beyond software: The open source hardware security evolution - Help Net Security

• Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com

Passwords, Credential Stuffing & Brute Force Attacks

• How Long It Would Take A Hacker To Brute Force Your Password In 2023, Ranked | Digg

Social Media

• LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Scammers using social media to dupe people into becoming money mules - Help Net Security

Regulations, Fines and Legislation

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Brit cops rapped over app that recorded 200k phone calls • The Register

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Governance, Risk and Compliance

• Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)

• Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• 'One in three firms faced cyber attacks last year' (aol.co.uk)

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

• Quantifying cyber risk vital for business survival - Help Net Security

• Wargaming an effective data breach playbook - Help Net Security

• Outdated cyber security practices leave door open for criminals - Help Net Security

• CISOs struggling to protect sensitive data records - Help Net Security

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Gartner Top Strategic Cyber security Trends 2023

• 3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)

• Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-CIO must pay £81k over Total Shambles Bank migration • The Register

• Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security

• Top risks and best practices for securely offboarding employees | CSO Online

• How companies are struggling to build and run effective cyber security programs - Help Net Security

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)

Secure Disposal

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

Backup and Recovery

• CISOs struggling to protect sensitive data records - Help Net Security

Data Protection

• Government reprimanded for serious breaches of data protection law - Jersey Evening Post

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Brit cops rapped over app that recorded 200k phone calls • The Register

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Careers, Working in Cyber and Information Security

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

Law Enforcement Action and Take Downs

• Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes (bitdefender.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• US extradites Nigerian charged in $6m email fraud scam • The Register

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

• Three charged over banking fraud for hire website | Computer Weekly

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Privacy, Surveillance and Mass Monitoring

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• What the Recent Collapse of SVB Means for Privacy (darkreading.com)

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

Artificial Intelligence

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register

• AI-created malware sends shockwaves through cybersecurity world | Fox News

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)

• ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Misinformation, Disinformation and Propaganda

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers targeting UK more frequently (thetimes.co.uk)

• UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure | CSO Online

• Russian hackers want to ‘disrupt or destroy’ UK infrastructure, minister warns | Hacking | The Guardian

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)

• Meet the hacker armies on Ukraine's cyber front line - BBC News

• Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)

• Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• How cyber support to Ukraine can build its democratic future | CyberScoop

• Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)

• Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)

• Britain sounds alarm on spyware, mercenary hacking market | Reuters

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

• The UK will need more than words in this cyber war | Financial Times (ft.com)

• Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)

Nation State Actors

• BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)

• 3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)

• UK security chief’s alert over threat from China (thetimes.co.uk)

• Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites (thehackernews.com)

• APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)

• China starts ‘surgical’ retaliation against foreign companies after US-led tech blockade | Financial Times

• Iranian-Russian cooperation on hack attacks may challenge Israeli cyber supremacy | The Times of Israel

• US charges 44 members of alleged Chinese troll army • The Register

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets - Microsoft Security Blog

• MuddyWater Uses SimpleHelp to Target Critical Infrastructure Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)

• Iranian Nation-State Actor "Mint Sandstorm" Weaponizes N-day Flaws - Infosecurity Magazine (infosecurity-magazine.com)

• Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)

• Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Vulnerability Management

• Military helicopter crash blamed on missing software patch • The Register

• Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

Vulnerabilities

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• CISA: Patch Bug Exploited by Chinese E-commerce App - Infosecurity Magazine (infosecurity-magazine.com)

• Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)

• Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)

• Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs

• VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek

• Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products (thehackernews.com)

• Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)

Tools and Controls

• CISA Asks Manufacturers to Prioritize Cybersecurity in Product Design - Infosecurity Magazine (infosecurity-magazine.com)

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• 7 countries unite to push for secure-by-design development | CSO Online

• Wargaming an effective data breach playbook - Help Net Security

• Where There's No Code, There's No SDLC (darkreading.com)

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)

• Microsoft opens up Defender with file hash, URL search • The Register

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

• How to build a cybersecurity deception program | TechTarget

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

• Threat Posed by 'Irresponsible' Use of Commercial Hacking Tools Increasing, NCSC Warns - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs struggling to protect sensitive data records - Help Net Security

• Generative AI in SecOps and how to prepare | TechTarget

• AI defenders ready to foil AI-armed attackers • The Register

• Newer Authentication Tech a Priority for 2023 (darkreading.com)

Other News

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop

• Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)

• How to defend against TCP port 445 and other SMB exploits | TechTarget

• Criminal Records Service still disrupted 4 weeks after hack - BBC News

• Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)

• Cyberspace Solarium Commission says space systems should be considered critical infrastructure | CyberScoop

• UK Strengthens Cyber security Audits for Government Agencies - Infosecurity Magazine (infosecurity-magazine.com)

• EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com

 Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• It’s Time to Evaluate Your Security Education Plan with the Rise in Social Engineering Attacks

Security provider Purplesec found 98% of attacks in 2022 involved an element of social engineering. Social engineering attacks can take many forms including phishing, smishing, vishing and quishing and it’s vital to educate your organisation on how to best prepare for these. Education plans should focusing on educating all levels of users, including those at the top. These plans should also be tested to allow organisations to assess where they are at and identify where they can improve.

https://www.darkreading.com/endpoint/as-social-engineering-attacks-skyrocket-evaluate-your-security-education-plan

• Mobile Users are More Susceptible to Phishing Attacks

A report conducted by mobile security provider Lookout focused on the impact of mobile phishing. Some of the key findings from the report included that more than 50% of personal devices were exposed to a mobile phishing attack every quarter, the percentage of users falling for multiple mobile phishing links increasing and an increased targeting of highly regulated industries such as insurance, banking and financial services. It is likely that this has resulted from the increase in relaxed bring your own device (BYOD) policies.

https://www.msspalert.com/cybersecurity-research/mobile-users-more-susceptible-to-phishing-attacks-than-two-years-ago/

• Phishing as a Service Stimulates Cyber Crime

Phishing attacks are at an all-time high and the usage of Phishing as a Service (PaaS) opens this attack technique to virtually anyone. The sale of “phishing kits” and usage of artificial intelligence has further increased the availability of this attack technique. In response, organisations should look to improve their email security, cloud security and education programs for employees.

https://www.trendmicro.com/en_us/ciso/23/c/phishing-as-a-service-phaas.html

• Attacker Breakout Time Drops to Just 84 Minutes

The average time it takes for a threat actor to move laterally from a compromised host within an organisation dropped 14% between 2012 and 2022 down to 84 minutes, according to a report by security provider Crowdstrike. With the reduction in time it takes a threat actor to move across systems, organisations have even less time to enact their incident response plans and contain breaches effectively, putting further pressure on the incident response team. By responding quickly, organisations can minimise the cost and damage of a breach. The report from Crowdstrike found that organisations were facing increasing difficulty in detecting suspicious activity as attackers are choosing to use valid organisation credentials rather than malware, to gain access to an organisation’s systems.

https://www.infosecurity-magazine.com/news/attacker-breakout-time-drops-just/

• Attackers are Developing and Deploying Exploits Faster Than Ever

A report from security provider Rapid7 found that over 56% of vulnerabilities were exploited within seven days of public disclosure. Worryingly, the median time for exploitation in 2022 was just one day. The finding from the report highlights the need for organisations to not only conduct threat intelligence to be aware of vulnerabilities but to also look to employ patches where possible in a timely manner.

https://www.helpnetsecurity.com/2023/03/03/attackers-developing-deploying-exploits/

• Old Vulnerabilities are Haunting Organisations and Aiding Attackers

Known vulnerabilities, vulnerabilities for which patches have already been made available, are one of the primary attack vectors for threat actors. Vulnerability management vendor Tenable found that the top exploited vulnerabilities were originally disclosed as far back as 2017 and organisations that had not applied these patches were at increased risks of attack.

https://www.helpnetsecurity.com/2023/03/03/known-exploitable-vulnerabilities/

• Scams Drive Nearly $9bn Fraud Surge in 2022

Americans lost $8.8 billion to fraud last year, with imposter scams responsible for $2.8 billion of that amount, according to the Federal Trade Commission (FTC). Losses to business imposters were particularly damaging, climbing to $660 million from the previous year. Interestingly, the FTC found that younger people reported losing money to fraud the most often.

https://www.infosecurity-magazine.com/news/investment-scams-drive-9bn-in/

• Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This

The World Economic Forum’s recent report found that 93% of cyber security leaders and 86% of business leaders think it is moderately or very likely that global geopolitical instability will lead to a catastrophic cyber event in the next two years. Reinforcing this, a report from (ISC)² found that 80% of business executives believe a weakening economy will increase cyber threats and a recession will only amplify this.

https://www.csoonline.com/article/3689008/economic-pressures-are-increasing-cybersecurity-risks-a-recession-would-amp-them-up-more.html

• Cyber Security in this Era of Polycrisis

A year since Russia invaded Ukraine, the geopolitical context is increasingly tense and volatile. The world faces several major crises in what has been coined a 'polycrisis,' a cluster of global shocks with compounding effects. This, along with increasing geopolitical tensions causes a rise in risk from cyber attacks. In fact, the European Union Agency for Cyber Security (ENISA) recently issued an alert regarding actors conducting malicious cyber activities against businesses and governments in the European Union and findings from Google show a 300% increase in state-sponsored cyber attacks targeting users in NATO countries.

https://www.weforum.org/agenda/2023/02/cybersecurity-in-an-era-of-polycrisis/

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions

Research provider TRM labs found that some major Russian-linked ransomware crime gangs have rebranded their activities in 2022 to avoid sanctions. To strengthen their anonymity, two major ransomware crime gangs LockBit and Conti restructured their activities. Conti is reported to have restructured into three smaller groups named Black Besta, BlackByte, Karakurt. LockBit on the other hand launched LockBit 3.0, which is focused on monetary gain. Additionally, the report found that Russian-speaking darknet markets had amassed over $130 million in sales.

https://cryptopotato.com/russian-ransomware-projects-rebranded-to-avoid-western-sanctions-report/

• Ransomware Attacks Ravaged Big Names in February

Despite the apparent slight drop in ransomware activity last month, several high profile targets of various industries were hit; this ranges from the likes of the US Marshal Service, retailer WH Smith, satellite provider Dish and many more. These attacks reinforce the concept that any organisation can be a victim, regardless of industry.

https://www.techtarget.com/searchsecurity/news/365532056/Ransomware-attacks-ravaged-big-names-in-February

• Firms Who Pay Ransoms Subsidise New Attacks

A report from security provider Trend Micro found that whilst only a relatively small number of ransomware victims pay their extorters, those that do pay are effectively funding 6-10 new attacks. The report also found that attackers are aware of which industries and countries pay ransoms more often, so organisations belonging to those industries and countries may find themselves an even more attractive target.

https://www.infosecurity-magazine.com/news/firms-pay-ransom-subsidise-10/

• How the Ukraine War Opened a Fault Line in Cyber Crime

A report from threat intelligence provider Recorded Future has highlighted the impact that the Russian invasion of Ukraine has had on cyber. Recorded Future explain how a number of threat actor groups fled during the war and in addition to differing political views between groups, there has been a disruption to the cyber environment. In fact, Recorded Future found that Russian-language dark web marketplaces have taken a major hit and the prediction is that the epicentre of cyber crime may shift to English-speaking dark web forums, shops and marketplaces.

https://www.darkreading.com/analytics/ukraine-war-fault-line-cybercrime-forever

Threats

Ransomware, Extortion and Destructive Attacks

• Firms Who Pay Ransom Subsidise 10 New Attacks: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)

• New cyber attack tactics rise up as ransomware payouts increase | CSO Online

• Ransomware Attacks: Don’t Let Your Guard Down - SecurityWeek

• Ransomware attacks ravaged big names in February | TechTarget

• Cyber Insurance Market Back From Brink After Onslaught of Ransomware Attacks (insurancejournal.com)

• Royal Mail schools LockBit in leaked negotiation (malwarebytes.com)

• 'Ethical hacker' among ransomware suspects arrested • The Register

• Wiper malware goes global, destructive attacks surge - Help Net Security

• A Deep Dive into the Evolution of Ransomware Part 3 (trendmicro.com)

• New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware (bleepingcomputer.com)

• PureCrypter malware hits govt orgs with ransomware, info-stealers (bleepingcomputer.com)

• Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain (thehackernews.com)

• Dish Network confirms ransomware attack behind multi-day outage (bleepingcomputer.com)

• US Marshals Ransomware Hit Is 'Major' Incident (darkreading.com)

• The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)

• Vice Society publishes data stolen during Vesuvius ransomware attack • Graham Cluley

• US Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities (thehackernews.com)

Phishing & Email Based Attacks

• New cyber attack tactics rise up as ransomware payouts increase | CSO Online

• Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert

• Phishing as a Service Stimulates Cyber crime (trendmicro.com)

• Phone Attacks and MFA Bypass Drive Phishing to New Heights - Infosecurity Magazine (infosecurity-magazine.com)

• Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer (trendmicro.com)

BEC – Business Email Compromise

• New cyber attack tactics rise up as ransomware payouts increase | CSO Online

• Expert strategies for defending against multilingual email-based attacks - Help Net Security

• Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan (darkreading.com)

• The Top 5 New Social Engineering Attacks in 2023 - (ISC)² Blog (isc2.org)

• How to Prevent Callback Phishing Attacks on Your Organization (bleepingcomputer.com)

2FA/MFA

• Phone Attacks and MFA Bypass Drive Phishing to New Heights - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• RIG Exploit Kit still infects enterprise users via Internet Explorer (bleepingcomputer.com)

• Exfiltrator-22 Post-Exploitation Toolkit Nips At Cobalt Strike's Heels (darkreading.com)

• Malicious package flood on PyPI might be sign of new attacks to come | CSO Online

• Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)

• Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques (thehackernews.com)

• It's official: BlackLotus malware can bypass secure boot • The Register

• Threat actors target law firms with GootLoader and SocGholish--Security Affairs

• Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer (trendmicro.com)

Mobile

• Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert

• Mobile Banking Trojans Surge, Doubling in Volume (darkreading.com)

• Privacy Concerns Raised Over Android Apps' Data Safety Labels - Infosecurity Magazine (infosecurity-magazine.com)

• Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News

• Phone Attacks and MFA Bypass Drive Phishing to New Heights - Infosecurity Magazine (infosecurity-magazine.com)

• Don't be fooled by a pretty icon, malicious apps hide in plain sight - Help Net Security

Denial of Service/DoS/DDOS

• Danish Hospitals Struck By Cyber attack From ‘Anonymous Sudan’ (informationsecuritybuzz.com)

Data Breaches/Leaks

• LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek

• LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)

• Stanford University discloses data breach affecting PhD applicants (bleepingcomputer.com)

• More than 200 cyber attacks with theft of personal data reported to Irish authorities in a year (thejournal.ie)

• Threat actors leak Activision employee data on hacking forum--Security Affairs

• 10 US states that suffered the most devastating data breaches in 2022 - Help Net Security

• Australian orgs lodged 497 data breach notices in back half of 2022 - Security - iTnews

• WH Smith targeted by cyber attack with hackers accessing data on current and former employees | Business News | Sky News

• API Security Flaw Found in Booking.com Allowed Full Account Takeover - Infosecurity Magazine (infosecurity-magazine.com)

• Hatch Bank discloses data breach after GoAnywhere MFT hack (bleepingcomputer.com)

• GunAuction site was hacked and data of 565k accounts were exposed--Security Affairs

• Chick-fil-A confirms accounts hacked in months-long "automated" attack (bleepingcomputer.com)

• What GoDaddy's Years-Long Breach Means for Millions of Clients (darkreading.com)

Organised Crime & Criminal Actors

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)

• Russian IT “Brain Drain” Decentralizes Cyber crime - Infosecurity Magazine (infosecurity-magazine.com)

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cryptocurrency Bitcoin mining rig found in school crawlspace • The Register

• Highly evasive cryptocurrency miner targets macOS--Security Affairs

• Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques (thehackernews.com)

Insider Risk and Insider Threats

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

Fraud, Scams & Financial Crime

• Investment Scams Drive $9bn Fraud Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

• How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)

• FTC reveals alarming increase in scam activity, costing consumers billions - Help Net Security

• Resecurity identified the investment scam network Digital Smoke - Help Net Security

• Pig butchering scam explained: Everything you need to know (techtarget.com)

AML/CFT/Sanctions

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)

Insurance

• Cyber Insurance Market Back From Brink After Onslaught of Ransomware Attacks (insurancejournal.com)

• The future of cyber insurance - IT Security Guru

Dark Web

• Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (darkreading.com)

Supply Chain and Third Parties

• Third-party risks overwhelm traditional ERM setups - Help Net Security

• Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert

• Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)

Software Supply Chain

• Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)

• SBOM is a 'massive galaxy of mess' for supply chain security • The Register

• IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)

Cloud/SaaS

• How to Tackle the Top SaaS Challenges of 2023 (thehackernews.com)

• Cloud incident response: Frameworks and best practices | TechTarget

• Security teams have no control over risky SaaS-to-SaaS connections - Help Net Security

• It only takes one over-privileged identity to do major damage to a cloud - Help Net Security

• SCARLETEEL hackers use advanced cloud skills to steal source code, data (bleepingcomputer.com)

• Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)

• Google Cloud Platform allows data exfiltration without a (forensic) trace - Help Net Security

• What Happened in That Cyber attack? With Some Cloud Services, You May Never Know (darkreading.com)

• Public SaaS Assets Are a Major Risk For Medium, Large Firms - Infosecurity Magazine (infosecurity-magazine.com)

• New Report: Inside the High Risk of Third-Party SaaS Apps (darkreading.com)

Containers

• Hackers Exploit Containerized Environments to Steals Proprietary Data and Software (thehackernews.com)

Hybrid/Remote Working

• Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)

• How to work from home securely, the NSA way (malwarebytes.com)

Encryption

• Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News

API

• Application Security vs. API Security: What is the difference? (thehackernews.com)

• API Security Flaw Found in Booking.com Allowed Full Account Takeover - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)

• Should organisations swear off open-source software altogether? | VentureBeat

• Top 10 open source software risks for 2023 | CSO Online

• IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek

• Critical Vulnerabilities Allowed Booking.com Account Takeover - SecurityWeek

• Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (darkreading.com)

Social Media

• White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek

• EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO

• TikTok answers three big cyber-security fears about the app - BBC News

• Meta says $725M deal ends all Cambridge Analytica claims; one state disagrees | Ars Technica

Training, Education and Awareness

• As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan (darkreading.com)

Parental Controls and Child Safety

• Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (darkreading.com)

Regulations, Fines and Legislation

• UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)

• Cyber resilience in focus: EU act to set strict standards - Help Net Security

• Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)

• White House to Take Aggressive Stance Mandating Private Industry Make Systems Cyber Safe - MSSP Alert

• ML practitioners push for mandatory AI Bill of Rights - Help Net Security

Governance, Risk and Compliance

• Third-party risks overwhelm traditional ERM setups - Help Net Security

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

• CISOs Share Their 3 Top Challenges for Cybersecurity Management (darkreading.com)

• The Importance of Recession-Proofing Security Operations (darkreading.com)

• Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert

• Decrypting Cyber Risk Quantification (trendmicro.com)

• How to de-risk your digital ecosystem | CSO Online

• CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles - SecurityWeek

Models, Frameworks and Standards

• CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping (bleepingcomputer.com)

Careers, Working in Cyber and Information Security

• Gartner Prediction: Nearly Half of Cybersecurity Pros Will Change Jobs by 2025 - MSSP Alert

• Top 7 cybersecurity jobs in high demand (cointelegraph.com)

• Growing Demand For Skilled Cybersecurity Workforce In Digital Age (informationsecuritybuzz.com)

• Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert | Computer Weekly

• Partnering With a Cybersecurity Vendor Can Help You Recruit Top Talent - MSSP Alert

• CISOs Are Stressed Out and It's Putting Companies at Risk (thehackernews.com)

Law Enforcement Action and Take Downs

• 'Ethical hacker' among ransomware suspects arrested • The Register

• The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)

Privacy, Surveillance and Mass Monitoring

• UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)

• Press greets Home Office redraft of national security bill with scepticism | Media | The Guardian

• Privacy Concerns Raised Over Android Apps' Data Safety Labels - Infosecurity Magazine (infosecurity-magazine.com)

• The Air Force Is Now Using Facial Recognition Drones (gizmodo.com)

• How dog tracker apps are snooping on humans, according to cyber security experts (telegraph.co.uk)

Artificial Intelligence

• Generative AI Changes Everything We Know About Cyber attacks (darkreading.com)

• ChatGPT is bringing advancements and challenges for cybersecurity - Help Net Security

• How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)

• ML practitioners push for mandatory AI Bill of Rights - Help Net Security

Misinformation, Disinformation and Propaganda

• China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)

• Russian IT “Brain Drain” Decentralizes Cyber crime - Infosecurity Magazine (infosecurity-magazine.com)

• How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)

• Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)

• 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop

• Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)

• CISA Calls For Increased Vigilance One Year After Ukraine's Russian Invasion - Infosecurity Magazine (infosecurity-magazine.com)

• CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs

• White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek

• Russian charged with smuggling US counterintel tech • The Register

• Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online

• China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)

• 'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek

• Belgium’s cyber security agency links China to spear phishing attack on MP | Financial Times (ft.com)

• China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian

• China Is Relentlessly Hacking Its Neighbors | WIRED

Nation State Actors

• Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)

• Russian IT “Brain Drain” Decentralizes Cyber crime - Infosecurity Magazine (infosecurity-magazine.com)

• How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)

• Hacker group defaces Russian websites to display the Kremlin on fire | TechCrunch

• Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)

• CISA Calls For Increased Vigilance One Year After Ukraine's Russian Invasion - Infosecurity Magazine (infosecurity-magazine.com)

• CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs

• Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)

• White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek

• Russian charged with smuggling US counterintel tech • The Register

• Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online

• EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO

• China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)

• 'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek

• Belgium’s cyber security agency links China to spear phishing attack on MP | Financial Times (ft.com)

• 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop

• China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian

• China Is Relentlessly Hacking Its Neighbors | WIRED

• TikTok answers three big cyber-security fears about the app - BBC News

• Russia bans foreign messaging apps in government organisations (bleepingcomputer.com)

• Chinese hackers use new custom backdoor to evade detection (bleepingcomputer.com)

Vulnerability Management

• Unpatched old vulnerabilities continue to be exploited: Report | CSO Online

• All CVEs Are Not Created Equal (darkreading.com)

Vulnerabilities

• A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica

• Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig (portswigger.net)

• Popular IBM file transfer tool vulnerable to cyber attacks, CISA says - The Record from Recorded Future News

• Hackers are actively exploiting Zoho ManageEngine flaw-Security Affairs

• All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million (searchenginejournal.com)

• CISA warns of hackers exploiting ZK Java Framework RCE flaw (bleepingcomputer.com)

• Security Defects in TPM 2.0 Spec Raise Alarm - SecurityWeek

• Cisco patches critical Web UI RCE flaw in multiple IP phones (bleepingcomputer.com)

• Aruba Networks fixes six critical vulnerabilities in ArubaOS (bleepingcomputer.com)

• Microsoft releases Windows security updates for Intel CPU flaws (bleepingcomputer.com)

Tools and Controls

• LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)

• Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online

• The Future of Network Security: Predictive Analytics and ML-Driven Solutions (thehackernews.com)

• Microsoft announces automatic BEC, ransomware attack disruption capabilities - Help Net Security

• How to use zero trust and IAM to defend against cyber attacks in an economic downturn | VentureBeat

• Zero trust: building a mixed estate - NCSC.GOV.UK

• Pentesting No Longer Driven by Regulatory Compliance, New Study Finds - MSSP Alert

• Application Security vs. API Security: What is the difference? (thehackernews.com)

• A new AI-based tool to detect DDoS attacks

• CISA Shares Advice to Improve Networks' Monitoring and Hardening - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms - Microsoft Security Blog

• Accurately assessing the success of zero-trust initiatives | TechTarget

Other News

• Attackers are developing and deploying exploits faster than ever - Help Net Security

• Attacker Breakout Time Drops to Just 84 Minutes - Infosecurity Magazine (infosecurity-magazine.com)

• Moving target defence must keep cyber attackers guessing - Help Net Security

• Covert cyber attacks on the rise as attackers shift tactics for maximum impact - Help Net Security

• Dormant accounts are a low-hanging fruit for attackers - Help Net Security

• Dish Network goes offline after likely cyber attack, employees cut off (bleepingcomputer.com)

• News Corp says state hackers were on its network for two years (bleepingcomputer.com)

• UK won the Military Cyberwarfare exercise Defence Cyber Marvel-Security Affairs

• To Safeguard Critical Infrastructure, Go Back to Basics (darkreading.com)

• Feds accuse Google of destroying evidence in antitrust case • The Register

• Microsoft recommending you scan more Exchange server files • The Register

• CISA director urges tech sector to stop shipping unsafe products | CyberScoop

• Developers can make a great extension of your security team - Help Net Security

• 2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots (thehackernews.com)

• Uncovering the most pressing cybersecurity concerns for SMBs - Help Net Security

• Wiz execs: Most overhyped security tool is technology itself • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Employees Bypass Cyber Security Guidance to Achieve Business Objectives

Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.

https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/

• Three Quarters of Businesses Braced for Serious Email Attack this Year

According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.

https://www.csoonline.com/article/3688573/three-quarters-of-businesses-braced-for-serious-email-attack-this-year.html#tk.rss_news

• The Cost of Living Crisis is Triggering a Wave of Workplace Crime

Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000.  Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.

https://news.sky.com/story/the-cost-of-living-crisis-is-triggering-a-wave-of-workplace-crime-heres-how-12817082

• Fighting Ransomware with Cyber Security Audits

With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.

https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html

• Record Levels of Fraud Impacting 90% of Payment Compliance Teams

New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.

https://www.itsecurityguru.org/2023/02/17/overwhelm-impacts-90-of-payment-compliance-teams-as-they-combat-record-levels-of-fraud/

• CISOs Struggle with Stress and Limited Resources

A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.

https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/

• Cyber Threats and Regulations Mount for Financial Industry

Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.

https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry

• HardBit Ransomware Wants Insurance Details to Set the Perfect Price

Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.

 https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/ 

• Social Engineering is Becoming Increasingly Sophisticated

The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.

https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html

• A Fifth of Brits Have Fallen Victim to Online Scammers

Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.

https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/

• Cyber Attacks Hit Data Centres to Steal Information from Companies

Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.

https://www.csoonline.com/article/3688909/cyberattacks-hit-data-centers-to-steal-information-from-global-companies.html#tk.rss_news  

• Phishing Fears Ramp Up on Email, Collaboration Platforms

Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.

https://www.darkreading.com/remote-workforce/phishing-fears-ramp-up-on-e-mail-collaboration-platforms

• The War in Ukraine has Shaken up the Cyber Criminal Eco-System

One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.

https://www.zdnet.com/article/the-war-in-ukraine-has-shaken-up-the-cybercriminal-ecosystem-google-says/

• Police Bust €41m Email Scam Gang

A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.

https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/

Threats

Ransomware, Extortion and Destructive Attacks

• HardBit ransomware wants insurance details to set the perfect price (bleepingcomputer.com)

• An Overview of the Global Impact of Ransomware Attacks (bleepingcomputer.com)

• Fight Ransomware with a Cyber security Audit (trendmicro.com)

• Time to Deploy Ransomware Drops 94% - Infosecurity Magazine (infosecurity-magazine.com)

• Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)

• A Deep Dive into the Evolution of Ransomware Part 1 (trendmicro.com)

• A Deep Dive into the Evolution of Ransomware Part 2 (trendmicro.com)

• Guardian staff forced to work out of former brewery after ransomware attack (telegraph.co.uk)

• Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers (trendmicro.com)

• Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)

• GoAnywhere zero-day opened door to Clop ransomware (malwarebytes.com)

• Derivatives market still hit by fallout from Ion Markets cyber attack | Financial Times (ft.com)

• Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)

• Royal Mail resumes overseas deliveries via post offices after cyber-attack | Royal Mail | The Guardian

• LockBit gang takes credit for attack on water utility in Portugal - The Record from Recorded Future News

• IBM: Ransomware defenders showing signs of improvement | TechTarget

• ESXiArgs Ransomware Has Spread to 500 New Targets in Europe. Will there be More? - MSSP Alert

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED

• Food giant Dole hit by ransomware, halts North American production temporarily (bitdefender.com)

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)

• Trellix Report: LockBit 3.0 Ransomware "Most Aggressive" with Demands - MSSP Alert

• Israel's Top Tech University Targeted by DarkBit Ransomware (darkreading.com)

• Warnings were issued over a log-in system used by Cork university in weeks before cyber attack (thejournal.ie)

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Lockbit gang hit Portuguese municipal water utility Aguas do Porto-Security Affairs

• Student Medical Records Exposed After LAUSD Breach (darkreading.com)

Phishing & Email Based Attacks

• Three-quarters of businesses braced for ‘serious’ email attack this year | CSO Online

• Phishing Fears Ramp Up on Email, Collaboration Platforms (darkreading.com)

• Big rise in 'email thread hijacking' by cyber criminals (rte.ie)

• Fifth of Brits Have Fallen Victim to Online Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing as a Service (cyberark.com)

• Smishing, vishing and whaling: How phishing scams are evolving | The Star

• Microsoft Outlook flooded with spam due to broken email filters (bleepingcomputer.com)

• Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek

BEC – Business Email Compromise

• Google Translate Helps BEC Groups Scam Companies in Any Language (darkreading.com)

• Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Social engineering, deception becomes increasingly sophisticated-Security Affairs

• Smishing, vishing and whaling: How phishing scams are evolving | The Star

• Coinbase cyber attack targeted employees with fake SMS alert (bleepingcomputer.com)

2FA/MFA

• Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)

Malware

• GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft (thehackernews.com)

• Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)

• Researchers unearth Windows backdoor that’s unusually stealthy | Ars Technica

• Researchers warn of 'Havoc' command and control tool • The Register

• New WhiskerSpy malware delivered via trojanized codec installer (bleepingcomputer.com)

• Frebniis malware abuses Microsoft IIS feature to create a backdoor-Security Affairs

• New Stealc malware emerges with a wide set of stealing capabilities (bleepingcomputer.com)

• Experts Warn of RambleOn Android Malware Targeting South Korean Journalists (thehackernews.com)

• Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users - Infosecurity Magazine (infosecurity-magazine.com)

• Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (darkreading.com)

• Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (darkreading.com)

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)

• Russian national accused of developing, selling malware appears in US. court | CyberScoop

• Defenders on high alert as backdoor attacks become more common - Help Net Security

Mobile

• Five easy steps to keep your smartphone safe from hackers | ZDNET

• Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities - SecurityWeek

• Is Telegram the New Dark Web? Report Documents “Cybercrime Ecosystem” on Messaging App - CPO Magazine

• Accidental WhatsApp account takeovers? It's a thing • The Register

• Google will boost Android security through firmware hardening (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Seven German Airports Hit by Suspected Cyber Attack (heimdalsecurity.com)

• 4 Tips to Guard Against DDoS Attacks (darkreading.com)

Internet of Things – IoT

• Locking down the remote printer • The Register

• Are your IoT devices at risk? Cyber security concerns for 2023 - Help Net Security

Data Breaches/Leaks

• Sensitive US military emails exposed by unsecured Azure server • The Register

• DNA testing firm inks settlement after forgotten DB break-in • The Register

• Activision did not notify employees of data breach for months | TechCrunch

• GoDaddy blasted for breach response | SC Media (scmagazine.com)

• TELUS investigating leak of stolen source code, employee data (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The war in Ukraine has shaken up the cyber criminal ecosystem, Google says | ZDNET

• Russian cyber crime alliances upended by Ukraine invasion • The Register

• Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek

• Is Telegram the New Dark Web? Report Documents “Cyber crime Ecosystem” on Messaging App - CPO Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Norwegian police recover $5.9m crypto stolen by North Korea • The Register

• Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek

• Coinbase breached by social engineers, employee data stolen – Naked Security (sophos.com)

• ‘Nevada Group’ hackers target thousands of computer networks | Financial Times (ft.com)

• Pirated Final Cut Pro infects your Mac with cryptomining malware (bleepingcomputer.com)

• SBF faces four additional charges in FTX collapse case • The Register

Insider Risk and Insider Threats

• Employees bypass cyber security guidance to achieve business objectives - Help Net Security

• Insider Threats Don't Mean Insiders Are Threatening (darkreading.com)

• Insider threats must be top-of-mind for organisations facing layoffs - Help Net Security

Fraud, Scams & Financial Crime

• Overwhelm impacts 90% of payment compliance teams as they combat record levels of fraud - IT Security Guru

• The cost of living crisis is triggering a wave of workplace crime - here's how | UK News | Sky News

• Fifth of Brits Have Fallen Victim to Online Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• FTC: Americans lost $8.8 billion to fraud in 2022 after 30% surge (bleepingcomputer.com)

• Firm Fined £200K For "Exploitative" Call Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Europol busts ‘CEO fraud’ gang that stole €38M in a few days (bleepingcomputer.com)

• Criminals are flooding the internet with fake advice scams and adware, so watch out | TechRadar

• ‘They bleed you dry’: the recruitment scammers preying on Australian job seekers | Australia news | The Guardian

• City Fund Managers Jailed for £8m Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers Mimic ChatGPT to Steal Business Credentials (darkreading.com)

• SBF faces four additional charges in FTX collapse case • The Register

Insurance

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

Supply Chain and Third Parties

• UK NCSC Launches Recommendations on Supply Chain Mapping - Infosecurity Magazine (infosecurity-magazine.com)

• Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)

• Third-Party Providers Create Identity and Access Control Challenges for Fintech Apps (darkreading.com)

• 3 Steps to Automate Your Third-Party Risk Management Program (thehackernews.com)

Software Supply Chain

• This Will Be the Year of the SBOM, for Better or for Worse (darkreading.com)

Cloud/SaaS

• Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat

• Four steps SMBs can take to close SaaS security gaps - Help Net Security

• Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? (darkreading.com)

• Four Reasons Why Web Security is as Important as Endpoint Security for MSSP Clients - MSSP Alert

Containers

• 87% of Container Images in Production Have Critical or High-Severity Vulnerabilities (darkreading.com)

Encryption

• Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)

• AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek

API

• Why people-driven remediation is the key to strong API security - Help Net Security

• ‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector | The Daily Swig (portswigger.net)

Open Source

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

Passwords, Credential Stuffing & Brute Force Attacks

• Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)

Social Media

• Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users - Infosecurity Magazine (infosecurity-magazine.com)

• 7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media (darkreading.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

Malvertising

• Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)

Training, Education and Awareness

• Global threats fuel cyber defence training • The Register

Parental Controls and Child Safety

• Over confidence is putting children at risk online says Kaspersky research - IT Security Guru

Regulations, Fines and Legislation

• Cyber threats, Regulations Mount for Financial Industry (darkreading.com)

• Firm Fined £200K For "Exploitative" Call Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Employees bypass cyber security guidance to achieve business objectives - Help Net Security

• The financial system is alarmingly vulnerable to cyber attack | Financial Times (ft.com)

• Cyber threats, Regulations Mount for Financial Industry (darkreading.com)

• Fight Ransomware with a Cyber security Audit (trendmicro.com)

• Evolving Threat Landscape Leading to Cyber security Pro “Burnout,” Study Says - MSSP Alert

• Benchmarking your cyber security budget in 2023 | VentureBeat

• Security breach? Don’t blame your employees | TechCrunch

• 7 reasons to avoid investing in cyber insurance | CSO Online

• 5 top threats from 2022 most likely to strike in 2023 | CSO Online

• Cyber arms race, economic headwinds among top macro cyber security risks for 2023 | CSO Online

• Malicious actors push the limits of attack vectors - Help Net Security

Data Protection

• ICO Calls on Accountants to Improve SME Data Protection - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• CISOs struggle with stress and limited resources - Help Net Security

• Stress pushing CISOs out the door | CSO Online

• Complexity, volume of cyber attacks lead to burnout in security teams - Help Net Security

Law Enforcement Action and Take Downs

• Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek

• Russian national accused of developing, selling malware appears in US. court | CyberScoop

• Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Supreme Court declines to hear Wikimedia case against NSA surveillance program | CyberScoop

Artificial Intelligence

• MLOps Security AI power analysis breaks post-quantum security algorithm ... (eenewseurope.com)

• AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek

• Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Security Experts Warn of Foreign Cyber Threat to 2024 Voting - SecurityWeek

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs

• Russian cybercrime alliances upended by Ukraine invasion • The Register

• Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence-Security Affairs

• Musk restricts Starlink for Ukraine, cites World War III | Fortune

• America Loves Spying by Balloon, Just Like China (gizmodo.com)

• How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek

• Armenia and Azerbaijan Hackers Use OxtaRAT to Monitor Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Russia blames 'hackers' for fake missile strike alerts • The Register

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

• British Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)

Nation State Actors

• ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs

• The war in Ukraine has shaken up the cybercriminal ecosystem, Google says | ZDNET

• Russian cybercrime alliances upended by Ukraine invasion • The Register

• EU Cyber security Agency Warns Against Chinese APTs - Infosecurity Magazine (infosecurity-magazine.com)

• Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence-Security Affairs

• Russian spy working inside as security in a British embassy has been jailed for 13 years | UK News | Sky News

• Norwegian police recover $5.9m crypto stolen by North Korea • The Register

• America Loves Spying by Balloon, Just Like China (gizmodo.com)

• EU Organisations Warned of Chinese APT Attacks - SecurityWeek

• How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek

• Earth Zhulong Familiar Patterns Target Southeast Asian Firms (trendmicro.com)

• Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack (trendmicro.com)

• Putin Speech Broadcast Temporarily Stopped By DDoS Attack (informationsecuritybuzz.com)

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED

• Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (thehackernews.com)

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

Vulnerability Management

• CVSS system criticized for failure to address real-world impact | The Daily Swig (portswigger.net)

• Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

Vulnerabilities

• US Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog (thehackernews.com)

• Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy (thehackernews.com)

• SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities - SecurityWeek

• Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after release of PoC exploit-Security Affairs

• A New Kind of Bug Spells Trouble for iOS and macOS Security | WIRED

• VMware Patches Critical Vulnerability in Carbon Black App Control Product (thehackernews.com)

• New Privilege Escalation Bug Class Found on macOS and iOS - Infosecurity Magazine (infosecurity-magazine.com)

• PoC exploit code for critical Fortinet FortiNAC bug released online-Security Affairs

• Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks - SecurityWeek

• Hackers Exploit Privilege Escalation Flaw on Windows Backup Service - Infosecurity Magazine (infosecurity-magazine.com)

• Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (bleepingcomputer.com)

• Exploitation attempts observed against Fortinet FortiNAC flaw | TechTarget

• Researchers find hidden vulnerabilities in hundreds of Docker containers - Help Net Security

Tools and Controls

• Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)

• Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat

• 10 Best Network Security Solutions & Providers - 2023 (cybersecuritynews.com)

• Modern Software: What's Really Inside? (darkreading.com)

• Why privileged access management should be critical to your security strategy | VentureBeat

• The battle for data security now falls on developers; here’s how they can win | VentureBeat

• Zero trust, XDR prominent in Gartner’s Hype Cycle for Endpoint Security | VentureBeat

• Advantages of the AWS Security Maturity Model (trendmicro.com)

Other News

• Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)

• NSA shares guidance on how to secure your home network (bleepingcomputer.com)

• Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)

• Malicious actors push the limits of attack vectors - Help Net Security

• Researchers Hijack Popular NPM Package with Millions of Downloads (thehackernews.com)

• Is OWASP at Risk of Irrelevance? (darkreading.com)

• Justice Department Debuts 'Disruptive Technology Strike Force' (gizmodo.com)

• How to Detect New Threats via Suspicious Activities (thehackernews.com)

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

• White House cyber security strategy to force large companies to make systems secure by design | CyberScoop

• Microsoft urges Exchange admins to remove some antivirus exclusions (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• LastPass Admits Attackers have an Encrypted Copy of Customers’ Password Vaults 

Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contain the passwords to their accounts.

In a December 22nd update to its advice about the incident, LastPass brings customers up to date by explaining that in the August 2022 attack “some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.” Those creds allowed the attacker to copy information “that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”

The update reveals that the attacker also copied “customer vault” data, the file LastPass uses to let customers record their passwords. That file “is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.” The passwords are encrypted with “256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password”.

LastPass’ advice is that even though attackers have that file, customers who use its default settings have nothing to do as a result of this update as “it would take millions of years to guess your master password using generally-available password-cracking technology.” One of those default settings is not to re-use the master password that is required to log into LastPass. The outfit suggests you make it a complex credential and use that password for just one thing: accessing LastPass.

LastPass therefore offered the following advice to individual and business users: If your master password does not make use of the defaults above, then it would significantly reduce the number of attempts needed to guess it correctly. In this case, as an extra security measure, you should consider minimising risk by changing passwords of websites you have stored.

LastPass’s update concludes with news it decommissioned the systems breached in August 2022 and has built new infrastructure that adds extra protections.

https://www.theregister.com/2022/12/23/lastpass_attack_update/

• Ransomware Attacks Increased 41% In November

Ransomware attacks rose 41% last month as groups shifted among the top spots and increasingly leveraged DDoS attacks, according to new research from NCC Group.

A common thread of NCC Group's November Threat Pulse was a "month full of surprises," particularly related to unexpected shifts in threat actor behaviour. The Cuba ransomware gang resurged with its highest number of attacks recorded by NCC Group. Royal replaced LockBit 3.0 as the most active strain, a first since September of last year.

These factors and more contributed to the significant jump in November attacks, which rose from 188 in October to 265.

"For 2022, this increase represents the most reported incidents in one month since that of April, when there were 289 incidents, and is also the largest month-on-month increase since June-July's marginally larger increase of 47%," NCC Group wrote in the report.

Operators behind Royal ransomware, a strain that emerged earlier this year that operates without affiliates and utilises intermittent encryption to evade detection, surpassed LockBit 3.0 for the number one spot, accounting for 16% of hack and leak incidents last month.

https://www.techtarget.com/searchsecurity/news/252528505/NCC-Group-Ransomware-attacks-increased-41-in-November

• The Risk of Escalation from Cyber Attacks Has Never Been Greater

In 2022, an American dressed in his pyjamas took down North Korea’s Internet from his living room. Fortunately, there was no reprisal against the United States. But Kim Jong Un and his generals must have weighed retaliation and asked themselves whether the so-called independent hacker was a front for a planned and official American attack.

In 2023, the world might not get so lucky. There will almost certainly be a major cyber attack. It could shut down Taiwan’s airports and trains, paralyse British military computers, or swing a US election. This is terrifying, because each time this happens, there is a small risk that the aggrieved side will respond aggressively, maybe at the wrong party, and (worst of all) even if it carries the risk of nuclear escalation.

This is because cyber weapons are different from conventional ones. They are cheaper to design and wield. That means great powers, middle powers, and pariah states can all develop and use them.

More important, missiles come with a return address, but virtual attacks do not. Suppose in 2023, in the coldest weeks of winter, a virus shuts down American or European oil pipelines. It has all the markings of a Russian attack, but intelligence experts warn it could be a Chinese assault in disguise. Others see hints of the Iranian Revolutionary Guard. No one knows for sure. Presidents Biden and Macron have to decide whether to retaliate at all, and if so, against whom … Russia? China? Iran? It's a gamble, and they could get unlucky.

Neither country wants to start a conventional war with one another, let alone a nuclear one. Conflict is so ruinous that most enemies prefer to loathe one another in peace. During the Cold War, the prospect of mutual destruction was a huge deterrent to any great power war. There were almost no circumstances in which it made sense to initiate an attack. But cyber warfare changes that conventional strategic calculus. The attribution problem introduces an immense amount of uncertainty, complicating the decision our leaders have to make.

https://arstechnica.com/information-technology/2022/12/the-risk-of-escalation-from-cyberattacks-has-never-been-greater/

• FBI Recommends Ad Blockers as Cyber Criminals Impersonate Brands in Search Engine Ads

The Federal Bureau of Investigation (FBI) this week raised the alarm on cyber criminals impersonating brands in advertisements that appear in search engine results. The agency has advised consumers to use ad blockers to protect themselves from such threats.

The attackers register domains similar to those of legitimate businesses or services, and use those domains to purchase ads from search engine advertisement services, the FBI says in an alert. These nefarious ads are displayed at the top of the web page when the user searches for that business or service, and the user might mistake them for an actual search result.

Links included in these ads take users to pages that are identical to the official web pages of the impersonated businesses, the FBI explains. If the user searches for an application, they are taken to a fake web page that uses the real name of the program the user searches for, and which contains a link to download software that is, in fact, malware.

“These advertisements have also been used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms,” the FBI notes. Seemingly legitimate exchange platforms, the malicious sites prompt users to provide their login and financial information, which the cyber criminals then use to steal the victim’s funds.

“While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link,” the FBI says.

Businesses are advised to use domain protection services to be notified of domain spoofing, and to educate users about spoofed websites and on how to find legitimate downloads for the company’s software.

Users are advised to check URLs to make sure they access authentic websites, to type a business’ URL into the browser instead of searching for that business, and to use ad blockers when performing internet searches. Ad blockers can have a negative impact on the revenues of online businesses and advertisers, but they can be good for online security, and even the NSA and CIA are reportedly using them.

https://www.securityweek.com/fbi-recommends-ad-blockers-cybercriminals-impersonate-brands-search-engine-ads

• North Korea-Linked Hackers Stole $626 Million in Virtual Assets in 2022

South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years.

According to the spy agency, more than half the crypto assets (about 800 billion won ($626 million)) have been stolen this year alone, reported the Associated Press. The Government of Pyongyang focuses on crypto hacking to fund its military program following harsh UN sanctions.

“South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cyber crimes since UN economic sanctions were toughened in 2017 in response to its nuclear and missile tests.” reported the AP agency. North Korea cannot export its products due to the UN sanctions imposed in 2016 and 1017, and the impact on its economy is dramatic.

The NIS added that more than 100 billion won ($78 million) of the total stolen funds came from South Korea. Cyber security and intelligence experts believe that attacks aimed at the cryptocurrency industry will continue to increase next year. National Intelligence Service experts believe that North Korea-linked APT groups will focus on the theft of South Korean technologies and confidential information on South Korean foreign policy and national security.

Data published by the National Intelligence Service agency confirms a report published by South Korean media outlet Chosun early this year that revealed North Korean threat actors have stolen around $1.7 billion (2 trillion won) worth of cryptocurrency from multiple exchanges during the past five years.

https://securityaffairs.co/wordpress/139909/intelligence/north-korea-cryptocurrency-theft.html

• UK Security Agency Wants Fresh Approach to Combat Phishing

The UK National Cyber Security Centre (NCSC) has called for a defence-in-depth approach to help mitigate the impact of phishing, combining technical controls with a strong reporting culture.

Writing in the agency’s blog, technical director and principal architect, “Dave C,” argued that many of the well-established tenets of anti-phishing advice simply don’t work. For example, advising users not to click on links in unsolicited emails is not helpful when many need to do exactly that as part of their job.

This is often combined with a culture where users are afraid to report that they’ve accidentally clicked, which can delay incident response, he said. It’s not the user’s responsibility to spot a phish – rather, it’s their organisation’s responsibility to protect them from such threats, Dave C argued.

As such, they should build layered technical defences, consisting of email scanning and DMARC/SPF policies to prevent phishing emails from arriving into inboxes. Then, organisations should consider the following to prevent code from executing:

• Allow-listing for executables

• Registry settings changes to ensure dangerous scripting or file types are opened in Notepad and not executed

• Disabling the mounting of .iso files on user endpoints

• Making sure macro settings are locked down

• Enabling attack surface reduction rules

• Ensuring third-party software is up to date

• Keeping up to date about current threats

Additionally, organisations should take steps such as DNS filtering to block suspicious connections and endpoint detection and response (EDR) to monitor for suspicious behaviour, the NCSC advised.

https://www.infosecurity-magazine.com/news/uk-security-agency-combat-phishing/

• GodFather Android malware targets 400 banks, crypto exchanges

An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.

The malware generates login screens overlaid on top of the banking and crypto exchange apps' login forms when victims attempt to log into the site, tricking the user into entering their credentials on well-crafted HTML phishing pages.

The Godfather trojan was discovered by Group-IB analysts, who believe it is the successor of Anubis, a once widely-used banking trojan that gradually fell out of use due to its inability to bypass newer Android defences. ThreatFabric first discovered Godfather in March 2021, but it has undergone massive code upgrades and improvements since then.

Also, Cyble published a report yesterday highlighting a rise in the activity of Godfather, pushing an app that mimics a popular music tool in Turkey, downloaded 10 million times via Google Play. Group-IB has found a limited distribution of the malware in apps on the Google Play Store; however, the main distribution channels haven't been discovered, so the initial infection method is largely unknown.

Almost half of all apps targeted by Godfather, 215, are banking apps, and most of them are in the United States (49), Turkey (31), Spain (30), Canada (22), France (20), Germany (19), and the UK (17).

Apart from banking apps, Godfather targets 110 cryptocurrency exchange platforms and 94 cryptocurrency wallet apps.

https://www.bleepingcomputer.com/news/security/godfather-android-malware-targets-400-banks-crypto-exchanges/

• Companies Overwhelmed by Available Tech Solutions

92% of executives reported challenges in acquiring new tech solutions, highlighting the complexities that go into the decision-making process, according to GlobalDots.

Moreover, some 34% of respondents said the overwhelming amount of options was a challenge when deciding on the right solutions, and 33% admitted the time needed to conduct research was another challenge in deciding.

Organisations of all varieties rely on technology more than ever before. The constant adoption of innovation is no longer a luxury but rather a necessity to stay on par in today’s fast-paced and competitive digital landscape. In this environment, IT and security leaders are coming under increased pressure to show ROIs from their investment in technology while balancing operational excellence with business innovation. Due to current market realities, IT teams are short-staffed and suffering from a lack of time and expertise, making navigating these challenges even more difficult.

The report investigated how organisations went about finding support for their purchasing decisions. Conferences, exhibitions, and online events served as companies’ top source of information for making purchasing decisions, at 52%. Third-party solutions, such as value-added resellers and consultancies, came in second place at 48%.

54% are already using third parties to purchase, implement, or support their solutions, highlighting the value that dedicated experts with in-depth knowledge of every solution across a wide range of IT fields provide.

We are living in an age of abundance when it comes to tech solutions for organisations, and this makes researching and purchasing the right solutions for your organisation extremely challenging.

https://www.helpnetsecurity.com/2022/12/20/tech-purchasing-decisions/

• Nine in 10 Third-party Contractors, Freelancers Use Personal, Unmanaged Devices Likely to be Infected

Talon Cyber Security surveyed 258 third-party providers to better understand the state of third-party working conditions, including work models, types of devices and security technologies used, potentially risky actions taken, and how security and IT tools impact productivity.

Looking at recent high-profile breaches, third parties have consistently been at the epicenter, so they took a step back with their research to better understand the potential root causes. The findings paint a picture of a third-party work landscape where individuals are consistently working from personal, unmanaged devices, conducting risky activities, and having their productivity impacted by legacy security and IT solutions.

Here’s what Talon discovered:

• Most third parties (89%) work from personal, unmanaged devices, where organisations lack visibility and cannot enforce the enterprise’s security posture on. Talon pointed to a Microsoft data point that estimated users are 71% more likely to be infected on an unmanaged device.

• With third parties working from personal devices, they tend to carry out personal, potentially risky tasks. Respondents note that at least on occasion, they have used their devices to:

  • Browse the internet for personal needs (76%)

  • Indulge in online shopping (71%)

  • Check personal email (75%)

  • Save weak passwords in the web browser (61%)

  • Play games (53%)

  • Allow family members to browse (36%)

  • Share passwords with co-workers (24%)

• Legacy apps such as Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) solutions are prominent, with 45% of respondents using such technologies while working for organisations.

https://www.msspalert.com/cybersecurity-research/nine-in-10-third-party-contractors-freelancers-use-personal-unmanaged-devices-likely-to-be-infected/

• UK Privacy Regulator Names and Shames Breached Firms

The UK Information Commissioner’s Office (ICO) has taken the unusual step of publishing details of personal data breaches, complaints and civil investigations on its website, according to legal experts.

The data, available from Q4 2021 onwards, includes the organisation’s name and sector, the relevant legislation and the type of issues involved, the date of completion and the outcome.

Given the significance of this development, it’s surprising that the ICO has (1) chosen to release it with limited fanfare, and (2) buried the data sets on its website. Indeed, it seems to have flown almost entirely under the radar.

Understanding whether their breach or complaint will be publicised by European regulators is one of – if not the – main concern that organisations have when working through an incident, and the answer has usually been no. That is particularly the understanding or assumption where the breach or complaint is closed without regulatory enforcement. Now, at least in the UK, the era of relative anonymity looks to be over.

Despite the lack of fanfare around the announcement, this naming and shaming approach could make the ICO one of the more aggressive privacy regulators in Europe. In the future, claimant firms in class action lawsuits may adopt “US-style practices” of scanning the ICO database to find evidence of repeat offending or possible new cases.

The news comes even as data reveals the value of ICO fines issued in the past year tripled from the previous 12 months. In the year ending October 31 2022, the regulator issued fines worth £15.2m, up from £4.8m the previous year. The sharp increase in the value of fines shows the ICO’s increasing willingness selectively to crack down on businesses – particularly those that the ICO perceives has not taken adequate measures to protect customer and employee data.

https://www.infosecurity-magazine.com/news/uk-privacy-regulator-names-and/

Threats

Ransomware, Extortion and Destructive Attacks

• 20 companies affected by major ransomware attacks in 2021 | TechTarget

• NCC Group: Ransomware attacks increased 41% in November | TechTarget

• Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks (trendmicro.com)

• Adversarial risk in the age of ransomware - Help Net Security

• Guardian newspaper hit by suspected ransomware attack, staff told not to come to office - The Record by Recorded Future

• FIN7 hackers create auto-attack platform to breach Exchange servers (bleepingcomputer.com)

• New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure (thehackernews.com)

• Ransomware Groups to Increase Zero-Day Exploit-Based Access Methods in the Future - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Uses New Exploit to Bypass ProxyNotShell Mitigations | SecurityWeek.Com

• New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080) - Help Net Security

• British newspaper The Guardian says it’s been hit by ransomware | TechCrunch

• Play ransomware actors bypass ProxyNotShell mitigations | TechTarget

• Preventing Cryptocurrency Cyber Extortion (trendmicro.com)

• FIN7 Cyber crime Syndicate Emerges as Major Player in Ransomware Landscape (thehackernews.com)

• Vice Society ransomware gang is using a custom locker - Security Affairs

• NIO suffers user data breach, hacker demands $2.25 million worth of bitcoin - CnEVPost

• German industrial giant ThyssenKrupp targeted in a cyber attack - Security Affairs

• Paying Ransom: Why Manufacturers Shell Out to Cyber criminals (darkreading.com)

• France Seeks to Protect Hospitals After Series of Cyber attacks | SecurityWeek.Com

• Fire and rescue service in Victoria, Australia, confirms cyber attack - Security Affairs

• Ransomware hits Leiden University - Techzine Europe

• Play Ransomware Gang Lay Claims For Cyber Attack On H-Hotels (informationsecuritybuzz.com)

• Evolving threats and broadening responses to Ransomware in the UAE - Security Boulevard

• Cyber Incident Causes System Failures at Canadian Children’s Hospital - Infosecurity Magazine (infosecurity-magazine.com)

Phishing & Email Based Attacks

• Five Best Practices for Consumers to Beat Phishing Campaigns This Holiday Season - CPO Magazine

• Hackers continue to exploit hijacked MailChimp accounts in cyber crime campaigns (bitdefender.com)

• Holiday Spam, Phishing Campaigns Challenge Retailers (darkreading.com)

• Email hijackers scam food out of businesses, not just money • The Register

• Telling users to ‘avoid clicking bad links’ still isn’t working - NCSC.GOV.UK

• UK Security Agency Calls for Fresh Approach to Combat Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• “Suspicious login” scammers up their game – take care at Christmas – Naked Security (sophos.com)

• Simple Steps to Avoid Phishing Attacks During This Festive season | Tripwire

• Web3 IPFS Currently Used For Phishing (trendmicro.com)

BEC – Business Email Compromise

• Telling users to ‘avoid clicking bad links’ still isn’t working - NCSC.GOV.UK

• What happens once scammers receive funds from their victims - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Amplified security trends to watch out for in 2023 - Help Net Security

2FA/MFA

• Why Security Teams Shouldn't Snooze on MFA Fatigue (darkreading.com)

• Comcast Xfinity accounts hacked in widespread 2FA bypass attacks (bleepingcomputer.com)

Malware

• DarkTortilla malware spreads on phishing sites masquerading as legitimate domains | SC Media (scmagazine.com)

• Malicious ‘SentinelOne’ PyPI package steals data from developers (bleepingcomputer.com)

• Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It (thehackernews.com)

• Ukraine's DELTA military system users targeted by info-stealing malware (bleepingcomputer.com)

• Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages (darkreading.com)

• Trojanized Windows 10 installers compromised the Ukrainian government | SC Media (scmagazine.com)

• Raspberry Robin Worm Targets Telcos & Governments (darkreading.com)

• Detecting Windows AMSI Bypass Techniques (trendmicro.com)

• Raspberry Robin worm drops fake malware to confuse researchers (bleepingcomputer.com)

• Number of command-and-control servers spiked in 2022: report - The Record by Recorded Future

Mobile

• GodFather Android malware targets 400 banks, crypto exchanges (bleepingcomputer.com)

• Godfather makes banking apps an offer they can’t refuse • The Register

• Beware: Cyber criminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users (thehackernews.com)

• T-Mobile hacker gets 10 years for $25 million phone unlock scheme (bleepingcomputer.com)

Botnets

• Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It (thehackernews.com)

• Zerobot malware now spreads by exploiting Apache vulnerabilities (bleepingcomputer.com)

• Flaws within IoT devices exploited by the Zerobot botnet (izoologic.com)

• Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)

Denial of Service/DoS/DDOS

• How AI/ML Can Thwart DDoS Attacks (darkreading.com)

• DDoS Attacks are Slowly Growing in the Technology Era (analyticsinsight.net)

• Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)

BYOD

• Nine in 10 Third-party Contractors, Freelancers Use Personal, Unmanaged Devices Likely to be Infected - MSSP Alert

Internet of Things – IoT

• Millions of IP cameras around the world are unprotected | TechRadar

• Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)

• Eufy has removed privacy-focused language from its website amid ongoing security camera fiasco (androidpolice.com)

• Throw away all your Eufy cameras right now | Android Central

• Read what Anker’s customer support is telling worried Eufy camera owners - The Verge

• Amazon Ring Cameras Used in Nationwide ‘Swatting’ Spree, US Says - Bloomberg

• Connected homes are expanding, so is attack volume - Help Net Security

• Security Risks, Serious Vulnerabilities Rampant Among XIoT Devices in the Workplace - CPO Magazine

• Researchers Develop AI-powered Malware Classification for 5G-enabled IIoT - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• LastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica

• Okta's source code stolen after GitHub repositories hacked (bleepingcomputer.com)

• McGraw Hill's S3 buckets exposed 100,000 students' grades • The Register

• NIO suffers user data breach, hacker demands $2.25 million worth of bitcoin - CnEVPost

• Notice of Recent Security Incident - The LastPass Blog

• Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days - Security Affairs

• Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale (bleepingcomputer.com)

• Leading sports betting firm BetMGM discloses data breach (bleepingcomputer.com)

• MP blasts water firm over cyber attack that saw customers' details leaked to dark web - Staffordshire Live (staffordshire-live.co.uk)

Organised Crime & Criminal Actors

• 'Russian hackers' help two New York men game JFK taxi system - CyberScoop

• Hackers Mined a Single Software Flaw for a Year in NY Cyber attack - The New York Times (nytimes.com)

• What happens once scammers receive funds from their victims - Help Net Security

• [FIN7] Fin7 Unveiled: A deep dive into notorious cyber crime gang - PRODAFT

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Microsoft bans cryptomining in Azure | TechRadar

• FTX's alleged run-of-the-mill frauds depended entirely on crypto (yahoo.com)

• GodFather Android malware targets 400 banks, crypto exchanges (bleepingcomputer.com)

• Preventing Cryptocurrency Cyber Extortion (trendmicro.com)

• Two associates of Sam Bankman-Fried plead guilty to fraud charges in FTX fall | FTX | The Guardian

• North Korea-linked hackers stole $626M in virtual assets in 2022 - Security Affairs

Insider Risk and Insider Threats

• Amplified security trends to watch out for in 2023 - Help Net Security

Fraud, Scams & Financial Crime

• FTX's alleged run-of-the-mill frauds depended entirely on crypto (yahoo.com)

• “Suspicious login” scammers up their game – take care at Christmas – Naked Security (sophos.com)

• Fraudulent ‘popunder’ Google Ad campaign generated millions of dollars • The Register

• Over 67,000 DraftKings Betting Accounts Hit by Hackers (gizmodo.com)

• What happens once scammers receive funds from their victims - Help Net Security

• T-Mobile hacker gets 10 years for $25 million phone unlock scheme (bleepingcomputer.com)

• Google Ad fraud campaign used adult content to make millions (bleepingcomputer.com)

• Two associates of Sam Bankman-Fried plead guilty to fraud charges in FTX fall | FTX | The Guardian

• Inside The Next-Level Fraud Ring Scamming Billions Off Holiday Retailers (darkreading.com)

Supply Chain and Third Parties

• teiss - Supply Chain Security - Hacking the supply chain

• Supply Chain Risks Got You Down? Keep Calm and Get Strategic! (darkreading.com)

Cloud/SaaS

• Microsoft bans cryptomining in Azure | TechRadar

• McGraw Hill's S3 buckets exposed 100,000 students' grades • The Register

• AWS simplifies Simple Storage Service to prevent data leaks • The Register

• Organisations Warned of New Attack Vector in Amazon Web Services - Infosecurity Magazine (infosecurity-magazine.com)

• New Brand of Security Threats Surface in the Cloud (darkreading.com)

• Google WordPress Plug-in Bug Allows AWS Metadata Theft (darkreading.com)

• Dealing with cloud security shortfalls - Help Net Security

• It’s time to fill those cloud security gaps • The Register

• Security on a Shoestring? Cloud, Consolidation Best Bets for Businesses (darkreading.com)

Hybrid/Remote Working

• Remote Workers Are Blowing the Whistle, Employees Exposing Companies

Attack Surface Management

• Nine in 10 Third-party Contractors, Freelancers Use Personal, Unmanaged Devices Likely to be Infected - MSSP Alert

Encryption

• Biden Signs Post-Quantum Cyber security Guidelines Into Law (darkreading.com)

API

• APIs are placing your enterprise at risk - Help Net Security

Open Source

• Open source vulnerabilities add to security debt - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• LastPass admits attackers copied password vaults • The Register

• LastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica

• Notice of Recent Security Incident - The LastPass Blog

Social Media

• Meta Takes Down Over 200 Covert Influence Operations Since 2017 - Infosecurity Magazine (infosecurity-magazine.com)

• Social media use can put companies at risk: Here are some ways to mitigate the danger | CSO Online

• Colleges Move To Ban TikTok on Campus (gizmodo.com)

Malvertising

• Fraudulent ‘popunder’ Google Ad campaign generated millions of dollars • The Register

• Don't click too quick! FBI warns of malicious search engine ads | Tripwire

• FBI Recommends Ad Blockers as Cyber criminals Impersonate Brands in Search Engine Ads | SecurityWeek.Com

• Google Ad fraud campaign used adult content to make millions (bleepingcomputer.com)

Parental Controls and Child Safety

• Buggy parental-control apps could allow device takeover • The Register

• Bfore.Ai Releases 'The King, The Knight & The Snowball' - Cyber security Book for Children (darkreading.com)

• Children And The Dangers Of The Virtual World (informationsecuritybuzz.com)

Regulations, Fines and Legislation

• TSB fined nearly $60m for platform migration disaster • The Register

• FTC Fines Fortnite Maker Epic Games $275 Million for Violating Children's Privacy Law (thehackernews.com)

• UK Privacy Regulator Names and Shames Breached Firms - Infosecurity Magazine (infosecurity-magazine.com)

• FCC proposes record-breaking $300 million fine against robocaller (bleepingcomputer.com)

• France Fines Microsoft 60 Million Euros Over Advertising Cookies | SecurityWeek.Com

• The long, long reach of the UK’s national security laws | Financial Times

Governance, Risk and Compliance

• Make sure your company is prepared for the holiday hacking season - Help Net Security

• Rethinking Risk After the FTX Debacle (darkreading.com)

• The benefit of adopting a hacker mindset for building security strategies - Help Net Security

Careers, Working in Cyber and Information Security

• CISO roles continue to expand beyond technical expertise - Help Net Security

• UK secret services wants ‘corkscrew thinkers’ for new cyber force | News | The Times

Law Enforcement Action and Take Downs

• Swatting spree suspects charged after compromising Ring cams • The Register

Privacy, Surveillance and Mass Monitoring

• Not Big Brother, but close: a surveillance expert explains some of the ways we’re all being watched, all the time (theconversation.com)

• France Fines Microsoft 60 Million Euros Over Advertising Cookies | SecurityWeek.Com

• What is surveillance capitalism? - Definition from WhatIs.com (techtarget.com)

• Google Maps: Important reason you should blur your house on Street View (ladbible.com)

• Blur Your House ASAP if It's on Google Maps. Here's Why - CNET

Artificial Intelligence

• Threat Modeling in the Age of OpenAI's Chatbot (darkreading.com)

• This is how OpenAI's ChatGPT can be used to launch cyber attacks (techmonitor.ai)

• How AI/ML Can Thwart DDoS Attacks (darkreading.com)

• Bfore.Ai Releases 'The King, The Knight & The Snowball' - Cyber security Book for Children (darkreading.com)

Misinformation, Disinformation and Propaganda

• Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyber Warfare Is Getting Real | WIRED

• State level cyber attacks – Why and how (ukdefencejournal.org.uk)

• The risk of escalation from cyber attacks has never been greater | Ars Technica

• Ukraine's DELTA military system users targeted by info-stealing malware (bleepingcomputer.com)

• Trojanized Windows 10 installers compromised the Ukrainian government | SC Media (scmagazine.com)

• NATO-Member Oil Refinery Targeted in Russian APT Blitz Against Ukraine (darkreading.com)

• Russian APT Gamaredon Changes Tactics in Attacks Targeting Ukraine | SecurityWeek.Com

• Kremlin-linked hackers tried to spy on oil firm in NATO country, researchers say | CNN Politics

• ‘Our weapons are computers’: Ukrainian coders aim to gain battlefield edge | Ukraine | The Guardian

• The long, long reach of the UK’s national security laws | Financial Times

• UK secret services wants ‘corkscrew thinkers’ for new cyber force | News | The Times

Nation State Actors

Nation State Actors – Russia

• UK orders sale of Russian-backed broadband firm Upp over ‘security risk’ | Telecommunications industry | The Guardian

• Dark Web Profile: Killnet - Russian Hacktivist Group - SOCRadar

Nation State Actors – China

• Apple accused of censoring apps in Hong Kong and Russia • The Register

• The long, long reach of the UK’s national security laws | Financial Times