Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 03 November 2023
Black Arrow Cyber Threat Intelligence Briefing 03 November 2023:
-Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
-Are You and Your Clients Soft Targets?
-Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
-Executives May be The Biggest Risk to Your Business
-Organisations Can Only Stop 57 Percent of Cyber Attacks
-Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
-Business Email Compromise is Most Common Entry Point for Cyber Attack
-US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
-Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
-Your End-Users are Reusing Passwords, That’s a Big Problem
-Cyber Workforce Demand is Outpacing Supply
-What the Boardroom Is Missing: CISOs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
The best defence against a ransomware attack is assuming it will happen before it does. Research by Visa Inc found that ransomware continues to rapidly rise. One of the main factors is the use of AI services to mass produce highly personalised and plausible emails. The second is the proliferation of highly professional do-it-yourself ransomware kits, which frequently come with 24/7 tech support. These two factors drastically lower the skill level required for cyber criminals to successfully pull off an attack.
Another new ransomware trend is “dual ransomware attacks”. This is where criminals carry out two or more attacks in close proximity of each other, ranging between 48 hours to a maximum of 10 days. With an 80% chance of re-attack, small and medium sized businesses in hard-hit industries including healthcare and manufacturing are primary targets; organisations must be extra vigilant as the holidays approach because this is when cyber criminals are most likely to attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Venture Beat] [SC Media] [Help Net Security] [Infosecurity Magazine] [Help Net Security] [Tech Crunch]
Are You and Your Clients Soft Targets?
Cyber attacks are not a matter of "if" but "when," and the question you need to ask yourself is, ‘Are you a soft target?’. A soft target is a network or organisation that is relatively unprotected or vulnerable to cyber attacks.
You may feel confident in your ability to recover from an attack, but if you've never thoroughly tested your backup and recovery procedures, and when the time comes you find that it does not work, the result will leave you more likely to pay a ransom in an encryption based ransomware scenario. Reliance on legacy antivirus, which often fails to detect modern threats, can also render your network a soft target. Additionally, the absence of a rigorous vulnerability scanning and patching process leaves vulnerabilities undiscovered, and attackers are quick to exploit them. If you rely solely on prevention measures like firewalls and endpoint protection platforms, you are making yourself an appealing soft target for cyber criminals.
No organisation is entirely immune to cyber attacks. The key to defending you and your client's information effectively is to anticipate attacks, understand your security posture, recognise potential adversaries, and recover correctly in the event of an attack.
Source: [MSSP Alert]
Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
Small businesses may be discouraged from investing in preventive cyber security measures due to the expense involved and the mistaken belief that only larger companies are the target of cyber crimes. However, according to a recent report nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information. The report found that employee and customer data continue to be the most impacted categories of information in data breaches with 42% of small businesses losing revenue due to a cyber event.
The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses, with malware, phishing and botnets being the most common threats. Daily malware activity has doubled year over year, and peaks in holiday seasons.
Sources: [Help Net Security] [Security Magazine] [Help Net Security] [JDSupra]
Executives May be The Biggest Risk to Your Business as One in Five Share Work Passwords Outside the Company
According to a recent report, nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do. The research reported one in five sharing their work password with someone outside the company, 77% using easy-to-remember passwords including birth dates, and a third admitting to accessing unauthorised files and data with nearly two-thirds having the ability to edit those files/data.
Additionally, the C-suite was found to be more than three times as likely than regular users to share work devices with unauthorised users. An essential approach to reducing the risks is a tailored training programme that enables all users, including the C-suite, to understand the objective of security controls and the risks caused by bypassing them. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Sources: [Infosecurity Magazine] [Tech Radar] [Security Magazine] [Help Net Security]
Organisations Can Only Stop 57 Percent of Cyber Attacks
According to a report from Tenable, over the last two years, the average organisation's cyber security program was prepared to preventatively defend against, or block, just 57 percent of the cyber attacks it encountered. The report found that 58% of respondents focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. This is put down largely to a struggle to obtain an accurate picture of their attack surface. When it came to risks, 75% viewed cloud infrastructure as the greatest source of exposure risk in their organisation.
Source: [Beta News]
Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
Generative AI has revolutionised many aspects of life, offering new opportunities that have also greatly benefited malicious actors. A report has found that since the launch of ChatGPT, phishing attacks have increased by 1,265%. A separate report found that many businesses remain unprepared for the impact of AI, with just 16% of respondents satisfied in their organisation’s understanding of these AI tools.
Sources: [Decrypt] [Infosecurity Magazine] [Emerging Risks]
Business Email Compromise is Most Common Entry Point for Cyber Attack
According to cyber insurance provider Hiscox, almost half of UK businesses have experienced a cyber attack in the last year, an increase of 9% from the previous year. Business email compromise was recorded as the most common point of entry, mentioned by 35% of companies who suffered an attack.
The report found that 20% of attacked organisations received a ransomware demand, slightly up from 19% the previous year. The proportion paying the ransom fell from 66% to 63%, but the median ransom rose 13%.
Sources: [Hiscox] [Digital Journal]
US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
The US Securities and Exchange Commission (SEC) announced plans to charge a Chief Information Security Officer (CISO) with fraud for their role in allegedly lying to investors, overstating cyber security practices, and understating or failing to disclose known risks. A key piece of evidence presented by the SEC involved a presentation that was shared with the CISO, detailing a lack of security in the CISO employer’s setup. The presentation highlighted how exploitation could lead to major reputational and financial loss.
The case represents a larger shift in the dynamics and corporate reporting of security issues and within this, lies the professionalism of the CISO role. It is likely that this incident could become the start of something larger.
Sources: [The Record] [Security Week ] [Forbes]
Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
A survey found that 66% of companies are reevaluating their data protection and cyber resilience strategies. Despite this, 35% are not prioritising recovery and only half (56.6%) focused on both recovery and prevention.
Whilst it is important to prevent attacks, nothing is 100% secure and organisations need to ensure that their ransomware plans include recovery as a part of this. If, or when, you experience an attack, you will not want to improvise your recovery.
Source: [Help Net Security]
Your End-Users are Reusing Passwords: That’s a Big Problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until it turns up in the form of hackers using compromised credentials as an initial access vector. A recent survey revealed that 53% of people admit to reusing passwords, making it easier for attackers to gain access to multiple applications with a single compromised password.
While it is difficult for organisations to maintain visibility over who is reusing passwords, especially if employees are reusing passwords outside of the organisation, there are still ways to combat this. Implementing tools that can check for compromised passwords, using multi-factor authentication and ensuring all employees carry out cyber security and awareness training are a few methods to help combat password re-use.
Source: [Bleeping Computer]
Cyber Workforce Demand is Outpacing Supply
A study by ISC2 stated that we would need to double the cyber workforce to adequately protect organisations and their critical assets. The study found that the gap between the demand and supply grew 12.6%. For organisations, this can mean a struggle in hiring cyber expertise.
To address the challenge of attracting and retaining quality senior security professionals, Black Arrow offers a fractional CISO service that gives flexible access to a whole team of specialists with wide expertise, experience and backgrounds in technology, governance and transformation, for less than the cost of hiring one individual.
Source: [Cyber Scoop]
What the Boardroom Is Missing: CISOs
According to a new study only 12% of S&P 500 companies have board directors with relevant cyber credentials, highlighting a major gap in expertise needed to keep organisations secure. As most organisations shift to digital and cloud-first strategies, businesses of all shapes and sizes must protect their assets. Unfortunately, there's a considerable gap between security leaders and the board directors responsible for managing businesses. A recent Harvard Business Review survey revealed just 47% regularly interact with their company's Chief Information Security Officer (CISO). That's a severe knowledge gap for a company's security and business leaders.
Introducing CISOs to the boardroom is not just about compliance, it's also about ensuring transparency and accountability. CISOs are already building security programs from the ground up. They provide business compliance, hire the right people, and find the right technology to supplement their team's efforts. Security posture is critical to an enterprise's future success, and having a CISO on the board that speaks the language can help a board understand if their business is making suitable security investments.
Source: [Dark Reading]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
SolarWinds Is A Game Changer - You Cannot Sugarcoat Cyber security (forbes.com)
Part of an executive team? You might be the biggest security risk to your business | TechRadar
One in five executives have shared work passwords outside the company | Security Magazine
Organisations can only stop 57 percent of cyber attacks (betanews.com)
Cyber attacks cause revenue losses in 42% of small businesses - Help Net Security
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
'Are we adversary aligned?' is the new 'Are we secure?' (betanews.com)
Cyber security habits and behaviours executives need to be aware of - Help Net Security
The hidden costs of data breaches for small businesses - Help Net Security
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
How Do We Truly Make Security 'Everyone's Responsibility'? (darkreading.com)
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Why there’s no one-size-fits all solution to security maturity | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Ransom Groups Threaten Physical Violence as Social Engineering Tactic (darkreading.com)
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Surviving a ransomware attack begins by acknowledging it's inevitable | VentureBeat
Do government sanctions against ransomware groups work? | TechCrunch
Why rookie hackers are capitalizing on ransomware | SC Media (scmagazine.com)
Experts Reconsider Banning Ransom Payments as Ransomware Attacks Surge (pymnts.com)
Why ransomware victims can’t stop paying off hackers | TechCrunch
Key Learnings from “Big Game” Ransomware Campaigns - SecurityWeek
New Hunters International ransomware possible rebrand of Hive (bleepingcomputer.com)
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
One of the most dangerous ransomware kits around might have just gotten a rebrand | TechRadar
Ransomware attacks set to break records in 2023 - Help Net Security
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
Ransomware Victims
Boeing Confirms Cyber Attack, System Compromise (darkreading.com)
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Stanford University investigating security incident • The Register
Massive ransomware attack hinders services in 70 German municipalities (therecord.media)
Medical research exec hit in SIM-swap attack by Alphv gang • The Register
Caesars Hackers Accessed Customer Data; Costs to Be Determined (bloomberglaw.com)
Mortgage and loan giant Mr. Cooper blames cyber attack for ongoing outage | TechCrunch
Ransomware attack shuts down Central Florida radiology imager sites (wmfe.org)
British, Toronto Libraries Struggle After Cyber Incidents (darkreading.com)
Ace Hardware says 1,202 devices were hit during cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Artificial Intelligence
Email Phishing Attacks Up 1,265% Since ChatGPT Launched: SlashNext - Decrypt
AI poses new cyber threats with many businesses unprepared (emergingrisks.co.uk)
AI is making cyber attacks even smarter and more dangerous | TechRadar
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Enterprise AI applications are threatening security | TechRadar
What Lurks in the Dark: Taking Aim at Shadow AI (darkreading.com)
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns | Computer Weekly
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Malware
Over a million Windows and Linux systems infected by this tricky new malware | TechRadar
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Daily malware activity doubled year over year for small businesses | Security Magazine
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)
Windows PCs are being targeted with a nasty new malware - here's what you need to know | TechRadar
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware (thehackernews.com)
These Seemingly Innocent Search Terms Could Lead Kids to Malware-Filled Websites (pcmag.com)
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks (darkreading.com)
Arid Viper Camouflages Malware in Knockoff Dating App (darkreading.com)
Ghostpulse Malware Targets Windows PCs With Fake App Installers (pcmag.com)
Latest RAT attack surge bypasses Microsoft's XLL block • The Register
Mozi malware botnet goes dark after mysterious use of kill-switch (bleepingcomputer.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection (thehackernews.com)
Mobile
16 more infected Android apps you need to delete ASAP (bgr.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Android 14’s user-profile data bug seems indistinguishable from ransomware | Ars Technica
New banking scams delivered instantly via WhatsApp - F-Secure Blog
Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware | PCMag
Google One data breach: Dark web report at your hand - gHacks Tech News
SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
Denial of Service/DoS/DDOS
DDoS attacks are getting bigger and more powerful, and that's a really bad thing | TechRadar
Why Does "Anonymous" Launch DDoS Cyber Attacks? (makeuseof.com)
Internet of Things – IoT
IoT's convenience comes with cyber security challenges - Help Net Security
RCE exploit for Wyze Cam v3 publicly released, patch now (bleepingcomputer.com)
Data Breaches/Leaks
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
ServiceNow Data Exposure: A Wake-Up Call for Companies (thehackernews.com)
LastPass breach linked to theft of $4.4 million in crypto (bleepingcomputer.com)
Public exposure of data breaches is becoming inevitable – Help Net Security
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Seiged Sec Breach Top Israeli Telecom, Leak Customers Data (dailydot.com)
Organised Crime & Criminal Actors
‘Prolific Puma’ Hacker Gives Cyber criminals Access to .us Domains (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
How cyber criminals adapt and thrive amidst changing consumer trends – Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto thief steals $4.4M in a day as toll rises from LastPass breach (cointelegraph.com)
UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)
Insider Risk and Insider Threats
Insurance
Supply Chain and Third Parties
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (thehackernews.com)
North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
Cloud/SaaS
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cyber securitynews.com)
Cryptojackers steal AWS credentials from GitHub in 5 minutes • The Register
Microsoft is Getting Serious About Security. Again. - Thurrott.com
Microsoft is overhauling its software security after major Azure cloud attacks - The Verge
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your end-users are reusing passwords – that’s a big problem (bleepingcomputer.com)
One in five executives have shared work passwords outside the company | Security Magazine
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cybersecuritynews.com)
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Social Media
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
Malvertising
Training, Education and Awareness
Finding the right approach to security awareness - Help Net Security
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Regulations, Fines and Legislation
FTC orders non-bank financial firms to report breaches in 30 days (bleepingcomputer.com)
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
Why The SEC Cyber Security Disclosure Rules Will Improve Cybersecurity (forbes.com)
The UK Online Safety Bill Becomes Law, What Does It Mean? | Hackaday
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Setting the standard for cyber security across the EU | Business Post
Models, Frameworks and Standards
Top 12 IT security frameworks and standards explained | TechTarget
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile - SecurityWeek
Careers, Working in Cyber and Information Security
UK cyber skills gap grows 29% despite record hiring (computing.co.uk)
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
Cyber security workforce shortages: 67% report people deficits - Help Net Security
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
Geopolitical Threats/Activity
Hacktivist Activity Related to Gaza Conflict Dwindles (darkreading.com)
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (bleepingcomputer.com)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
China
Spies and Lies: China’s Cyber Espionage Is on an Unprecedented Level | Mind Matters
Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop
Russia
Boeing. ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia - The Messenger
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
FSB arrests Russian hackers working for Ukrainian cyber forces (bleepingcomputer.com)
Russia to launch its own version of VirusTotal due to US snooping fears (therecord.media)
A Ukrainian Company Shares Lessons in Wartime Resilience (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
Iran
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
New Iranian state-sponsored hacking campaign uncovered - SiliconANGLE
FBI Director Warns of Increased Iranian Attacks (darkreading.com)
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign (thehackernews.com)
'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet (darkreading.com)
North Korea
Vulnerability Management
Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)
CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (scmagazine.com)
Vulnerability management metrics: How to measure success - Help Net Security
From Windows 9x to 11: Tracing Microsoft's security evolution - Help Net Security
It's Cheap to Exploit Software — and That's a Major Security Problem (darkreading.com)
Vulnerabilities
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (bleepingcomputer.com)
F5 fixes BIG-IP auth bypass allowing remote code execution attacks (bleepingcomputer.com)
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (bleepingcomputer.com)
Cisco Patches 27 Vulnerabilities in Network Security Products - SecurityWeek
Atlassian warns users: patch critical Confluence flaw ASAP • The Register
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (thehackernews.com)
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (thehackernews.com)
D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges (gbhackers.com)
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (bleepingcomputer.com)
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library (darkreading.com)
No patches yet for Apple iLeakage side-channel attack | TechTarget
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Tools and Controls
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Vulnerability management metrics: How to measure success - Help Net Security
6 steps to accelerate cyber security incident response | SC Media (scmagazine.com)
Ethical hackers are helping more and more business stay safe | TechRadar
Getting Smart With Cyber security: AI Can Help the Good Guys, Too (darkreading.com)
Massive cyber crime URL shortening service uncovered via DNS data (bleepingcomputer.com)
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Defence in depth: Layering your security coverage (securityintelligence.com)
Finding the right approach to security awareness - Help Net Security
Mainframes are around to stay, it’s time to protect them - Help Net Security
Reports Published in the Last Week
Other News
Four Under-The-Radar Security Risks That Can Endanger Your Business (forbes.com)
ING CISO says data sharing is key to financial cyber security (finextra.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
F5 Labs Report Reveals Rise in Malicious Automation | The Fintech Times
Microsoft Vows to Revamp Security Products After Repeated Hacks - Bloomberg
Microsoft launches Secure Future Initiative to bolster security | TechTarget
The 5 Cs of effective cyber defence: Beyond traditional technical skills | SC Media (scmagazine.com)
9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month (darkreading.com)
How governments can keep data secure in a digital age - New Statesman
Cyber security insights for secure manufacturing - Aerospace Manufacturing and Design
Demystifying the top five OT security myths | Computer Weekly
20 scary cyber security facts and figures for a haunting Halloween (welivesecurity.com)
Construction among industries most at risk from cyber attacks, insurer warns | News | Building
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 13 October 2023
Black Arrow Cyber Threat Intelligence Briefing 13 October 2023:
-Small Businesses Hit by Frequent Cyber Attacks as 90% of CISOs Faced at least One Attack Last Year
-The Most Effective Cyber Attacks Never Touch Your Organisation's Firewall, HR’s Role in Defending the Organisation
-Ransomware Infection Times Fall from 5 Days to 5 Hours
-80% of Security Leaders See AI as the Biggest Threat to Business
-Is Your Board Cyber-Ready?
-Cyber Security Should Be a Business Priority for CEOs
-The Looming Threat of a Single Phishing Click to Your Business
-40% of Organisations Leave Ransomware to IT
-Auditors Growing Concern About Cyber Security
-The Cyber Villains Are Getting Bolder: Businesses Need to Up Their Game
-Preparing for the Unexpected: A Proactive Approach to Operational Resilience
-Staggering Losses to Social Media and Social Engineering Since 21, as Victims Take $2.7 Billion Hit in US Alone
-Organisations Grapple with Detection and Response Despite Rising Security Budgets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year
A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.
In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.
Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.
Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]
The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation
In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.
Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.
Source: [News Week] [Beta News]
Ransomware Infection Times Fall from 5 Days to 5 Hours
The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.
This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.
The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.
Sources: [Cision] [PC Mag] [Security Magazine]
80% of Security Leaders See AI as the Biggest Threat to Business
A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.
In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.
With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.
Sources: [Diginomica] [Infosecurity Magazine]
Is Your Board Cyber-Ready?
With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.
Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.
Sources: [Harvard.edu] [JDSupra]
Cyber Security Should Be a Business Priority for CEOs
A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.
Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.
Source: [HelpNet Security]
The Looming Threat of a Single Phishing Click to Your Business
A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.
Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CMS-lawnow]
40% of Organisations Leave Ransomware to IT
A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.
By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [MSSP Alert]
Auditors’ Growing Concern About Cyber Security
The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.
Source: [Accounting Today]
Preparing for the Unexpected: A Proactive Approach to Operational Resilience
Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.
Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.
Source: [Dark Reading]
Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone
The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.
It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.
Sources: [Bleeping Computer] [Infosecurity Magazine]
Organisations Grapple with Detection and Response Despite Rising Security Budgets
A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.
The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.
Source: [CSO Online]
Governance, Risk and Compliance
Auditors more worried about cyber security than AI risks | Accounting Today
Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert
Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar
Warning as more businesses fall victim to cyber attacks | Insurance Times
PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News
The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)
90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)
The world was already horrifying — technology is making it more so - The Hustle
Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)
Cyber security should be a business priority for CEOs - Help Net Security
Organisations grapple with detection and response despite rising security budgets | CSO Online
The undeniable benefits of making cyber resiliency the new standard | CSO Online
Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)
Cyber insurance costs pressure business budgets - Help Net Security
C-suite weighs in on generative AI and security (securityintelligence.com)
Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023
New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)
Should businesses follow Google’s footsteps in cyber security? | TechRadar
Cyber security is booming but it comes at a human cost (betanews.com)
A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)
A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)
Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)
Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)
6 steps to getting the board on board with your cyber security program (welivesecurity.com)
Threats
Ransomware, Extortion and Destructive Attacks
First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine
Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert
Cyber criminals can go from click to compromise in less than a day - Help Net Security
Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)
Ransomwared health insurer wasn't using anti-virus software • The Register
Everest searching for corporate insiders amid rare pivot • The Register
HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)
How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)
SEC Investigating Progress Software Over MOVEit Hack - Security Week
Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)
Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)
Ransomware Victims
Cyber attack victim Estes making ‘steady progress’ - FreightWaves
Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews
Ransomwared health insurer wasn't using anti-virus software • The Register
BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)
Phishing & Email Based Attacks
The looming threat of a single phishing click to your business (cms-lawnow.com)
What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog
LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)
Phishing, the campaigns that are affecting Italy (securityaffairs.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News
'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)
Cyber security pros predict rise of malicious AI - Help Net Security
Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)
C-suite weighs in on generative AI and security (securityintelligence.com)
68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)
US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)
Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)
How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)
2FA/MFA
Malware
Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)
Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)
How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)
Endpoint malware attacks decline as campaigns spread wider - Help Net Security
Mobile
Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar
China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert
Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)
Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)
Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)
5 quick tips to strengthen your Android phone security today | ZDNET
Botnets
Denial of Service/DoS/DDOS
HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)
Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert
Internet of Things – IoT
Automotive cyber security: A decade of progress and challenges - Help Net Security
Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD
Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)
Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)
Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week
Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)
Data Breaches/Leaks
3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)
23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)
DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)
Lyca Mobile says customer data was stolen during cyber attack | TechCrunch
Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)
Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews
Air Europa customers urged to cancel cards following hack on payment system (therecord.media)
Dymocks breach happened while changing providers | Information Age | ACS
Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)
Organised Crime & Criminal Actors
The cyber villains are getting bolder. Businesses need to up their game - Raconteur
Protecting your business against the cyber criminal enterprise (techuk.org)
Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)
Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
Insider Risk and Insider Threats
Everest searching for corporate insiders amid rare pivot • The Register
Former US soldier accused of trying to pass secrets to China • The Register
Understanding the human factor of digital safety | TechRadar
Fraud, Scams & Financial Crime
Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media
Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)
FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)
The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)
Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)
‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog
Never click on bank-draining words if message pops up, expert warns (ladbible.com)
Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian
Deepfakes
AML/CFT/Sanctions
Insurance
Cyber insurance costs pressure business budgets - Help Net Security
Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News
Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)
Keeping up with the demands of the cyber insurance market - Help Net Security
Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)
Supply Chain and Third Parties
Software Supply Chain
Why open-source software supply chain attacks have tripled in a year | CSO Online
New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)
Cloud/SaaS
The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)
Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology
Securely Moving Financial Services to the Cloud (darkreading.com)
Identity and Access Management
Encryption
New cryptographic protocol aims to bolster open-source software security | ZDNET
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week
API
Open Source and Linux
New cryptographic protocol aims to bolster open-source software security | ZDNET
Why open-source software supply chain attacks have tripled in a year | CSO Online
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week
Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)
Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)
New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
CISA publishes top 10 most common security misconfigurations • The Register
Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)
Social Media
FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)
LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)
Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)
What should you do if your Facebook is hacked? (pocket-lint.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Work-related stress “keeps cyber professionals up at night” | ITPro
Cyber security is booming but it comes at a human cost (betanews.com)
eBook: Cyber security career hacks for newcomers - Help Net Security
Turning military veterans into cyber security experts - Help Net Security
CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week
Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)
Law Enforcement Action and Take Downs
European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Misc Nation State/Cyber Warfare
Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)
Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)
Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)
Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week
Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)
Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)
The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)
Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)
Russia
Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)
Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)
Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba
Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)
Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)
Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)
China
A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)
Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)
Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)
Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)
China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert
Former US soldier accused of trying to pass secrets to China • The Register
Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)
Iran
Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)
North Korea
Vulnerability Management
Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)
Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert
Vulnerabilities
Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)
Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week
Google Chrome 118 is a massive security update - gHacks Tech News
Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)
Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)
Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)
Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)
WhatsApp exploits commanding multi-million prices (computing.co.uk)
High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)
Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week
Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)
Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica
New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)
D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)
Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)
Apple releases iOS 16.7.1 to plug critical security holes | Macworld
The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)
35 Squid proxy bugs still unpatched after 2 years • The Register
Fortinet Releases Security Updates for Multiple Products | CISA
Tools and Controls
Organisations grapple with detection and response despite rising security budgets | CSO Online
Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)
A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)
Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)
16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)
A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)
Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)
Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)
You can't avoid APIs, so you need to secure them (betanews.com)
What is External Attack Surface Management (EASM)? | UpGuard
Why You Should Phish In Your Own (informationsecuritybuzz.com)
Why zero trust delivers even more resilience than you think - Help Net Security
Unmasking the limitations of yearly penetration tests - Help Net Security
Keeping up with the demands of the cyber insurance market - Help Net Security
Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)
Keep on keeping your organisation informed to stay cyber secure (techuk.org)
Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)
Reports Published in the Last Week
Other News
Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)
Large law firms experiencing two 'cyber incidents' a month - Legal Futures
Small businesses growing target for cyber criminals (planetradio.co.uk)
The world was already horrifying — technology is making it more so - The Hustle
Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)
Subsea cable business seeks to plug its security holes (lightreading.com)
Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)
Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)
Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star
Proactive not reactive: adjusting the approach to cyber crime in education
Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)
As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security
Electric Power System Cyber Security Vulnerabilities (trendmicro.com)
Securing the Food Pipeline from Cyber Attacks (newswise.com)
US construction giant reports cyber security incident • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 June 2023
Black Arrow Cyber Threat Briefing 02 June 2023:
-How to Keep Cyber Attacks from Tanking Your Balance Sheet
-Company Size Doesn’t Matter When It Comes to Cyber Attacks
-‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief
-How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs
-Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection
-Don't be Polite When you Get a Text from a Wrong Number
-Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches
-Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
-Organisations Spend 100 Hours Battling Post-Delivery Email Threats
-Ransomware Gangs Adopting Business-like Practices to Boost Profits
-The Sobering Truth About Ransomware—For The 80% Who Paid Up
-The Great CISO Resignation: Why Security Leaders are Quitting in Droves
-When is it Time for a Cyber Hygiene Audit?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
How to Keep Cyber Attacks from Tanking Your Balance Sheet
According to a recent Forrester report, last year saw 1 billion records exposed in the top 35 breaches, $2.6 billion stolen in the top nine cryptocurrency breaches, and $2.7 billion in fines levied to the top 35 violators.
The average cost of a data breach reached $4.35 million in 2022, according to IBM’s Cost of a Data Breach Report for that year, which represents a 2.6% increase over the prior year, and a 12.7% increase from 2020. For ransomware, a report found the average payment in 2021 was approximately $1.85 million, more than double the $760,000 figure from 2020. These are just direct costs; indirect costs are far greater and can include lost business, lost customers, reputational loss and regulatory fines.
When it comes to managing cyber risk, corporate boards should look to understand cyber security as a strategic business enabler, understand the impacts, align risk-management with business needs, ensure the organisation supports cyber security, incorporate cyber security expertise into governance and encourage systemic resilience.
https://hbr.org/2023/06/how-to-keep-cyberattacks-from-tanking-your-balance-sheet
Company Size Doesn’t Matter When It Comes to Cyber Attacks
65% of large organisations suffered a cyber attack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to a recent report. The most common security incidents were the same for all companies; these were phishing, ransomware and user account compromise, also known as business email compromise (BEC).
Smaller companies often underestimate their risk, with the reasoning that cyber criminals want the biggest targets as they will likely have more intellectual property, however all businesses have valuable data and are therefore a target. Additionally, smaller organisations can sometimes be seen as a way into larger organisations that use their services.
https://www.helpnetsecurity.com/2023/05/29/larger-organizations-cyberattacks/
‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief
The threat of cyber attacks is growing at an “unprecedented” pace, according to the chief security officer at multinational teleco BT, Howard Watson, but it is not just large organisations such as BT who will be impacted by this increase.
Watson highlighted that the increase in sophisticated technology poses the biggest threat in the long run: “Technological advancement, as ever, is a double-edged sword in security. Quantum and AI have great potential for benefits in the right hands, or to cause massive damage in the wrong hands. But we know that cyber criminals will utilise these technologies, so we have to be able to respond in kind.” Adding to this, the chief security officer highlighted that events that were previously considered as ‘exceptional’ need to be assessed and planned for as a probability, rather than a possibility.
How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs
Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers who collected data from over 200,000 SMB customers. Proofpoint identified a rise in phishing campaigns originating from such state-sponsored APT groups, who are highly skilled and typically state-sponsored groups with distinct strategic goals. These goals range from espionage and intellectual property theft to destructive attacks, state-sponsored financial theft, and disinformation campaigns.
Unfortunately, SMBs often lack adequate cyber security measures, making them vulnerable to all kinds of cyber threats. APT actors exploit this weakness by targeting SMBs as a stepping stone towards achieving their larger goals.
Alongside phishing campaigns, it was identified that APTs are increasingly targeting regional outsourced IT providers/Managed Service Providers (MSPs) to mount supply chain attacks. By compromising regional MSPs within geographies that align with the strategic collection requirements of APT actors, threat actors can gain access to multiple SMBs to extract sensitive information or execute further attacks.
https://www.helpnetsecurity.com/2023/05/31/apt-targeting-smbs/
Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection
According to research, 2022 saw a 25% increase in the use of phishing kits. These phishing kits are a set of tools that enable cyber criminals to effortlessly create and maintain large scale sophisticated phishing campaigns. It is this sophistication that allows cyber criminals to circumnavigate conventional detections; in fact, the research found a 40% increase in the use of anti-bot technologies designed to prevent automated scanners from identifying content as phishing.
In some cases (11% of observed phishing kits) malicious links would not be detected when tested by anti-phishing controls because those controls do not use the exact device parameters, geolocation and referrer of the intended target victim’s profile; therefore the malicious link is allowed to be delivered to the intended target.
https://www.helpnetsecurity.com/2023/06/01/advanced-detection-evasion-techniques/
Don't be Polite When you Get a Text from a Wrong Number
You should immediately be suspicious of any text you get from a number not in your contacts, even if it may be innocent looking. Your first reaction may be to be polite and let them know they have the wrong number, but this person is a stranger. Strangely, despite teaching our children not to talk to strangers, many are comfortable with divulging information to them. Although letting them know they made a mistake seems harmless, responding opens you up to being scammed and you’ve just let them know you’re a real person. Every bit of helpful information you provide has the potential to be leveraged by an attacker.
Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches
90 organisations have reported breaches of personal information held by Capita after the outsourcing group had suffered a cyber attack, according to Britain’s data watchdog. The attack on Capita, which occurred in March, is still impacting businesses, with the UK Information Commissioners Office (ICO) making enquiries. Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach.
The impact of the attack, and its knock-on effect, highlights the need for organisations to consider their third party security, no matter the size of the third party they use.
https://www.theguardian.com/business/2023/may/30/capita-cyber-attack-data-breaches-ico
Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
A recent survey from McAfee found that nearly a third (30%) of adults have fallen victim or know someone who has fallen victim to an online scam when bargain hunting for travel deals during the summer season, with a full two-thirds of victims losing up to $1,000.
This has extended to the corporate environment, with threat actors impersonating the HR department and exploiting the trust users place in their employers, a report has found. The attack leverages regular HR procedures associated with holiday requests and taps into the anticipation and excitement surrounding the summer travel season, to capitalise on exploiting the user.
https://www.darkreading.com/endpoint/travel-themed-phishing-bec-campaigns-smarter-summer-season
Organisations Spend 100 Hours Battling Post-Delivery Email Threats
Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organisation, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. The research shows that cyber criminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.
While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks. On average, organisations take nearly 100 hours to identify, respond to, and remediate a post-deliver email threat: 43 hours to detect the attack and 56 hours to respond and remediate after the attack is detected.
Users at companies with more than a 50% remote workforce report higher levels of suspicious emails: 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce. Companies with more than a 50% remote workforce also reported that it takes longer to both detect and respond to email security incidents: 55 hours to detect and 63 hours to respond and mitigate, compared to an average of 36 hours and 51 hours respectively for organisations with fewer remote workers.
https://www.helpnetsecurity.com/2023/05/30/2023-spear-phishing-trends/
Ransomware Gangs Adopting Business-like Practices to Boost Profits
Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised. This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring.
The underground marketplace now includes entities including ransomware-as-a-service (RaaS) groups, Initial Access Brokers (IAB), crypter-as-a-service (CaaS), cryptojackers, malware-as-a-service (MaaS) groups and nation-state actors. This allows nation-states to use tools available on the underground market to gain access to networks and systems without being detected. Ultimately, this trend towards professionalisation makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors.
https://www.infosecurity-magazine.com/news/ransomware-gangs-business-practices/
The Sobering Truth about Ransomware—for the 80% Who Paid Up
Newly published research of 1,200 organisations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research, 80% of the organisations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This is despite 41% of those organisations having a “do not pay” policy in place, which only goes to reinforce the cold hard fact that cyber crime isn’t an easy landscape to navigate. This is something that’s especially true when your business is facing the real-world impact of dealing with a ransomware attack.
Of the 960 organisations that paid a ransom, 201 of them (21%) were still unable to recover their lost data. The same number also reported that ransomware attacks were now excluded from their insurance policies. Of those organisations with cyber insurance cover, 74% reported a rise in premiums. Another report, published by Sophos, revealed that 32% of those surveyed opted to pay the ransom but a shocking 92% failed to recover all their data and 29% were unable to recover more than half of the encrypted data.
Some groups have switched to stealing sensitive customer or corporate data instead, with the ransom demanded in return for them not selling it to the highest bidder or publishing it online. Many groups combine the two for a double extortion ransomware attack.
The Great CISO Resignation: Why Security Leaders are Quitting in Droves
With the rise in AI tools such as ChatGPT broadening an attacker’s arsenal, this places greater and greater pressure on security leaders who are already dealing with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly quitting. A recent report found that nearly a third (32%) of CISOs in the US and UK were considering leaving their current organisation and 9 out of 10 reported themselves as “moderately” or “tremendously” stressed.
This so-called Great CISO Resignation is concerning, because what happens when there’s nobody guarding the gate and rallying the troops?
When is it Time for a Cyber Hygiene Audit?
Effective cyber hygiene practices limit threats against your systems, devices and users, preventing breaches that could compromise sensitive business information, database information, and personal data. But cyber hygiene isn’t a static or one-off process. It requires routine execution and, occasionally, a full audit. This audit typically covers a range of aspects including encryption, documentation, authentication, patches, security and ongoing cyber hygiene.
Good cyber hygiene is a necessary part of maintaining IT security. Setting up processes and procedures within your organisation’s regular operating procedures is an effective way to maintain cyber hygiene. Although the responsibilities may differ by position, everyone in the organisation plays a role.
An audit provides important information on where and where you need to improve. It also provides a baseline for measuring improvement and effectiveness. The key to success is to integrate hygiene into routine process starting top down from policies into every part of the business and making use of third party experts to help aid in the process.
https://www.trendmicro.com/en_us/devops/23/e/cyber-hygiene-audit-best-practices.html
Governance, Risk and Compliance
Company size doesn't matter when it comes to cyber attacks - Help Net Security
How to Keep Cyber attacks from Tanking Your Balance Sheet (hbr.org)
The great CISO resignation: Why security leaders are quitting in droves - SDxCentral
‘Exceptional’ cyber attacks now normal, says BT security chief (thetimes.co.uk)
HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)
The strategic importance of digital trust for modern businesses - Help Net Security
Vendors: Threat actor taxonomies are confusing but essential | TechTarget
Experts Not Willing To Wager A Candy Bar On Their Security (forbes.com)
Breaking Enterprise Silos and Improving Protection – Security Week
Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)
Insider risk management: Where your program resides shapes its focus | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Attackers leave organisations with no recovery option - Help Net Security
The Sobering Truth About Ransomware—For The 80% Who Paid Up (forbes.com)
Rogue IT security worker failed to cover his tracks | Tripwire
Organisations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation – Security Week
The Week in Ransomware - May 26th 2023 - Cities Under Attack (bleepingcomputer.com)
Cyble — Obsidian ORB Ransomware Demands Gift Cards as Payment
AceCryptor: Cyber criminals' Powerful Weapon, Detected in 240K+ Attacks (thehackernews.com)
BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration (securityintelligence.com)
Investigating BlackSuit Ransomware’s Similarities to Royal (trendmicro.com)
Fighting ransomware: Perspectives from cyber security professionals - Help Net Security
Ransomware Victims
New York county still dealing with ransomware 8 months later • The Register
ABB confirms data stolen in Black Basta ransomware attack | SC Media (scmagazine.com)
SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)
Industrial Giant ABB Confirms Ransomware Attack, Data Theft – Security Week
MCNA Dental data breach impacts 8.9 million people after ransomware attack (bleepingcomputer.com)
Harvard Pilgrim Health Care ransomware attack hits 2.5 million people (bleepingcomputer.com)
Cyble — Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability
Phishing & Email Based Attacks
Phishing campaigns thrive as evasive tactics outsmart conventional detection - Help Net Security
Organisations spend 100 hours battling post-delivery email threats - Help Net Security
Phishing remained the top identity abuser in 2022: IDSA report | CSO Online
New phishing technique poses as a browser-based file archiver | CSO Online
Sustained 'Red Deer' Phishing Attacks Impersonate Israel Post, Drop RATs (darkreading.com)
North Korean phishing gang stole rocket tech info • The Register
Artificial Intelligence
AI: War crimes evidence erased by social media platforms - BBC News
Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)
ChatGPT Plugins Open Security Holes From PDFs, Websites and More | Tom's Hardware (tomshardware.com)
What not to share with ChatGPT if you use it for work | Mashable
Is ChatGPT a cyber security disaster? We asked the experts | Digital Trends
Generative AI: The new attack vector for trust and safety - Help Net Security
2FA/MFA
Malware
QBot malware abuses Windows WordPad EXE to infect devices (bleepingcomputer.com)
New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)
Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)
Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)
RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)
Stealthy SeroXen RAT malware increasingly used to target gamers (bleepingcomputer.com)
Terminator antivirus killer is a vulnerable Windows driver in disguise (bleepingcomputer.com)
Top macOS Malware Threats: Here Are 6 to Watch (darkreading.com)
PyPI malware ramps up the threat to the code repository • The Register
Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks (thehackernews.com)
Cyber criminals use legitimate websites to obfuscate malicious payloads - Help Net Security
North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)
Mobile
Don't be polite when you get a text from a wrong number | kens5.com
Predator Android Spyware: Researchers Uncover New Data Theft Capabilities (thehackernews.com)
Android threat: 'Guerrilla' virus sneakily snuck onto 8.9m phones (citizen.co.za)
Operation Triangulation: previously undetected malware targets iOS devices - Security Affairs
Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop
Android apps with spyware installed 421 million times from Google Play (bleepingcomputer.com)
Botnets
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)
What Are Botnet Attacks & Explained Prevention Techniques | EC-Council (eccouncil.org)
Denial of Service/DoS/DDOS
SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)
Internet of Things – IoT
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)
Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)
Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers (thehackernews.com)
Solar panels vulnerable to hackers, concern for network security - DutchNews.nl
Data Breaches/Leaks
Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints (darkreading.com)
Dutch watchdog looking into alleged Tesla data breach | Reuters
NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian
The root causes of API incidents and data breaches - Help Net Security
Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)
Yet Another Toyota Cloud Data Breach Jeopardises Thousands of Customers (darkreading.com)
Hacking forum hacked, user database leaked online • Graham Cluley
Risk & Repeat: A troubling trend of poor breach disclosures | TechTarget
New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)
Workforce platform Prosperix leaks drivers licenses and medical records - Security Affairs
Organised Crime & Criminal Actors
US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop
What is the Cyber Crime Atlas? How it can help disrupt cyber crime | CSO Online
New hacking forum leaks data of 478,000 RaidForums members (bleepingcomputer.com)
Hacking forum hacked, user database leaked online • Graham Cluley
Tricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity
3 signs your kids may be hackers and what to do about it | Euronews
“I was a teenage hacker”: Two child hackers share their stories | Euronews
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)
Hacked DJ's Twitter account costs cryptocurrency investors $170,000 (bitdefender.com)
Cyber criminals Targeting Apache NiFi Instances for Cryptocurrency Mining (thehackernews.com)
Insider Risk and Insider Threats
Rogue IT security worker failed to cover his tracks | Tripwire
Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)
Insider risk management: Where your program resides shapes its focus | CSO Online
Fraud, Scams & Financial Crime
Don't be polite when you get a text from a wrong number | kens5.comTricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity
HMRC in New Tax Credits Scam Warning - Infosecurity Magazine (infosecurity-magazine.com)
AML/CFT/Sanctions
Insurance
Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf
Cyber Insurance: A Growth Market for Insurers With Some Caveats (carriermanagement.com)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
One of Microsoft Azure's top tools has a serious security flaw | TechRadar
Top public cloud security concerns for the media and entertainment industry - Help Net Security
Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack
Why organisations should adopt a cloud cyber security framework - Help Net Security
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)
Swiss real estate agency Neho fails to put a password on its systems - Security Affairs
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)
Social Media
NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian
Twitter pulls out of voluntary EU disinformation code - BBC News
AI: War crimes evidence erased by social media platforms - BBC News
Malvertising
Training, Education and Awareness
Travel
Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives (darkreading.com)
US court finds that border phone searches need a warrant • The Register
Parental Controls and Child Safety
3 signs your kids may be hackers and what to do about it | Euronews
“I was a teenage hacker”: Two child hackers share their stories | Euronews
Regulations, Fines and Legislation
OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)
Netflix warns it may remove content from UK catalogue over government media bill | The Independent
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Ways to Help Cyber security's Essential Workers Avoid Burnout (darkreading.com)
Managing mental health in cyber security - Help Net Security
ISACA pledges to help grow cyber security workforce in Europe | CSO Online
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine war blurs lines between cyber crims and state hacks • The Register
Pegasus Spyware Is Detected in a War Zone for the First Time | WIRED
Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop
How giant pieces of spyware are shaping our views and our world | Evening Standard
Predator may have more spyware capabilities than we know • The Register
Cyberweapon manufacturers plot to stay on the right side of US | Financial Times (ft.com)
Suspected Russia-trained spy whale reappears off Sweden’s coast | Sweden | The Guardian
AI: War crimes evidence erased by social media platforms - BBC News
Nation State Actors
China hacking Guam: Can the US stop foreign cyber attacks? | The Week
Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop
US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)
Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)
Investigation Launched After London City Airport Website Hacked (simpleflying.com)
Taiwan rushes to prevent China from cutting off internet and phones | The Japan Times
North Korea says spy satellite launch crashed into sea - BBC News
Dark Pink hackers continue to target govt and military organisations (bleepingcomputer.com)
The next Chinese tech threat is already here | The Spectator
North Korean phishing gang stole rocket tech info • The Register
North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks (thehackernews.com)
North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)
Vulnerability Management
Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)
Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)
Focus Security Efforts on Choke Points, Not Visibility (darkreading.com)
Vulnerabilities
New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)
Zero-day vulnerability in MoveIt Transfer under attack | TechTarget
Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months (thehackernews.com)
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection (bleepingcomputer.com)
WordPress force installs critical Jetpack patch on 5 million sites (bleepingcomputer.com)
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions (bleepingcomputer.com)
Zyxel patches vulnerability in NAS devices (CVE-2023-27988) - Help Net Security
Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices (thehackernews.com)
Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED
Barracuda Email Security Gateway under active attack • The Register
MacOS 'Migraine' Bug: Big Headache for Device System Integrity (darkreading.com)
FTC accuses Amazon of nightmare IoT security fails • The Register
Critical Vulnerabilities Found in Faronics Education Software – Security Week
Tools and Controls
HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)
The strategic importance of digital trust for modern businesses - Help Net Security
Vendors: Threat actor taxonomies are confusing but essential | TechTarget
Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)
Digital nomads drive changes in identity verification - Help Net Security
Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)
The Top 10 endpoint security challenges and how to overcome them | VentureBeat
Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf
Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack
Disaster recovery challenges enterprise CISOs face - Help Net Security
Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)
Research Reveals UK Firms Plan to Embrace New Era of Digital Identity- IT Security Guru
Reports Published in the Last Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 05 May 2023
Black Arrow Cyber Threat Briefing 05 May 2023:
- Boards Need Better Conversations About Cyber Security
- Uber’s Ex-Security Chief Sentenced for Security Breach
- Global Cyber Attacks Rise by 7% in Q1 2023
- Three-Quarters of Firms Predict Breach in Coming Year
- The Costly Threat That Many Businesses Fail to Address
- European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes
- Understanding Cyber Threat Intelligence for Business Security
- Hackers Are Finding Ways to Evade Latest Cyber Security Tools
- Study Shows a 27% Spike in Publicly Known Ransomware Victims
- Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves
- Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers
- 4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Boards Need Better Conversations About Cyber Security
In a survey by Harvard Business Review, 65% of directors believed their organisations were at risk of a cyber attack within the next 12 months, and almost half believed they were unprepared to cope with such an attack. Boards that struggle with their role in providing oversight for cyber security create a security problem for their organisations. By not focusing on resilience, boards fail their companies and their stakeholders.
Regarding board interactions with CISOs, just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This is worrying, as this leaves little time for leaders to have a meaningful dialogue about cyber security.
As a result, boards need to discuss their organisations’ cyber security-induced risks and evaluate plans to manage those risks frequently; the CISO should be involved in this. With the right conversations about keeping the organisation resilient, they can take the next step to provide adequate cyber security oversight. To bring more cyber security into the board room, board members may need to gain expertise, whether through frequent training or development programmes.
https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity
Uber’s Ex-Security Chief Sentenced for Security Breach
Earlier this week, Uber’s former head of cyber security, Joseph Sullivan, faced several years of prison time for covering up a massive security breach at the ride-hailing company seven years ago. When it actually came to sentencing he managed to avoid jail but received three years of probation and 200 hours of community service, despite pleas from the prosecution to throw him in jail.
The case highlights the seriousness of covering up a security breach, as at one point the ex-security chief was looking at 24-30 months of jail time. With increasing regulations and focus on cyber security, it is unlikely that this is a one-off incident.
https://gizmodo.com/uber-security-joe-sullivan-sentenced-prison-data-breach-1850403347
Global Cyber Attacks Rise by 7% in Q1 2023
Weekly cyber attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1,248 attacks per week according to Check Point’s latest research. The report highlights a number of sophisticated campaigns including using ChatGPT for code generation to help less-skilled threat actors effortlessly launch cyber attacks.
The Check Point report also shows that 1 in 31 organisations worldwide experienced a ransomware attack weekly over the first quarter of 2023. To defend against such threats, the security researchers recommended a series of cyber safety tips, such as keeping computers and servers up-to-date, conducting regular cyber awareness training and utilising better threat prevention tools, among others.
https://www.infosecurity-magazine.com/news/global-cyber-attacks-rise-7-q1-2023/
Three-Quarters of Firms Predict a Breach in the Coming Year
Most global organisations anticipate suffering a data breach or cyber attack in the next 12 months. Trend Micro’s six-monthly Cyber Risk Index (CRI) was compiled from interviews with 3,729 global organisations.
While results of the index score move in a positive direction showing organisations are taking steps to improve cyber preparedness, most responding organisations are pessimistic about the year ahead.
Respondents pointed to both negligent insiders and mobile users, and a lack of trained staff, as a key cause of concern going forward. Alongside cloud infrastructure and virtual computing environments, these comprised the top five infrastructure risks.
https://www.infosecurity-magazine.com/news/threequarters-firms-predict-breach/
The Costly Threat That Many Businesses Fail to Address
Insider attacks such as fraud, sabotage, and data theft plague 71% of businesses, according to a recent report. The report found companies that allow excessive data access are much more likely to suffer insider attacks. However, only 57% of companies limit data appropriately while 31% allow employees access to more data than necessary and 12% allow employees access to all company data.
Alarmingly, of the companies that have experienced insider attacks, one in three (34%) report that the attack involved an employee with privileged access. Data theft was the most common type of insider attack, reported by 38% of businesses.
Insider attacks can damage businesses’ reputations, finances, and competitiveness, and therefore companies should take a proactive approach in preventing these incidents.
https://www.helpnetsecurity.com/2023/05/02/insider-attacks-damage/
European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes
Recent research revealed that European IT and security leaders may be dangerously over-confident in their ability to avoid cyber attacks and mitigate the risk of serious data compromise. The findings reveal that most organisations have suffered a serious cyber attack in the last two years, with over half of respondents saying their company suffered an attack 1 to 3 times in this time period. Worryingly, 20% of respondents claim to have been attacked 4 to 6 times. Only 18% managed to avoid an attack altogether.
Worryingly, three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. Although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.
Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%). Alarmingly, health-related data is classified as a special category data by GDPR, meaning it requires more protection.
Understanding Cyber Threat Intelligence for Business Security
Cyber threat intelligence is not a solution itself, but a crucial component of any mature security programme, enabling organisations to gain insights into the motives, targets and behaviours of threat actors. As such, it is crucial for businesses looking to protect themselves from the ever-evolving cyber threat landscape.
Some of the benefits of effective cyber threat intelligence to a business include early threat detection, improved response, regulation compliance, competitive advantage and cost savings. It is important to highlight that an organisation does not need to come up with their own cyber threat intelligence initiative, it can instead be purchased as a service.
Hackers Are Finding Ways to Evade Latest Cyber Security Tools
As hacking has gotten more destructive and pervasive, new defensive tools continue to be developed. One such tool is called endpoint detection and response (EDR) software, it’s designed to spot early signs of malicious activity on laptops, servers and other devices known as “endpoints” on a computer network — and block them before intruders can steal data or lock the machines.
Experts however, claim hackers have developed workarounds for some forms of the technology, allowing them to slip past products that have become the gold standard for protecting critical systems. Security software is not enough on its own, it is just one of the layers of defence that organisations should employ as part of their cyber resilience; there is no silver bullet.
https://finance.yahoo.com/news/hackers-finding-ways-evade-latest-131600565.html
Study Shows a 27% Spike in Publicly Known Ransomware Victims
A report released this week highlights a 27% increase in publicly known ransomware victims in the first quarter of the year. Some of the report’s key findings include the fact that manufacturing, technology, education, banking, finance, and healthcare organisations are the largest to be exposed to ransomware.
The report identified an increase in the use of “double extortion” as an attack model. This method is where ransomware groups not only encrypt files but also exfiltrate data. The top five most active ransomware threat actors are LockBit, Clop, AlphV, Royal and BianLian.
Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves
A recent report found while the number of ransomware incidents that firms responded to dipped in early 2022, it came roaring back toward the end of the year and into early 2023. With this came higher ransom demands and, eventually, payments. The largest ransom demand last year was more than $90 million, with the largest payment exceeding $8 million. Both were larger than in 2021 (more than $60 million and $5.5 million respectively).
Ransomware groups are upping their attacks all the time and you don’t want to be an easy target.
https://www.theregister.com/2023/05/02/data_breach_costs_rise/
Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers
In a significant ruling this week a court in the US found that pharmaceutical company Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection from 2017. The ruling will also undoubtedly affect the language used in underwriting policies, especially when it comes to risks such as ransomware and cyber warfare.
https://www.theregister.com/2023/05/03/merck_14bn_insurance_payout_upheld/
4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus
The technology industry has long been building walls around structured data and communications—with little consideration of how employees use that information. Outlined below are four 4 ways leaders can better protect raw data.
Recognise that priorities have evolved.
Understand that security burdens have changed.
Understand why, despite best efforts, criminals are still successful.
Evaluate the ways in which you are protecting your most vulnerable data.
Threats
Ransomware, Extortion and Destructive Attacks
Data loss costs go up, and not just from ransom shakedowns • The Register
To Fight Ransomware, Move Beyond Detection to Real-Time Response, Fortinet Study Says - MSSP Alert
Using Threat Intelligence to Get Smarter About Ransomware – Security Week
Merck's $1.4B NotPetya insurance payout upheld by court • The Register
GuidePoint Study Shows a 27% Spike in Public Ransomware Victims - MSSP Alert
Rapture, a Ransomware Family With Similarities to Paradise (trendmicro.com)
The Tragic Fallout From a School District’s Ransomware Breach | WIRED
Hackers leak images to taunt Western Digital's cyber attack response (bleepingcomputer.com)
‘Big game hunting’ hackers ALPHV claim major breach of law firm HWL Ebsworth (afr.com)
FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)
Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week
BlackCat group releases screenshots of stolen Western Digital data | CSO Online
Ransomware Attack Affects Dallas Police, Court Websites – Security Week
Studies show ransomware has already caused patient deaths | TechTarget
Cold storage giant Americold outage caused by network breach (bleepingcomputer.com)
Payment software giant AvidXchange suffers its second ransomware attack of 2023 | TechCrunch
City of Dallas hit by Royal ransomware attack impacting IT services (bleepingcomputer.com)
Ransomware gang hijacks university alert system to issue threats (bleepingcomputer.com)
Cyber attack cost conveyancing giant £7m - but the insurers paid up | News | Law Gazette
Teiss - News - Lockbit 3.0 targets Fullerton India, demands a £2.3 million ransom
Phishing & Email Based Attacks
Malicious HTML Attachment Volumes Surge - Infosecurity Magazine (infosecurity-magazine.com)
A Comprehensive Look At Email-Based Threats In 2023 (informationsecuritybuzz.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)
Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)
Security experts are using malware's own code to protect potential victims | TechSpot
New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks (thehackernews.com)
How to Detect and Remove a Keylogger From Your Computer (howtogeek.com)
Hackers start using double DLL sideloading to evade detection (bleepingcomputer.com)
Mobile
Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register
Google fought a mountain of malware in 2022 | Android Central
Google Bans Thousands of Play Store Developer Accounts to Block Malware (darkreading.com)
Digital Intruders – Top Ways Hackers Can Breach Your Smartphone’s Security (freecodecamp.org)
Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)
Botnets
Cyber criminals use proxies to legitimise fraudulent requests - Help Net Security
Bot Attacks Are Easy to Launch, Human Security Reports - MSSP Alert
Denial of Service/DoS/DDOS
Internet of Things – IoT
Hackers exploit 5-year-old unpatched flaw in TBK DVR devices (bleepingcomputer.com)
CISA warns of Mirai botnet exploiting TP-Link routers • The Register
Drone goggles maker claims firmware sabotaged to ‘brick’ devices (bleepingcomputer.com)
Data Breaches/Leaks
Kodi Forum Data Breach - Lessons Learned, Actions Taken | News | Kodi
T-Mobile suffered the second data breach in 2023 - Security Affairs
Sensitive data is being leaked from servers running Salesforce software | Ars Technica
ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)
Millions of patients’ data confirmed stolen after Fortra mass-hack | TechCrunch
TikTok security breach allowed attackers to leak personal information (ynetnews.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crooks broke into AT&T email accounts to empty their crypto wallets - Security Affairs
Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)
Hackers stole $93M from crypto projects in April (cryptoslate.com)
Insider Risk and Insider Threats
The costly threat that many businesses fail to address - Help Net Security
The hidden security risks in tech layoffs and how to mitigate them | CSO Online
Fraud, Scams & Financial Crime
Hackers swap stealth for realistic checkout forms to steal credit cards (bleepingcomputer.com)
Advanced Fee Fraud Surges by Over 600% - Infosecurity Magazine (infosecurity-magazine.com)
Cyber criminals use proxies to legitimize fraudulent requests - Help Net Security
UK to ban all cold calls selling financial products - BBC News
Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)
UK intelligence agencies to step up anti-fraud efforts | Financial Times (ft.com)
National Crime Agency urged to crush rogue US candy stores (thetimes.co.uk)
Clampdown on cold calls and mass texting technology announced in UK | Scams | The Guardian
AML/CFT/Sanctions
Dark Web
FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week
Supply Chain and Third Parties
How to keep calm and carry on in a supply chain attack • The Register
SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED
DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED
Aviva says it thinks customer data secure after Capita cyber attack (proactiveinvestors.co.uk)
Cloud/SaaS
Using just-in-time access to reduce cloud security risk - Help Net Security
Cloud security threats are growing faster than ever | TechRadar
Hybrid/Remote Working
Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)
White House seeks information on tools used for automated employee surveillance | Computerworld
Attack Surface Management
Encryption
API
Report shows 92% of orgs experienced an API security incident last year | VentureBeat
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)
5 API security best practices you must implement - Help Net Security
Top API vulnerabilities organisations can't afford to ignore - Help Net Security
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)
Your passwords could be cracked using thermal cameras powered by AI | TechRadar
Your Google Account is getting rid of its password (androidpolice.com)
PSA. Don’t share your password in your app’s release notes • Graham Cluley
Social Media
TikTok security breach allowed attackers to leak personal information (ynetnews.com)
Twitter outage logs you out and won’t let you back in (bleepingcomputer.com)
Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register
Strike 3: FTC says Meta still failing to protect privacy • The Register
Malvertising
Regulations, Fines and Legislation
European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru
White House unveils AI rules to address safety and privacy | Computerworld
Governance, Risk and Compliance
Hackers Are Finding Ways to Evade Latest Cyber security Tools (yahoo.com)
Global Cyber Attacks Rise by 7% in Q1 2023 - Infosecurity Magazine (infosecurity-magazine.com)
European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru
Data loss costs go up, and not just from ransom shakedowns • The Register
Boards Are Having the Wrong Conversations About Cyber security (hbr.org)
Uber Ex-Security Chief Joe Sullivan to Be Sentenced for Breach (gizmodo.com)
Trends and Insights from the New Global Threat Intelligence Report - MSSP Alert
Why Your Detection-First Security Approach Isn't Working (thehackernews.com)
How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)
Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)
What the Cyber security Industry Can Learn From the SVB Crisis (darkreading.com)
4 Ways Leaders Should Reevaluate Their Cyber security's Focus (forbes.com)
Optimising Cyber Security Costs In A Recession (informationsecuritybuzz.com)
Malicious content lurks all over the web - Help Net Security
Microsoft Digital Defence Report: Key Cyber crime Trends (darkreading.com)
Closing up holes: Infoseccers on being less reactive • The Register
Organisations brace for cyber attacks despite improved preparedness - Help Net Security
Global Cyber Risk Lowers to Moderate Level in 2H' 2022 (trendmicro.com)
Japan’s ‘myth of security’ raises cyber attack risk | Financial Times (ft.com)
Secure Disposal
Careers, Working in Cyber and Information Security
UK Cyber Security Council launches certification mapping tool - Help Net Security
DHS’ cyber talent management system slowly gaining traction | Federal News Network
The warning signs for security analyst burnout and ways to prevent - Help Net Security
Google Launches Cyber security Career Certificate Program (darkreading.com)
Law Enforcement Action and Take Downs
FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Open Banking: A Perfect Storm for Security and Privacy? - SecurityWeek
Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)
Apple and Google Team Up to Stop Unwanted Tracking by AirTags, Other Devices - CNET
White House seeks information on tools used for automated employee surveillance | Computerworld
Strike 3: FTC says Meta still failing to protect privacy • The Register
Artificial Intelligence
5 ways threat actors can use ChatGPT to enhance attacks | CSO Online
Workers are secretly using ChatGPT, AI, with big risks for companies (cnbc.com)
AI will do 'real damage', warns Microsoft chief (telegraph.co.uk)
Microsoft’s chief economist says A.I. can be dangerous | Fortune
It's time to harden AI and ML for cyber security | TechTarget
Stop using generative-AI tools, Samsung orders staff | Digital Trends
ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)
How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)
PrivateGPT Tackles Sensitive Info in ChatGPT Prompts (darkreading.com)
Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register
How AI is reshaping the cyber security landscape - Help Net Security
White House unveils AI rules to address safety and privacy | Computerworld
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (bleepingcomputer.com)
Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services - SecurityWeek
Russian APT Nomadic Octopus hacked Tajikistani carrier - Security Affairs
Russia’s APT28 targets Ukraine with bogus Windows updates • The Register
Russian spy network smuggles sensitive EU tech despite sanctions | Financial Times (ft.com)
Finnish newspaper hides Ukraine news reports for Russians in online game | Censorship | The Guardian
Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)
Nation State Actors
China’s Hackers Vastly Outnumber US. Cyber Agents by 50 to 1, FBI Director Testifies - MSSP Alert
Chinese APT Uses New 'Stack Rumbling' Technique to Disable Security Software - SecurityWeek
China 'Innovated' Its Cyber attack Tradecraft, Mandia Says (darkreading.com)
'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware (darkreading.com)
APT41 Subgroup Plows Through Asia-Pacific, Utilizing Layered Stealth Tactics (darkreading.com)
APT41’s PowerShell Backdoor Download Files From Windows (cyber securitynews.com)
US Chamber of Commerce warns of major increase in risks for businesses in China | CNN Business
China’s ‘men in black’ step up scrutiny of foreign corporate sleuths | Financial Times (ft.com)
Microsoft says Iranian hackers combine influence ops with hacking for maximum impact | CyberScoop
Attack on Security Titans: Earth Longzhi Returns With New Tricks (trendmicro.com)
North Korean APT Gets Around Macro-Blocking With LNK Switch-Up (darkreading.com)
Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)
China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register
Kimsuky hackers use new recon tool to find security gaps (bleepingcomputer.com)
Vulnerability Management
Vulnerabilities
WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin (searchenginejournal.com)
Cisco discloses a bug in Prime Collaboration Deployment solution - Security Affairs
Cisco Warns of Critical Vulnerability in EoL Phone Adapters - SecurityWeek
Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register
Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now (thehackernews.com)
Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software (thehackernews.com)
AMD TPM Exploit: faulTPM Attack Defeats BitLocker and TPM-Based Security (Updated) (msn.com)
Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation - SecurityWeek
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)
Apple Releases First-Ever Security Updates for Beats, AirPods Headphones - SecurityWeek
Some of the top AMD chips are suffering a serious security flaw | TechRadar
Tools and Controls
How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)
86 percent of developers knowingly deploy vulnerable code (betanews.com)
The hidden security risks in tech layoffs and how to mitigate them | CSO Online
Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)
ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)
It's time to harden AI and ML for cyber security | TechTarget
Using just-in-time access to reduce cloud security risk - Help Net Security
Using multiple solutions adds complexity to your zero trust strategy - Help Net Security
Your decommissioned routers could be a security disaster | Network World
Wanted Dead or Alive: Real-Time Protection Against Lateral Movement (thehackernews.com)
5 API security best practices you must implement - Help Net Security
3 questions CISOs expect you to answer during a security pitch | TechCrunch
Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)
4 Principles for Creating a New Blueprint for Secure Software Development (darkreading.com)
How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)
AppSec Making Progress or Spinning Its Wheels? (darkreading.com)
Windows admins can now sign up for ‘known issue’ email alerts (bleepingcomputer.com)
Top API vulnerabilities organisations can't afford to ignore - Help Net Security
How AI is reshaping the cyber security landscape - Help Net Security
Getting cyber-resilience right in a zero-trust world starts at the endpoint | VentureBeat
Practical Protection: Limiting the Damage from Local Admin Accounts (practical365.com)
To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)
Using Threat Intelligence to Get Smarter About Ransomware – Security Week
New Generative AI Tools Aim to Improve Security (darkreading.com)
Other News
Firmware Looms as the Next Frontier for Cyber security (darkreading.com)
Open Banking: A Perfect Storm for Security and Privacy? – Security Week
Malicious content lurks all over the web - Help Net Security
How Public-Private Information Sharing Can Level the Cyber security Playing Field (darkreading.com)
Eric Idle tells RSAC to look in the bright side of life • The Register
Your decommissioned routers could be a security disaster | Network World
FBI Focuses on Cyber security With $90M Budget Request (darkreading.com)
Google will remove secure website indicators in Chrome 117 (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 April 2023
Black Arrow Cyber Threat Briefing 21 April 2023:
-March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month
-Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces
-One in Three Businesses Faced Cyber Attacks Last Year
-Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged
-Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security
-Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes
-83% of Organizations Paid Up in Ransomware Attacks
-Security is a Revenue Booster, Not a Cost Centre
-EX-CEO Gets Prison Sentence for Bad Security
-Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers
-KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend
-Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber-Attack
-Outdated Cyber Security Practices Leave Door Open for Criminals
-Quantifying cyber risk vital for business survival
-Recycled Network Devices Exposing Corporate Secrets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month
March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.
Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.
The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.
Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces
Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.
The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:
Keeping up with threat intelligence (70%)
Allocating cyber security resources and budget (47%)
Visibility into all assets connected to the network (44%)
Compliance and regulation (39%)
Convergence of IT and OT (32%)
The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.
One in Three Businesses Faced Cyber Attacks Last Year
Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.
Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.
https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html
Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged
Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.
The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.
Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security
With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.
Cobalt’s recent report found:
Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.
Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.
Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.
https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/
Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes
Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.
Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.
https://www.hivesystems.io/blog/are-your-passwords-in-the-green
83% of Organisations Paid Up in Ransomware Attacks
A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.
Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.
https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/
Security is a Revenue Booster, Not a Cost Centre
Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.
For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.
In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.
https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center
Ex-CEO Gets Prison Sentence for Bad Security
A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.
Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.
The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.
Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers
There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.
https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/
KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend
KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.
The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.
71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.
Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.
Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack
Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.
While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.
Outdated Cyber Security Practices Leave Door Open for Criminals
A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.
https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/
Quantifying Cyber Risk Vital for Business Survival
Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.
https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/
Recycled Network Devices Exposing Corporate Secrets
Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.
Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.
In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.
The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.
https://www.infosecurity-magazine.com/news/recycled-network-exposing/
Threats
Ransomware, Extortion and Destructive Attacks
83% of organisations paid up in ransomware attacks | VentureBeat
March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)
Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)
Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)
RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)
Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)
NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs
Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek
LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)
Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch
Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs
Black Basta claims it's selling off stolen Capita data • The Register
Ransomware reinfection and its impact on businesses - Help Net Security
Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)
Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)
Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)
Medusa ransomware crew boasts of Microsoft code leak • The Register
New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)
Phishing & Email Based Attacks
New Qbot campaign delivers malware by hijacking business emails | CSO Online
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET
UK government employees receive average of 2,246 malicious emails per year - IT Security Guru
BEC – Business Email Compromise
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
US charges three men with six million dollar business email compromise plot | Tripwire
2FA/MFA
Malware
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)
US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)
New QBot campaign delivered hijacking business correspondenceSecurity Affairs
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)
Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)
'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)
What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)
Mobile
Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)
Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)
Botnets
Internet of Things – IoT
Military helicopter crash blamed on missing software patch • The Register
Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)
Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News
The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)
Five Eye nations release new guidance on smart city cyber security | CSO Online
Data Breaches/Leaks
Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)
Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters
Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News
Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek
Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek
Organised Crime & Criminal Actors
Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)
Standardized data collection methods can help fight cyber crime | TechTarget
Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
On the hunt for the businessmen behind a billion-dollar scam - BBC News
Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)
Insider Risk and Insider Threats
Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert
HR Magazine - UK government plans to make businesses liable for employee fraud
Top risks and best practices for securely offboarding employees | CSO Online
How to Strengthen your Insider Threat Security - IT Security Guru
Fraud, Scams & Financial Crime
Pre-pandemic techniques are fueling record fraud rates - Help Net Security
HR Magazine - UK government plans to make businesses liable for employee fraud
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)
US extradites Nigerian charged in $6m email fraud scam • The Register
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
Three charged over banking fraud for hire website | Computer Weekly
On the hunt for the businessmen behind a billion-dollar scam - BBC News
Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)
Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur
FTC orders payments firm to pay $650k over tech support scam • The Register
Scammers using social media to dupe people into becoming money mules - Help Net Security
AML/CFT/Sanctions
Insurance
Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)
Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek
Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online
Dark Web
Supply Chain and Third Parties
Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)
Lazarus APT group employed Linux Malware in recent attacks-Security Affairs
Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)
Software Supply Chain
Cloud/SaaS
Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)
Linux kernel logic allowed Spectre attack on major cloud • The Register
Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)
Is there really a march from the public cloud back on-prem? | TechCrunch
Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)
Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)
Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)
Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs
Attack Surface Management
Shadow IT
Identity and Access Management
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)
The biggest data security blind spot: Authorization - Help Net Security
Encryption
API
Open Source
Linux kernel logic allowed Spectre attack on major cloud • The Register
Security beyond software: The open source hardware security evolution - Help Net Security
Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian
Scammers using social media to dupe people into becoming money mules - Help Net Security
Regulations, Fines and Legislation
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
EU privacy regulators to create task force to investigate ChatGPT | Computerworld
What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)
Brit cops rapped over app that recorded 200k phone calls • The Register
Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)
US imposes $300m penalty over hard disk drive exports to Huawei - BBC News
Governance, Risk and Compliance
Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)
Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security
'One in three firms faced cyber attacks last year' (aol.co.uk)
Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com
Quantifying cyber risk vital for business survival - Help Net Security
Wargaming an effective data breach playbook - Help Net Security
Outdated cyber security practices leave door open for criminals - Help Net Security
CISOs struggling to protect sensitive data records - Help Net Security
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)
Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)
Ex-CIO must pay £81k over Total Shambles Bank migration • The Register
Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security
Top risks and best practices for securely offboarding employees | CSO Online
How companies are struggling to build and run effective cyber security programs - Help Net Security
Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)
Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)
Secure Disposal
Backup and Recovery
Data Protection
Government reprimanded for serious breaches of data protection law - Jersey Evening Post
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
Brit cops rapped over app that recorded 200k phone calls • The Register
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)
US extradites Nigerian charged in $6m email fraud scam • The Register
Three charged over banking fraud for hire website | Computer Weekly
US citizens charged with pushing pro-Kremlin disinformation • The Register
Privacy, Surveillance and Mass Monitoring
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
What the Recent Collapse of SVB Means for Privacy (darkreading.com)
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)
Artificial Intelligence
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online
Pen testing amid the rise of AI-powered threat actors | TechTarget
EU privacy regulators to create task force to investigate ChatGPT | Computerworld
Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register
AI-created malware sends shockwaves through cybersecurity world | Fox News
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)
ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russian hackers targeting UK more frequently (thetimes.co.uk)
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News
Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)
Meet the hacker armies on Ukraine's cyber front line - BBC News
Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)
Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews
NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)
UK, US sound the alarm on Russians exploiting Cisco flaws • The Register
Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)
US citizens charged with pushing pro-Kremlin disinformation • The Register
Heightened threat of state-aligned groups against western... - NCSC.GOV.UK
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
How cyber support to Ukraine can build its democratic future | CyberScoop
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)
Britain sounds alarm on spyware, mercenary hacking market | Reuters
Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)
The UK will need more than words in this cyber war | Financial Times (ft.com)
Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)
Nation State Actors
BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)
3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)
UK security chief’s alert over threat from China (thetimes.co.uk)
Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)
US charges 44 members of alleged Chinese troll army • The Register
Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)
Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)
Heightened threat of state-aligned groups against western... - NCSC.GOV.UK
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)
Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)
US imposes $300m penalty over hard disk drive exports to Huawei - BBC News
Vulnerability Management
Military helicopter crash blamed on missing software patch • The Register
Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)
Vulnerabilities
UK, US sound the alarm on Russians exploiting Cisco flaws • The Register
Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)
Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)
Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)
Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs
VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek
Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)
Tools and Controls
Pen testing amid the rise of AI-powered threat actors | TechTarget
7 countries unite to push for secure-by-design development | CSO Online
Wargaming an effective data breach playbook - Help Net Security
Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)
DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)
Microsoft opens up Defender with file hash, URL search • The Register
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)
Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek
CISOs struggling to protect sensitive data records - Help Net Security
AI defenders ready to foil AI-armed attackers • The Register
Newer Authentication Tech a Priority for 2023 (darkreading.com)
Other News
Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop
Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)
How to defend against TCP port 445 and other SMB exploits | TechTarget
Criminal Records Service still disrupted 4 weeks after hack - BBC News
Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)
EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 March 2023
Black Arrow Cyber Briefing 03 March 2023:
-It’s Time to Evaluate Your Security Education Plan Amongst the Rise in Social Engineering Attacks
-Mobile Users are More Susceptible to Phishing Attacks
-Phishing as a Service Stimulates Cyber Crime
-Attacker Breakout Time Drops to Just 84 Minutes
-Attackers are Developing and Deploying Exploits Faster Than Ever
-Old Vulnerabilities are Haunting Organisations and Aiding Attackers
-Scams Drive Nearly $9bn Fraud Surge in 2022
-Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This
-Cyber Security in This Era of Polycrisis
-Russian Ransomware Projects Rebranded to Avoid Western Sanctions
-Ransomware Attacks Ravaged Big Names in February
-Firms Who Pay Ransom Subsidise New Attacks
-How the Ukraine War Opened a Fault Line in Cyber Crime
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
It’s Time to Evaluate Your Security Education Plan with the Rise in Social Engineering Attacks
Security provider Purplesec found 98% of attacks in 2022 involved an element of social engineering. Social engineering attacks can take many forms including phishing, smishing, vishing and quishing and it’s vital to educate your organisation on how to best prepare for these. Education plans should focusing on educating all levels of users, including those at the top. These plans should also be tested to allow organisations to assess where they are at and identify where they can improve.
Mobile Users are More Susceptible to Phishing Attacks
A report conducted by mobile security provider Lookout focused on the impact of mobile phishing. Some of the key findings from the report included that more than 50% of personal devices were exposed to a mobile phishing attack every quarter, the percentage of users falling for multiple mobile phishing links increasing and an increased targeting of highly regulated industries such as insurance, banking and financial services. It is likely that this has resulted from the increase in relaxed bring your own device (BYOD) policies.
Phishing as a Service Stimulates Cyber Crime
Phishing attacks are at an all-time high and the usage of Phishing as a Service (PaaS) opens this attack technique to virtually anyone. The sale of “phishing kits” and usage of artificial intelligence has further increased the availability of this attack technique. In response, organisations should look to improve their email security, cloud security and education programs for employees.
https://www.trendmicro.com/en_us/ciso/23/c/phishing-as-a-service-phaas.html
Attacker Breakout Time Drops to Just 84 Minutes
The average time it takes for a threat actor to move laterally from a compromised host within an organisation dropped 14% between 2012 and 2022 down to 84 minutes, according to a report by security provider Crowdstrike. With the reduction in time it takes a threat actor to move across systems, organisations have even less time to enact their incident response plans and contain breaches effectively, putting further pressure on the incident response team. By responding quickly, organisations can minimise the cost and damage of a breach. The report from Crowdstrike found that organisations were facing increasing difficulty in detecting suspicious activity as attackers are choosing to use valid organisation credentials rather than malware, to gain access to an organisation’s systems.
https://www.infosecurity-magazine.com/news/attacker-breakout-time-drops-just/
Attackers are Developing and Deploying Exploits Faster Than Ever
A report from security provider Rapid7 found that over 56% of vulnerabilities were exploited within seven days of public disclosure. Worryingly, the median time for exploitation in 2022 was just one day. The finding from the report highlights the need for organisations to not only conduct threat intelligence to be aware of vulnerabilities but to also look to employ patches where possible in a timely manner.
https://www.helpnetsecurity.com/2023/03/03/attackers-developing-deploying-exploits/
Old Vulnerabilities are Haunting Organisations and Aiding Attackers
Known vulnerabilities, vulnerabilities for which patches have already been made available, are one of the primary attack vectors for threat actors. Vulnerability management vendor Tenable found that the top exploited vulnerabilities were originally disclosed as far back as 2017 and organisations that had not applied these patches were at increased risks of attack.
https://www.helpnetsecurity.com/2023/03/03/known-exploitable-vulnerabilities/
Scams Drive Nearly $9bn Fraud Surge in 2022
Americans lost $8.8 billion to fraud last year, with imposter scams responsible for $2.8 billion of that amount, according to the Federal Trade Commission (FTC). Losses to business imposters were particularly damaging, climbing to $660 million from the previous year. Interestingly, the FTC found that younger people reported losing money to fraud the most often.
https://www.infosecurity-magazine.com/news/investment-scams-drive-9bn-in/
Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This
The World Economic Forum’s recent report found that 93% of cyber security leaders and 86% of business leaders think it is moderately or very likely that global geopolitical instability will lead to a catastrophic cyber event in the next two years. Reinforcing this, a report from (ISC)² found that 80% of business executives believe a weakening economy will increase cyber threats and a recession will only amplify this.
Cyber Security in this Era of Polycrisis
A year since Russia invaded Ukraine, the geopolitical context is increasingly tense and volatile. The world faces several major crises in what has been coined a 'polycrisis,' a cluster of global shocks with compounding effects. This, along with increasing geopolitical tensions causes a rise in risk from cyber attacks. In fact, the European Union Agency for Cyber Security (ENISA) recently issued an alert regarding actors conducting malicious cyber activities against businesses and governments in the European Union and findings from Google show a 300% increase in state-sponsored cyber attacks targeting users in NATO countries.
https://www.weforum.org/agenda/2023/02/cybersecurity-in-an-era-of-polycrisis/
Russian Ransomware Projects Rebranded to Avoid Western Sanctions
Research provider TRM labs found that some major Russian-linked ransomware crime gangs have rebranded their activities in 2022 to avoid sanctions. To strengthen their anonymity, two major ransomware crime gangs LockBit and Conti restructured their activities. Conti is reported to have restructured into three smaller groups named Black Besta, BlackByte, Karakurt. LockBit on the other hand launched LockBit 3.0, which is focused on monetary gain. Additionally, the report found that Russian-speaking darknet markets had amassed over $130 million in sales.
https://cryptopotato.com/russian-ransomware-projects-rebranded-to-avoid-western-sanctions-report/
Ransomware Attacks Ravaged Big Names in February
Despite the apparent slight drop in ransomware activity last month, several high profile targets of various industries were hit; this ranges from the likes of the US Marshal Service, retailer WH Smith, satellite provider Dish and many more. These attacks reinforce the concept that any organisation can be a victim, regardless of industry.
Firms Who Pay Ransoms Subsidise New Attacks
A report from security provider Trend Micro found that whilst only a relatively small number of ransomware victims pay their extorters, those that do pay are effectively funding 6-10 new attacks. The report also found that attackers are aware of which industries and countries pay ransoms more often, so organisations belonging to those industries and countries may find themselves an even more attractive target.
https://www.infosecurity-magazine.com/news/firms-pay-ransom-subsidise-10/
How the Ukraine War Opened a Fault Line in Cyber Crime
A report from threat intelligence provider Recorded Future has highlighted the impact that the Russian invasion of Ukraine has had on cyber. Recorded Future explain how a number of threat actor groups fled during the war and in addition to differing political views between groups, there has been a disruption to the cyber environment. In fact, Recorded Future found that Russian-language dark web marketplaces have taken a major hit and the prediction is that the epicentre of cyber crime may shift to English-speaking dark web forums, shops and marketplaces.
https://www.darkreading.com/analytics/ukraine-war-fault-line-cybercrime-forever
Threats
Ransomware, Extortion and Destructive Attacks
Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online
Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Ransomware Attacks: Don’t Let Your Guard Down - SecurityWeek
Ransomware attacks ravaged big names in February | TechTarget
Cyber Insurance Market Back From Brink After Onslaught of Ransomware Attacks (insurancejournal.com)
Royal Mail schools LockBit in leaked negotiation (malwarebytes.com)
'Ethical hacker' among ransomware suspects arrested • The Register
Wiper malware goes global, destructive attacks surge - Help Net Security
A Deep Dive into the Evolution of Ransomware Part 3 (trendmicro.com)
New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware (bleepingcomputer.com)
PureCrypter malware hits govt orgs with ransomware, info-stealers (bleepingcomputer.com)
Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain (thehackernews.com)
Dish Network confirms ransomware attack behind multi-day outage (bleepingcomputer.com)
US Marshals Ransomware Hit Is 'Major' Incident (darkreading.com)
The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)
Vice Society publishes data stolen during Vesuvius ransomware attack • Graham Cluley
US Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities (thehackernews.com)
Phishing & Email Based Attacks
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert
Phishing as a Service Stimulates Cyber crime (trendmicro.com)
BEC – Business Email Compromise
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Expert strategies for defending against multilingual email-based attacks - Help Net Security
Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan (darkreading.com)
The Top 5 New Social Engineering Attacks in 2023 - (ISC)² Blog (isc2.org)
How to Prevent Callback Phishing Attacks on Your Organization (bleepingcomputer.com)
2FA/MFA
Malware
RIG Exploit Kit still infects enterprise users via Internet Explorer (bleepingcomputer.com)
Exfiltrator-22 Post-Exploitation Toolkit Nips At Cobalt Strike's Heels (darkreading.com)
Malicious package flood on PyPI might be sign of new attacks to come | CSO Online
Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)
It's official: BlackLotus malware can bypass secure boot • The Register
Threat actors target law firms with GootLoader and SocGholish--Security Affairs
Mobile
Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert
Mobile Banking Trojans Surge, Doubling in Volume (darkreading.com)
Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News
Don't be fooled by a pretty icon, malicious apps hide in plain sight - Help Net Security
Denial of Service/DoS/DDOS
Data Breaches/Leaks
LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)
Stanford University discloses data breach affecting PhD applicants (bleepingcomputer.com)
Threat actors leak Activision employee data on hacking forum--Security Affairs
10 US states that suffered the most devastating data breaches in 2022 - Help Net Security
Australian orgs lodged 497 data breach notices in back half of 2022 - Security - iTnews
Hatch Bank discloses data breach after GoAnywhere MFT hack (bleepingcomputer.com)
GunAuction site was hacked and data of 565k accounts were exposed--Security Affairs
Chick-fil-A confirms accounts hacked in months-long "automated" attack (bleepingcomputer.com)
What GoDaddy's Years-Long Breach Means for Millions of Clients (darkreading.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptocurrency Bitcoin mining rig found in school crawlspace • The Register
Highly evasive cryptocurrency miner targets macOS--Security Affairs
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Investment Scams Drive $9bn Fraud Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)
FTC reveals alarming increase in scam activity, costing consumers billions - Help Net Security
Resecurity identified the investment scam network Digital Smoke - Help Net Security
Pig butchering scam explained: Everything you need to know (techtarget.com)
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
Third-party risks overwhelm traditional ERM setups - Help Net Security
Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
Software Supply Chain
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
SBOM is a 'massive galaxy of mess' for supply chain security • The Register
IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)
Cloud/SaaS
How to Tackle the Top SaaS Challenges of 2023 (thehackernews.com)
Cloud incident response: Frameworks and best practices | TechTarget
Security teams have no control over risky SaaS-to-SaaS connections - Help Net Security
It only takes one over-privileged identity to do major damage to a cloud - Help Net Security
SCARLETEEL hackers use advanced cloud skills to steal source code, data (bleepingcomputer.com)
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
Google Cloud Platform allows data exfiltration without a (forensic) trace - Help Net Security
What Happened in That Cyber attack? With Some Cloud Services, You May Never Know (darkreading.com)
New Report: Inside the High Risk of Third-Party SaaS Apps (darkreading.com)
Containers
Hybrid/Remote Working
Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)
How to work from home securely, the NSA way (malwarebytes.com)
Encryption
API
Open Source
Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)
Should organisations swear off open-source software altogether? | VentureBeat
IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek
Critical Vulnerabilities Allowed Booking.com Account Takeover - SecurityWeek
Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (darkreading.com)
Social Media
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO
TikTok answers three big cyber-security fears about the app - BBC News
Meta says $725M deal ends all Cambridge Analytica claims; one state disagrees | Ars Technica
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)
Cyber resilience in focus: EU act to set strict standards - Help Net Security
Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)
ML practitioners push for mandatory AI Bill of Rights - Help Net Security
Governance, Risk and Compliance
Third-party risks overwhelm traditional ERM setups - Help Net Security
CISOs Share Their 3 Top Challenges for Cybersecurity Management (darkreading.com)
The Importance of Recession-Proofing Security Operations (darkreading.com)
Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert
CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles - SecurityWeek
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Gartner Prediction: Nearly Half of Cybersecurity Pros Will Change Jobs by 2025 - MSSP Alert
Growing Demand For Skilled Cybersecurity Workforce In Digital Age (informationsecuritybuzz.com)
Partnering With a Cybersecurity Vendor Can Help You Recruit Top Talent - MSSP Alert
CISOs Are Stressed Out and It's Putting Companies at Risk (thehackernews.com)
Law Enforcement Action and Take Downs
'Ethical hacker' among ransomware suspects arrested • The Register
The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)
Privacy, Surveillance and Mass Monitoring
UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)
Press greets Home Office redraft of national security bill with scepticism | Media | The Guardian
The Air Force Is Now Using Facial Recognition Drones (gizmodo.com)
How dog tracker apps are snooping on humans, according to cyber security experts (telegraph.co.uk)
Artificial Intelligence
Generative AI Changes Everything We Know About Cyber attacks (darkreading.com)
ChatGPT is bringing advancements and challenges for cybersecurity - Help Net Security
How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)
ML practitioners push for mandatory AI Bill of Rights - Help Net Security
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)
How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)
Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)
CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
Russian charged with smuggling US counterintel tech • The Register
Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online
China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)
'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek
China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian
Nation State Actors
Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)
How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)
Hacker group defaces Russian websites to display the Kremlin on fire | TechCrunch
Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)
CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
Russian charged with smuggling US counterintel tech • The Register
Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online
EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO
China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)
'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek
China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian
TikTok answers three big cyber-security fears about the app - BBC News
Russia bans foreign messaging apps in government organisations (bleepingcomputer.com)
Chinese hackers use new custom backdoor to evade detection (bleepingcomputer.com)
Vulnerability Management
Vulnerabilities
A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica
Hackers are actively exploiting Zoho ManageEngine flaw-Security Affairs
All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million (searchenginejournal.com)
CISA warns of hackers exploiting ZK Java Framework RCE flaw (bleepingcomputer.com)
Cisco patches critical Web UI RCE flaw in multiple IP phones (bleepingcomputer.com)
Aruba Networks fixes six critical vulnerabilities in ArubaOS (bleepingcomputer.com)
Microsoft releases Windows security updates for Intel CPU flaws (bleepingcomputer.com)
Tools and Controls
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)
Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online
The Future of Network Security: Predictive Analytics and ML-Driven Solutions (thehackernews.com)
Microsoft announces automatic BEC, ransomware attack disruption capabilities - Help Net Security
How to use zero trust and IAM to defend against cyber attacks in an economic downturn | VentureBeat
Pentesting No Longer Driven by Regulatory Compliance, New Study Finds - MSSP Alert
Application Security vs. API Security: What is the difference? (thehackernews.com)
Accurately assessing the success of zero-trust initiatives | TechTarget
Other News
Attackers are developing and deploying exploits faster than ever - Help Net Security
Attacker Breakout Time Drops to Just 84 Minutes - Infosecurity Magazine (infosecurity-magazine.com)
Moving target defence must keep cyber attackers guessing - Help Net Security
Covert cyber attacks on the rise as attackers shift tactics for maximum impact - Help Net Security
Dormant accounts are a low-hanging fruit for attackers - Help Net Security
Dish Network goes offline after likely cyber attack, employees cut off (bleepingcomputer.com)
News Corp says state hackers were on its network for two years (bleepingcomputer.com)
UK won the Military Cyberwarfare exercise Defence Cyber Marvel-Security Affairs
To Safeguard Critical Infrastructure, Go Back to Basics (darkreading.com)
Feds accuse Google of destroying evidence in antitrust case • The Register
Microsoft recommending you scan more Exchange server files • The Register
CISA director urges tech sector to stop shipping unsafe products | CyberScoop
Developers can make a great extension of your security team - Help Net Security
2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots (thehackernews.com)
Uncovering the most pressing cybersecurity concerns for SMBs - Help Net Security
Wiz execs: Most overhyped security tool is technology itself • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 February 2023
Black Arrow Cyber Briefing 24 February 2023:
-Employees Bypass Cyber Security Guidance to Achieve Business Objectives
-Three Quarters of Businesses Braced for Serious Email Attack this Year
-The Cost of Living Crisis is Triggering a Wave of Workplace Crime
-Fighting Ransomware with Cyber Security Audits
-Record Levels of Fraud Impacting 90% of Payment Compliance Teams
-CISOs Struggle with Stress and Limited Resources
-Cyber Threats and Regulations Mount for Financial Industry
-HardBit Ransomware Wants Insurance Details to Set the Perfect Price
-Social Engineering is Becoming Increasingly Sophisticated
-A Fifth of Brits Have Fallen Victim to Online Scammers
-Cyber Attacks Hit Data Centres to Steal Information From Companies
-Phishing Fears Ramp Up on Email, Collaboration Platforms
-The War in Ukraine has Shaken up the Cyber Criminal Eco-system
-Police Bust €41m Email Scam Gang
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Employees Bypass Cyber Security Guidance to Achieve Business Objectives
Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.
https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/
Three Quarters of Businesses Braced for Serious Email Attack this Year
According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.
The Cost of Living Crisis is Triggering a Wave of Workplace Crime
Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000. Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.
Fighting Ransomware with Cyber Security Audits
With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.
https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html
Record Levels of Fraud Impacting 90% of Payment Compliance Teams
New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.
CISOs Struggle with Stress and Limited Resources
A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.
https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/
Cyber Threats and Regulations Mount for Financial Industry
Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.
https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry
HardBit Ransomware Wants Insurance Details to Set the Perfect Price
Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.
Social Engineering is Becoming Increasingly Sophisticated
The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.
https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html
A Fifth of Brits Have Fallen Victim to Online Scammers
Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.
https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/
Cyber Attacks Hit Data Centres to Steal Information from Companies
Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.
Phishing Fears Ramp Up on Email, Collaboration Platforms
Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.
The War in Ukraine has Shaken up the Cyber Criminal Eco-System
One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.
Police Bust €41m Email Scam Gang
A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.
https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/
Threats
Ransomware, Extortion and Destructive Attacks
HardBit ransomware wants insurance details to set the perfect price (bleepingcomputer.com)
An Overview of the Global Impact of Ransomware Attacks (bleepingcomputer.com)
Fight Ransomware with a Cyber security Audit (trendmicro.com)
Time to Deploy Ransomware Drops 94% - Infosecurity Magazine (infosecurity-magazine.com)
Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)
A Deep Dive into the Evolution of Ransomware Part 1 (trendmicro.com)
A Deep Dive into the Evolution of Ransomware Part 2 (trendmicro.com)
Guardian staff forced to work out of former brewery after ransomware attack (telegraph.co.uk)
Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers (trendmicro.com)
Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)
GoAnywhere zero-day opened door to Clop ransomware (malwarebytes.com)
Derivatives market still hit by fallout from Ion Markets cyber attack | Financial Times (ft.com)
Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)
IBM: Ransomware defenders showing signs of improvement | TechTarget
ESXiArgs Ransomware Has Spread to 500 New Targets in Europe. Will there be More? - MSSP Alert
Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED
Food giant Dole hit by ransomware, halts North American production temporarily (bitdefender.com)
Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)
Trellix Report: LockBit 3.0 Ransomware "Most Aggressive" with Demands - MSSP Alert
Israel's Top Tech University Targeted by DarkBit Ransomware (darkreading.com)
Lockbit gang hit Portuguese municipal water utility Aguas do Porto-Security Affairs
Student Medical Records Exposed After LAUSD Breach (darkreading.com)
Phishing & Email Based Attacks
Three-quarters of businesses braced for ‘serious’ email attack this year | CSO Online
Phishing Fears Ramp Up on Email, Collaboration Platforms (darkreading.com)
Big rise in 'email thread hijacking' by cyber criminals (rte.ie)
Smishing, vishing and whaling: How phishing scams are evolving | The Star
Microsoft Outlook flooded with spam due to broken email filters (bleepingcomputer.com)
Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek
BEC – Business Email Compromise
Google Translate Helps BEC Groups Scam Companies in Any Language (darkreading.com)
Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering; Smishing, Vishing, etc
Social engineering, deception becomes increasingly sophisticated-Security Affairs
Smishing, vishing and whaling: How phishing scams are evolving | The Star
Coinbase cyber attack targeted employees with fake SMS alert (bleepingcomputer.com)
2FA/MFA
Malware
Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)
Researchers unearth Windows backdoor that’s unusually stealthy | Ars Technica
Researchers warn of 'Havoc' command and control tool • The Register
New WhiskerSpy malware delivered via trojanized codec installer (bleepingcomputer.com)
Frebniis malware abuses Microsoft IIS feature to create a backdoor-Security Affairs
New Stealc malware emerges with a wide set of stealing capabilities (bleepingcomputer.com)
Experts Warn of RambleOn Android Malware Targeting South Korean Journalists (thehackernews.com)
Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)
Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (darkreading.com)
Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (darkreading.com)
Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)
Russian national accused of developing, selling malware appears in US. court | CyberScoop
Defenders on high alert as backdoor attacks become more common - Help Net Security
Mobile
Five easy steps to keep your smartphone safe from hackers | ZDNET
Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities - SecurityWeek
Accidental WhatsApp account takeovers? It's a thing • The Register
Google will boost Android security through firmware hardening (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Sensitive US military emails exposed by unsecured Azure server • The Register
DNA testing firm inks settlement after forgotten DB break-in • The Register
Activision did not notify employees of data breach for months | TechCrunch
GoDaddy blasted for breach response | SC Media (scmagazine.com)
TELUS investigating leak of stolen source code, employee data (bleepingcomputer.com)
Organised Crime & Criminal Actors
The war in Ukraine has shaken up the cyber criminal ecosystem, Google says | ZDNET
Russian cyber crime alliances upended by Ukraine invasion • The Register
Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Norwegian police recover $5.9m crypto stolen by North Korea • The Register
Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek
Coinbase breached by social engineers, employee data stolen – Naked Security (sophos.com)
‘Nevada Group’ hackers target thousands of computer networks | Financial Times (ft.com)
Pirated Final Cut Pro infects your Mac with cryptomining malware (bleepingcomputer.com)
SBF faces four additional charges in FTX collapse case • The Register
Insider Risk and Insider Threats
Employees bypass cyber security guidance to achieve business objectives - Help Net Security
Insider Threats Don't Mean Insiders Are Threatening (darkreading.com)
Insider threats must be top-of-mind for organisations facing layoffs - Help Net Security
Fraud, Scams & Financial Crime
The cost of living crisis is triggering a wave of workplace crime - here's how | UK News | Sky News
FTC: Americans lost $8.8 billion to fraud in 2022 after 30% surge (bleepingcomputer.com)
Europol busts ‘CEO fraud’ gang that stole €38M in a few days (bleepingcomputer.com)
Criminals are flooding the internet with fake advice scams and adware, so watch out | TechRadar
City Fund Managers Jailed for £8m Fraud - Infosecurity Magazine (infosecurity-magazine.com)
Scammers Mimic ChatGPT to Steal Business Credentials (darkreading.com)
SBF faces four additional charges in FTX collapse case • The Register
Insurance
Supply Chain and Third Parties
Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)
3 Steps to Automate Your Third-Party Risk Management Program (thehackernews.com)
Software Supply Chain
Cloud/SaaS
Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat
Four steps SMBs can take to close SaaS security gaps - Help Net Security
Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? (darkreading.com)
Four Reasons Why Web Security is as Important as Endpoint Security for MSSP Clients - MSSP Alert
Containers
Encryption
Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)
7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media (darkreading.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
Malvertising
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Employees bypass cyber security guidance to achieve business objectives - Help Net Security
The financial system is alarmingly vulnerable to cyber attack | Financial Times (ft.com)
Cyber threats, Regulations Mount for Financial Industry (darkreading.com)
Fight Ransomware with a Cyber security Audit (trendmicro.com)
Evolving Threat Landscape Leading to Cyber security Pro “Burnout,” Study Says - MSSP Alert
Benchmarking your cyber security budget in 2023 | VentureBeat
7 reasons to avoid investing in cyber insurance | CSO Online
5 top threats from 2022 most likely to strike in 2023 | CSO Online
Cyber arms race, economic headwinds among top macro cyber security risks for 2023 | CSO Online
Malicious actors push the limits of attack vectors - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
CISOs struggle with stress and limited resources - Help Net Security
Complexity, volume of cyber attacks lead to burnout in security teams - Help Net Security
Law Enforcement Action and Take Downs
Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek
Russian national accused of developing, selling malware appears in US. court | CyberScoop
Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
MLOps Security AI power analysis breaks post-quantum security algorithm ... (eenewseurope.com)
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek
Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs
Russian cybercrime alliances upended by Ukraine invasion • The Register
Musk restricts Starlink for Ukraine, cites World War III | Fortune
America Loves Spying by Balloon, Just Like China (gizmodo.com)
How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek
Russia blames 'hackers' for fake missile strike alerts • The Register
Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
British Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)
Nation State Actors
ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs
The war in Ukraine has shaken up the cybercriminal ecosystem, Google says | ZDNET
Russian cybercrime alliances upended by Ukraine invasion • The Register
Norwegian police recover $5.9m crypto stolen by North Korea • The Register
America Loves Spying by Balloon, Just Like China (gizmodo.com)
EU Organisations Warned of Chinese APT Attacks - SecurityWeek
How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek
Earth Zhulong Familiar Patterns Target Southeast Asian Firms (trendmicro.com)
Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack (trendmicro.com)
Putin Speech Broadcast Temporarily Stopped By DDoS Attack (informationsecuritybuzz.com)
Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED
Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (thehackernews.com)
Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
Vulnerability Management
CVSS system criticized for failure to address real-world impact | The Daily Swig (portswigger.net)
Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)
At least one open source vulnerability found in 84% of code bases: Report | CSO Online
Vulnerabilities
US Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog (thehackernews.com)
SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities - SecurityWeek
A New Kind of Bug Spells Trouble for iOS and macOS Security | WIRED
VMware Patches Critical Vulnerability in Carbon Black App Control Product (thehackernews.com)
PoC exploit code for critical Fortinet FortiNAC bug released online-Security Affairs
Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks - SecurityWeek
Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (bleepingcomputer.com)
Exploitation attempts observed against Fortinet FortiNAC flaw | TechTarget
Researchers find hidden vulnerabilities in hundreds of Docker containers - Help Net Security
Tools and Controls
Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)
Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat
10 Best Network Security Solutions & Providers - 2023 (cybersecuritynews.com)
Why privileged access management should be critical to your security strategy | VentureBeat
The battle for data security now falls on developers; here’s how they can win | VentureBeat
Zero trust, XDR prominent in Gartner’s Hype Cycle for Endpoint Security | VentureBeat
Advantages of the AWS Security Maturity Model (trendmicro.com)
Other News
Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)
NSA shares guidance on how to secure your home network (bleepingcomputer.com)
Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)
Malicious actors push the limits of attack vectors - Help Net Security
Researchers Hijack Popular NPM Package with Millions of Downloads (thehackernews.com)
Justice Department Debuts 'Disruptive Technology Strike Force' (gizmodo.com)
How to Detect New Threats via Suspicious Activities (thehackernews.com)
At least one open source vulnerability found in 84% of code bases: Report | CSO Online
Microsoft urges Exchange admins to remove some antivirus exclusions (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23 December 2022
Black Arrow Cyber Threat Briefing 23 December 2022:
-LastPass Users: Your Info and Password Vault Data are Now in Hackers’ Hands
-Ransomware Attacks Increased 41% In November
-The Risk of Escalation from Cyber Attacks Has Never Been Greater
-FBI Recommends Ad Blockers as Cyber Criminals Impersonate Brands in Search Engine Ads
-North Korea-Linked Hackers Stole $626 Million in Virtual Assets in 2022
-UK Security Agency Wants Fresh Approach to Combat Phishing
-GodFather Android malware targets 400 banks, crypto exchanges
-Companies Overwhelmed by Available Tech Solutions
-Nine in 10 Third-party Contractors, Freelancers Use Personal, Unmanaged Devices Likely to be Infected
-UK Privacy Regulator Names and Shames Breached Firms
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
LastPass Admits Attackers have an Encrypted Copy of Customers’ Password Vaults
Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contain the passwords to their accounts.
In a December 22nd update to its advice about the incident, LastPass brings customers up to date by explaining that in the August 2022 attack “some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.” Those creds allowed the attacker to copy information “that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”
The update reveals that the attacker also copied “customer vault” data, the file LastPass uses to let customers record their passwords. That file “is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.” The passwords are encrypted with “256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password”.
LastPass’ advice is that even though attackers have that file, customers who use its default settings have nothing to do as a result of this update as “it would take millions of years to guess your master password using generally-available password-cracking technology.” One of those default settings is not to re-use the master password that is required to log into LastPass. The outfit suggests you make it a complex credential and use that password for just one thing: accessing LastPass.
LastPass therefore offered the following advice to individual and business users: If your master password does not make use of the defaults above, then it would significantly reduce the number of attempts needed to guess it correctly. In this case, as an extra security measure, you should consider minimising risk by changing passwords of websites you have stored.
LastPass’s update concludes with news it decommissioned the systems breached in August 2022 and has built new infrastructure that adds extra protections.
https://www.theregister.com/2022/12/23/lastpass_attack_update/
Ransomware Attacks Increased 41% In November
Ransomware attacks rose 41% last month as groups shifted among the top spots and increasingly leveraged DDoS attacks, according to new research from NCC Group.
A common thread of NCC Group's November Threat Pulse was a "month full of surprises," particularly related to unexpected shifts in threat actor behaviour. The Cuba ransomware gang resurged with its highest number of attacks recorded by NCC Group. Royal replaced LockBit 3.0 as the most active strain, a first since September of last year.
These factors and more contributed to the significant jump in November attacks, which rose from 188 in October to 265.
"For 2022, this increase represents the most reported incidents in one month since that of April, when there were 289 incidents, and is also the largest month-on-month increase since June-July's marginally larger increase of 47%," NCC Group wrote in the report.
Operators behind Royal ransomware, a strain that emerged earlier this year that operates without affiliates and utilises intermittent encryption to evade detection, surpassed LockBit 3.0 for the number one spot, accounting for 16% of hack and leak incidents last month.
The Risk of Escalation from Cyber Attacks Has Never Been Greater
In 2022, an American dressed in his pyjamas took down North Korea’s Internet from his living room. Fortunately, there was no reprisal against the United States. But Kim Jong Un and his generals must have weighed retaliation and asked themselves whether the so-called independent hacker was a front for a planned and official American attack.
In 2023, the world might not get so lucky. There will almost certainly be a major cyber attack. It could shut down Taiwan’s airports and trains, paralyse British military computers, or swing a US election. This is terrifying, because each time this happens, there is a small risk that the aggrieved side will respond aggressively, maybe at the wrong party, and (worst of all) even if it carries the risk of nuclear escalation.
This is because cyber weapons are different from conventional ones. They are cheaper to design and wield. That means great powers, middle powers, and pariah states can all develop and use them.
More important, missiles come with a return address, but virtual attacks do not. Suppose in 2023, in the coldest weeks of winter, a virus shuts down American or European oil pipelines. It has all the markings of a Russian attack, but intelligence experts warn it could be a Chinese assault in disguise. Others see hints of the Iranian Revolutionary Guard. No one knows for sure. Presidents Biden and Macron have to decide whether to retaliate at all, and if so, against whom … Russia? China? Iran? It's a gamble, and they could get unlucky.
Neither country wants to start a conventional war with one another, let alone a nuclear one. Conflict is so ruinous that most enemies prefer to loathe one another in peace. During the Cold War, the prospect of mutual destruction was a huge deterrent to any great power war. There were almost no circumstances in which it made sense to initiate an attack. But cyber warfare changes that conventional strategic calculus. The attribution problem introduces an immense amount of uncertainty, complicating the decision our leaders have to make.
FBI Recommends Ad Blockers as Cyber Criminals Impersonate Brands in Search Engine Ads
The Federal Bureau of Investigation (FBI) this week raised the alarm on cyber criminals impersonating brands in advertisements that appear in search engine results. The agency has advised consumers to use ad blockers to protect themselves from such threats.
The attackers register domains similar to those of legitimate businesses or services, and use those domains to purchase ads from search engine advertisement services, the FBI says in an alert. These nefarious ads are displayed at the top of the web page when the user searches for that business or service, and the user might mistake them for an actual search result.
Links included in these ads take users to pages that are identical to the official web pages of the impersonated businesses, the FBI explains. If the user searches for an application, they are taken to a fake web page that uses the real name of the program the user searches for, and which contains a link to download software that is, in fact, malware.
“These advertisements have also been used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms,” the FBI notes. Seemingly legitimate exchange platforms, the malicious sites prompt users to provide their login and financial information, which the cyber criminals then use to steal the victim’s funds.
“While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link,” the FBI says.
Businesses are advised to use domain protection services to be notified of domain spoofing, and to educate users about spoofed websites and on how to find legitimate downloads for the company’s software.
Users are advised to check URLs to make sure they access authentic websites, to type a business’ URL into the browser instead of searching for that business, and to use ad blockers when performing internet searches. Ad blockers can have a negative impact on the revenues of online businesses and advertisers, but they can be good for online security, and even the NSA and CIA are reportedly using them.
North Korea-Linked Hackers Stole $626 Million in Virtual Assets in 2022
South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years.
According to the spy agency, more than half the crypto assets (about 800 billion won ($626 million)) have been stolen this year alone, reported the Associated Press. The Government of Pyongyang focuses on crypto hacking to fund its military program following harsh UN sanctions.
“South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cyber crimes since UN economic sanctions were toughened in 2017 in response to its nuclear and missile tests.” reported the AP agency. North Korea cannot export its products due to the UN sanctions imposed in 2016 and 1017, and the impact on its economy is dramatic.
The NIS added that more than 100 billion won ($78 million) of the total stolen funds came from South Korea. Cyber security and intelligence experts believe that attacks aimed at the cryptocurrency industry will continue to increase next year. National Intelligence Service experts believe that North Korea-linked APT groups will focus on the theft of South Korean technologies and confidential information on South Korean foreign policy and national security.
Data published by the National Intelligence Service agency confirms a report published by South Korean media outlet Chosun early this year that revealed North Korean threat actors have stolen around $1.7 billion (2 trillion won) worth of cryptocurrency from multiple exchanges during the past five years.
https://securityaffairs.co/wordpress/139909/intelligence/north-korea-cryptocurrency-theft.html
UK Security Agency Wants Fresh Approach to Combat Phishing
The UK National Cyber Security Centre (NCSC) has called for a defence-in-depth approach to help mitigate the impact of phishing, combining technical controls with a strong reporting culture.
Writing in the agency’s blog, technical director and principal architect, “Dave C,” argued that many of the well-established tenets of anti-phishing advice simply don’t work. For example, advising users not to click on links in unsolicited emails is not helpful when many need to do exactly that as part of their job.
This is often combined with a culture where users are afraid to report that they’ve accidentally clicked, which can delay incident response, he said. It’s not the user’s responsibility to spot a phish – rather, it’s their organisation’s responsibility to protect them from such threats, Dave C argued.
As such, they should build layered technical defences, consisting of email scanning and DMARC/SPF policies to prevent phishing emails from arriving into inboxes. Then, organisations should consider the following to prevent code from executing:
Allow-listing for executables
Registry settings changes to ensure dangerous scripting or file types are opened in Notepad and not executed
Disabling the mounting of .iso files on user endpoints
Making sure macro settings are locked down
Enabling attack surface reduction rules
Ensuring third-party software is up to date
Keeping up to date about current threats
Additionally, organisations should take steps such as DNS filtering to block suspicious connections and endpoint detection and response (EDR) to monitor for suspicious behaviour, the NCSC advised.
https://www.infosecurity-magazine.com/news/uk-security-agency-combat-phishing/
GodFather Android malware targets 400 banks, crypto exchanges
An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.
The malware generates login screens overlaid on top of the banking and crypto exchange apps' login forms when victims attempt to log into the site, tricking the user into entering their credentials on well-crafted HTML phishing pages.
The Godfather trojan was discovered by Group-IB analysts, who believe it is the successor of Anubis, a once widely-used banking trojan that gradually fell out of use due to its inability to bypass newer Android defences. ThreatFabric first discovered Godfather in March 2021, but it has undergone massive code upgrades and improvements since then.
Also, Cyble published a report yesterday highlighting a rise in the activity of Godfather, pushing an app that mimics a popular music tool in Turkey, downloaded 10 million times via Google Play. Group-IB has found a limited distribution of the malware in apps on the Google Play Store; however, the main distribution channels haven't been discovered, so the initial infection method is largely unknown.
Almost half of all apps targeted by Godfather, 215, are banking apps, and most of them are in the United States (49), Turkey (31), Spain (30), Canada (22), France (20), Germany (19), and the UK (17).
Apart from banking apps, Godfather targets 110 cryptocurrency exchange platforms and 94 cryptocurrency wallet apps.
Companies Overwhelmed by Available Tech Solutions
92% of executives reported challenges in acquiring new tech solutions, highlighting the complexities that go into the decision-making process, according to GlobalDots.
Moreover, some 34% of respondents said the overwhelming amount of options was a challenge when deciding on the right solutions, and 33% admitted the time needed to conduct research was another challenge in deciding.
Organisations of all varieties rely on technology more than ever before. The constant adoption of innovation is no longer a luxury but rather a necessity to stay on par in today’s fast-paced and competitive digital landscape. In this environment, IT and security leaders are coming under increased pressure to show ROIs from their investment in technology while balancing operational excellence with business innovation. Due to current market realities, IT teams are short-staffed and suffering from a lack of time and expertise, making navigating these challenges even more difficult.
The report investigated how organisations went about finding support for their purchasing decisions. Conferences, exhibitions, and online events served as companies’ top source of information for making purchasing decisions, at 52%. Third-party solutions, such as value-added resellers and consultancies, came in second place at 48%.
54% are already using third parties to purchase, implement, or support their solutions, highlighting the value that dedicated experts with in-depth knowledge of every solution across a wide range of IT fields provide.
We are living in an age of abundance when it comes to tech solutions for organisations, and this makes researching and purchasing the right solutions for your organisation extremely challenging.
https://www.helpnetsecurity.com/2022/12/20/tech-purchasing-decisions/
Nine in 10 Third-party Contractors, Freelancers Use Personal, Unmanaged Devices Likely to be Infected
Talon Cyber Security surveyed 258 third-party providers to better understand the state of third-party working conditions, including work models, types of devices and security technologies used, potentially risky actions taken, and how security and IT tools impact productivity.
Looking at recent high-profile breaches, third parties have consistently been at the epicenter, so they took a step back with their research to better understand the potential root causes. The findings paint a picture of a third-party work landscape where individuals are consistently working from personal, unmanaged devices, conducting risky activities, and having their productivity impacted by legacy security and IT solutions.
Here’s what Talon discovered:
Most third parties (89%) work from personal, unmanaged devices, where organisations lack visibility and cannot enforce the enterprise’s security posture on. Talon pointed to a Microsoft data point that estimated users are 71% more likely to be infected on an unmanaged device.
With third parties working from personal devices, they tend to carry out personal, potentially risky tasks. Respondents note that at least on occasion, they have used their devices to:
Browse the internet for personal needs (76%)
Indulge in online shopping (71%)
Check personal email (75%)
Save weak passwords in the web browser (61%)
Play games (53%)
Allow family members to browse (36%)
Share passwords with co-workers (24%)
Legacy apps such as Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) solutions are prominent, with 45% of respondents using such technologies while working for organisations.
UK Privacy Regulator Names and Shames Breached Firms
The UK Information Commissioner’s Office (ICO) has taken the unusual step of publishing details of personal data breaches, complaints and civil investigations on its website, according to legal experts.
The data, available from Q4 2021 onwards, includes the organisation’s name and sector, the relevant legislation and the type of issues involved, the date of completion and the outcome.
Given the significance of this development, it’s surprising that the ICO has (1) chosen to release it with limited fanfare, and (2) buried the data sets on its website. Indeed, it seems to have flown almost entirely under the radar.
Understanding whether their breach or complaint will be publicised by European regulators is one of – if not the – main concern that organisations have when working through an incident, and the answer has usually been no. That is particularly the understanding or assumption where the breach or complaint is closed without regulatory enforcement. Now, at least in the UK, the era of relative anonymity looks to be over.
Despite the lack of fanfare around the announcement, this naming and shaming approach could make the ICO one of the more aggressive privacy regulators in Europe. In the future, claimant firms in class action lawsuits may adopt “US-style practices” of scanning the ICO database to find evidence of repeat offending or possible new cases.
The news comes even as data reveals the value of ICO fines issued in the past year tripled from the previous 12 months. In the year ending October 31 2022, the regulator issued fines worth £15.2m, up from £4.8m the previous year. The sharp increase in the value of fines shows the ICO’s increasing willingness selectively to crack down on businesses – particularly those that the ICO perceives has not taken adequate measures to protect customer and employee data.
https://www.infosecurity-magazine.com/news/uk-privacy-regulator-names-and/
Threats
Ransomware, Extortion and Destructive Attacks
20 companies affected by major ransomware attacks in 2021 | TechTarget
NCC Group: Ransomware attacks increased 41% in November | TechTarget
Adversarial risk in the age of ransomware - Help Net Security
FIN7 hackers create auto-attack platform to breach Exchange servers (bleepingcomputer.com)
Ransomware Uses New Exploit to Bypass ProxyNotShell Mitigations | SecurityWeek.Com
British newspaper The Guardian says it’s been hit by ransomware | TechCrunch
Play ransomware actors bypass ProxyNotShell mitigations | TechTarget
FIN7 Cyber crime Syndicate Emerges as Major Player in Ransomware Landscape (thehackernews.com)
Vice Society ransomware gang is using a custom locker - Security Affairs
NIO suffers user data breach, hacker demands $2.25 million worth of bitcoin - CnEVPost
German industrial giant ThyssenKrupp targeted in a cyber attack - Security Affairs
Paying Ransom: Why Manufacturers Shell Out to Cyber criminals (darkreading.com)
France Seeks to Protect Hospitals After Series of Cyber attacks | SecurityWeek.Com
Fire and rescue service in Victoria, Australia, confirms cyber attack - Security Affairs
Play Ransomware Gang Lay Claims For Cyber Attack On H-Hotels (informationsecuritybuzz.com)
Evolving threats and broadening responses to Ransomware in the UAE - Security Boulevard
Phishing & Email Based Attacks
Five Best Practices for Consumers to Beat Phishing Campaigns This Holiday Season - CPO Magazine
Hackers continue to exploit hijacked MailChimp accounts in cyber crime campaigns (bitdefender.com)
Holiday Spam, Phishing Campaigns Challenge Retailers (darkreading.com)
Email hijackers scam food out of businesses, not just money • The Register
Telling users to ‘avoid clicking bad links’ still isn’t working - NCSC.GOV.UK
“Suspicious login” scammers up their game – take care at Christmas – Naked Security (sophos.com)
Simple Steps to Avoid Phishing Attacks During This Festive season | Tripwire
BEC – Business Email Compromise
Telling users to ‘avoid clicking bad links’ still isn’t working - NCSC.GOV.UK
What happens once scammers receive funds from their victims - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Why Security Teams Shouldn't Snooze on MFA Fatigue (darkreading.com)
Comcast Xfinity accounts hacked in widespread 2FA bypass attacks (bleepingcomputer.com)
Malware
Malicious ‘SentinelOne’ PyPI package steals data from developers (bleepingcomputer.com)
Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It (thehackernews.com)
Ukraine's DELTA military system users targeted by info-stealing malware (bleepingcomputer.com)
Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages (darkreading.com)
Trojanized Windows 10 installers compromised the Ukrainian government | SC Media (scmagazine.com)
Raspberry Robin Worm Targets Telcos & Governments (darkreading.com)
Raspberry Robin worm drops fake malware to confuse researchers (bleepingcomputer.com)
Number of command-and-control servers spiked in 2022: report - The Record by Recorded Future
Mobile
GodFather Android malware targets 400 banks, crypto exchanges (bleepingcomputer.com)
Godfather makes banking apps an offer they can’t refuse • The Register
T-Mobile hacker gets 10 years for $25 million phone unlock scheme (bleepingcomputer.com)
Botnets
Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It (thehackernews.com)
Zerobot malware now spreads by exploiting Apache vulnerabilities (bleepingcomputer.com)
Flaws within IoT devices exploited by the Zerobot botnet (izoologic.com)
Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)
Denial of Service/DoS/DDOS
DDoS Attacks are Slowly Growing in the Technology Era (analyticsinsight.net)
Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)
BYOD
Internet of Things – IoT
Millions of IP cameras around the world are unprotected | TechRadar
Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)
Throw away all your Eufy cameras right now | Android Central
Read what Anker’s customer support is telling worried Eufy camera owners - The Verge
Amazon Ring Cameras Used in Nationwide ‘Swatting’ Spree, US Says - Bloomberg
Connected homes are expanding, so is attack volume - Help Net Security
Security Risks, Serious Vulnerabilities Rampant Among XIoT Devices in the Workplace - CPO Magazine
Data Breaches/Leaks
LastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica
Okta's source code stolen after GitHub repositories hacked (bleepingcomputer.com)
McGraw Hill's S3 buckets exposed 100,000 students' grades • The Register
NIO suffers user data breach, hacker demands $2.25 million worth of bitcoin - CnEVPost
Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days - Security Affairs
Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale (bleepingcomputer.com)
Leading sports betting firm BetMGM discloses data breach (bleepingcomputer.com)
Organised Crime & Criminal Actors
'Russian hackers' help two New York men game JFK taxi system - CyberScoop
What happens once scammers receive funds from their victims - Help Net Security
[FIN7] Fin7 Unveiled: A deep dive into notorious cyber crime gang - PRODAFT
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX's alleged run-of-the-mill frauds depended entirely on crypto (yahoo.com)
GodFather Android malware targets 400 banks, crypto exchanges (bleepingcomputer.com)
Two associates of Sam Bankman-Fried plead guilty to fraud charges in FTX fall | FTX | The Guardian
North Korea-linked hackers stole $626M in virtual assets in 2022 - Security Affairs
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
FTX's alleged run-of-the-mill frauds depended entirely on crypto (yahoo.com)
“Suspicious login” scammers up their game – take care at Christmas – Naked Security (sophos.com)
Fraudulent ‘popunder’ Google Ad campaign generated millions of dollars • The Register
Over 67,000 DraftKings Betting Accounts Hit by Hackers (gizmodo.com)
What happens once scammers receive funds from their victims - Help Net Security
T-Mobile hacker gets 10 years for $25 million phone unlock scheme (bleepingcomputer.com)
Google Ad fraud campaign used adult content to make millions (bleepingcomputer.com)
Two associates of Sam Bankman-Fried plead guilty to fraud charges in FTX fall | FTX | The Guardian
Inside The Next-Level Fraud Ring Scamming Billions Off Holiday Retailers (darkreading.com)
Supply Chain and Third Parties
Cloud/SaaS
McGraw Hill's S3 buckets exposed 100,000 students' grades • The Register
AWS simplifies Simple Storage Service to prevent data leaks • The Register
New Brand of Security Threats Surface in the Cloud (darkreading.com)
Google WordPress Plug-in Bug Allows AWS Metadata Theft (darkreading.com)
Security on a Shoestring? Cloud, Consolidation Best Bets for Businesses (darkreading.com)
Hybrid/Remote Working
Attack Surface Management
Encryption
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass admits attackers copied password vaults • The Register
LastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica
Social Media
Malvertising
Fraudulent ‘popunder’ Google Ad campaign generated millions of dollars • The Register
Don't click too quick! FBI warns of malicious search engine ads | Tripwire
Google Ad fraud campaign used adult content to make millions (bleepingcomputer.com)
Parental Controls and Child Safety
Buggy parental-control apps could allow device takeover • The Register
Children And The Dangers Of The Virtual World (informationsecuritybuzz.com)
Regulations, Fines and Legislation
TSB fined nearly $60m for platform migration disaster • The Register
FCC proposes record-breaking $300 million fine against robocaller (bleepingcomputer.com)
France Fines Microsoft 60 Million Euros Over Advertising Cookies | SecurityWeek.Com
The long, long reach of the UK’s national security laws | Financial Times
Governance, Risk and Compliance
Make sure your company is prepared for the holiday hacking season - Help Net Security
The benefit of adopting a hacker mindset for building security strategies - Help Net Security
Careers, Working in Cyber and Information Security
CISO roles continue to expand beyond technical expertise - Help Net Security
UK secret services wants ‘corkscrew thinkers’ for new cyber force | News | The Times
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
France Fines Microsoft 60 Million Euros Over Advertising Cookies | SecurityWeek.Com
What is surveillance capitalism? - Definition from WhatIs.com (techtarget.com)
Google Maps: Important reason you should blur your house on Street View (ladbible.com)
Blur Your House ASAP if It's on Google Maps. Here's Why - CNET
Artificial Intelligence
Threat Modeling in the Age of OpenAI's Chatbot (darkreading.com)
This is how OpenAI's ChatGPT can be used to launch cyber attacks (techmonitor.ai)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
State level cyber attacks – Why and how (ukdefencejournal.org.uk)
The risk of escalation from cyber attacks has never been greater | Ars Technica
Ukraine's DELTA military system users targeted by info-stealing malware (bleepingcomputer.com)
Trojanized Windows 10 installers compromised the Ukrainian government | SC Media (scmagazine.com)
NATO-Member Oil Refinery Targeted in Russian APT Blitz Against Ukraine (darkreading.com)
Russian APT Gamaredon Changes Tactics in Attacks Targeting Ukraine | SecurityWeek.Com
Kremlin-linked hackers tried to spy on oil firm in NATO country, researchers say | CNN Politics
‘Our weapons are computers’: Ukrainian coders aim to gain battlefield edge | Ukraine | The Guardian
The long, long reach of the UK’s national security laws | Financial Times
UK secret services wants ‘corkscrew thinkers’ for new cyber force | News | The Times
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
Apple accused of censoring apps in Hong Kong and Russia • The Register
The long, long reach of the UK’s national security laws | Financial Times
Nation State Actors – North Korea
Vulnerability Management
Open source vulnerabilities add to security debt - Help Net Security
Top 5 Vulnerabilities Routinely Exploited by Threat Actors in 2022 (socradar.io)
Over 50 New CVE Numbering Authorities Announced in 2022 | SecurityWeek.Com
A Guide to Efficient Patch Management with Action1 (thehackernews.com)
Digging into the numbers one year after Log4Shell | SC Media (scmagazine.com)
Vulnerabilities
Critical Windows code-execution vulnerability went undetected until now | Ars Technica
FoxIt Patches Code Execution Flaws in PDF Tools | SecurityWeek.Com
Old vulnerabilities in Cisco products actively exploited in the wild - Security Affairs
OWASSRF: CrowdStrike Identifies New Method for Bypassing ProxyNotShell Mitigations
Microsoft reports macOS Gatekeeper has an 'Achilles' heel • The Register
Microsoft will turn off Exchange Online basic auth in January (bleepingcomputer.com)
Cisco’s Talos security bods predict new wave of Excel Hell • The Register
Microsoft pushes emergency fix for Windows Server Hyper-V VM issues (bleepingcomputer.com)
Ransomware Uses New Exploit to Bypass ProxyNotShell Mitigations | SecurityWeek.Com
Zerobot malware now spreads by exploiting Apache vulnerabilities (bleepingcomputer.com)
Two New Security Flaws Reported in Ghost CMS Blogging Software (thehackernews.com)
Critical Security Flaw Reported in Passwordstate Enterprise Password Manager (thehackernews.com)
This critical Windows security flaw could be as serious as WannaCry, experts claim | TechRadar
Google WordPress Plug-in Bug Allows AWS Metadata Theft (darkreading.com)
Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems (thehackernews.com)
Tools and Controls
Companies overwhelmed by available tech solutions - Help Net Security
Is Enterprise VPN on Life Support or Ripe for Reinvention? | SecurityWeek.Com
Reports Published in the Last Week
Other News
The Growing Risk Of Malicious QR Codes (informationsecuritybuzz.com)
NASA infosec again falls short of required standard • The Register
US Joint Cyber Force Elevated to Newest Subordinate Unified Command - MSSP Alert
The Rise of the Rookie Hacker - A New Trend to Reckon With (thehackernews.com)
What enumeration attacks are and how to prevent them | TechTarget
US consumers seriously concerned over their personal data | CSO Online
The FBI is worried about wave of crime against small businesses (cnbc.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.