Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 74% of Breaches Involve Human Element- Make Employees Your Best Asset

Verizon’s recent data breach report analysed 16,312 security incidents and 5,199 breaches. A total of 74% of breaches involved a human element, highlighting the role of employees in achieving good cyber resilience. Organisations looking to improve their resilience should therefore consider how well and how frequently they train their users. In a recent report, Fortinet found that 90% of leaders believed that increasing their employee cyber security awareness would help decrease the occurrence of cyber attacks. Worryingly, despite 85% of leaders having an awareness and training programme in place, 50% believed their employees still lacked cyber security knowledge.

With an effective training programme, organisations can increase their employees’ cyber risk awareness and empower them in defending the organisation, laying the foundation for a strong cyber security culture.

https://www.helpnetsecurity.com/2023/06/06/verizon-data-breach-investigations-report-2023-dbir/

https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/

• Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC

The recent cyber attacks on file transfer software MOVEit have impacted a number of major companies through their supply chain. The attack, which hit UK-based HR and payroll provider Zellis has had a huge knock-on effect, with major companies such as British Airways, Boots and the BBC suffering as a result of using Zellis in their supply chain. The UK’s National Cyber Security Centre (NCSC) has emphasised the need for organisations to exercise heightened vigilance.

Organisations must be aware of supply chain risks, and how an attack on a supplier or service provider can impact their own organisation. It is important for organisations to manage supply chain security, assess third party risks, communicate with suppliers and keep on top of emerging threats; it’s no simple task.

https://www.securityweek.com/several-major-organizations-confirm-being-impacted-by-moveit-attack/

https://www.ibtimes.co.uk/british-cybersecurity-agency-urges-vigilance-major-companies-fall-victim-software-hack-1716493

• CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom

Nearly three-quarters of data breaches include an element of human failure, and senior business leaders were particularly at risk, according to a recent report. Not only do business leaders possess the most sensitive information, but they are often the least protected, with many organisations making security protocol exemptions for them. Such factors have pushed the boardroom into the spotlight more.

In another report, it was found that only 28% of IT professionals were confident in their executives’ ability to recognise a phishing email. The report found that as many as 71% of executives were reusing compromised passwords from personal accounts inside the company. Technology alone won’t solve the problem: user awareness training is required and this includes the boardroom.

https://www.csoonline.com/article/3698708/cisos-it-lack-confidence-in-executives-cyber-defense-knowledge.html

https://www.computerweekly.com/news/366539293/Cyber-spotlight-falls-on-boardroom-privilege-as-incidents-soar

• Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise

A recent study has found that only 1 in 10 chief information security officers (CISOs) have all the key traits thought to be crucial for success on a corporate board, with many lacking governance skills and experience and other attributes needed for board readiness. Worryingly, nearly half of the 1,000 companies in the study lacked at least one director with cyber security expertise. This is concerning as good cyber security starts from the board: the board is responsible for understanding the business risks of a cyber incident and for endorsing whether the cyber controls in place have reduced those risks to a level that the board is happy with. Similarly, the board would not sign off financial risks without ensuring they had someone with financial experience and qualifications present. The Black Arrow vCISO service is ideal for organisations that need expertise in assessing and managing cyber risks, underpinned by governance reporting and metrics presented to enable the board to make educated and informed decisions.

https://www.csoonline.com/article/3698291/only-one-in-10-cisos-today-are-board-ready-study-says

• BEC Volumes and Ransomware Costs Double in a Year

The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report. The report this year was based on analysis of 16,312 security incidents and 5,199 breaches over the past year.

Pretexting, which is commonly using in BEC attacks, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000. The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage.

https://www.infosecurity-magazine.com/news/bec-volumes-ransomware-costs/

• Hackers are Targeting C-Suite Executives Through Their Personal Email

As companies rely on chief financial officers (CFOs) to mitigate risk, cyber attacks and the costs associated with them are a major concern. Now there is also a growing trend of cyber criminals targeting C-suite executives in their personal lives, where it is easier to pull off a breach as there are fewer, if any, protections, instead of targeting them through their business accounts. Once attackers have access, they then try to use this to gain entry to the corporate systems. The report found that 42% of companies have experienced cyber criminal attacks on their senior-level corporate executives, which can compromise sensitive business data. The report found that 58% of respondents stated that cyber threat prevention for executives and their digital assets are not covered in their cyber, IT and physical securities strategies and budgets.

https://fortune.com/2023/06/08/hackers-targeting-c-suite-executives-personal-email-cybersecurity

• Proactive Detection is Crucial as Organisations Lack Effective Threat Research

In a recent study, it was found that CISOs are spending significantly less time on threat research and awareness, despite 58% having an increase in their budget for cyber security; the same number reported that their team is so busy, they may not detect an attack. In a different report, keeping up with threat intelligence was identified as one of the biggest challenges faced.

https://www.helpnetsecurity.com/2023/06/06/cisos-cybersecurity-spending/

• Number of Vulnerabilities Exploited Rose by 55%

A recent report from Palo Alto Networks’ Unit 42 found that the number of vulnerabilities that attackers are exploiting has grown by 55% compared to 2021, with most of the increase resulting from supply chain vulnerabilities; along with this was a 25% rise in the number of CVE’s, the term used for identified vulnerabilities. Worryingly ChatGPT scams saw a 910% increase in monthly domain registrations, pointing to an exponential growth in fraudulent activities taking advantage of the widespread usage and popularity of AI-powered chatbots.

Such growth puts further strain on cyber security staff, making it even harder for organisations to keep up. A strong threat management programme is needed, to help organisations prioritise threats and use organisational resources effectively to address said threats.

https://www.infosecurity-magazine.com/news/exploitation-vulnerabilities-grew/

https://www.infosecurity-magazine.com/news/cves-surge-25-2022-another-record/

• Ransomware Behind Most Cyber Attacks, with Record-breaking May

2022 saw ransomware account for nearly one in four (24%) cyber attacks, with 95% of events resulting in a loss costing upwards of $2.25 million during 2021-2022. Ransomware remains a significant threat as evidenced by a different report, which stated that May 2023 saw a 154% spike in ransomware compared to May 2022. Other key findings include unreported attacks being five times more likely than reported attacks.

https://www.msspalert.com/cybersecurity-research/ransomware-hit-new-attack-highs-in-may-2023-blackfog-report-says/

https://www.scmagazine.com/analysis/ransomware/ransomware-attacks-have-room-to-grow-verizon-data-breach-report-shows

• 4 Areas of Cyber Risk That Boards Need to Address

As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organisations, it makes them increasingly susceptible to cyber threats. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance. This need for transparency has been recognised by the regulators and facilitated by the new cyber security rules to ensure companies maintain adequate cyber security controls and appropriately disclose cyber-related risks and incidents.

To ensure they fulfil the requirements, organisations should focus on the following areas: position security as a strategic business enabler; continuously monitor the cyber risk capability performance; align cyber risk management with business needs through policies and standards; and proactively anticipate the changing threat landscape by utilising threat intelligence sources for emerging threats.

https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address

• North Korea Makes 50% of Income from Cyber Attacks

The North Korean regime makes around half of its income from cyber attacks on cryptocurrency and other targets. A 2019 UN estimate claimed North Korea had amassed as much as $2bn through historic attacks on crypto firms and traditional banks.

North Korean hackers have been blamed for some of the biggest ever heists of cryptocurrency, including the $620m stolen from Sky Mavis’ Ronin Network last year and the $281m taken from KuCoin in 2020 and $35m from Atomic Wallet just this last weekend.

They are using increasingly sophisticated techniques to get what they want. The 3CX supply chain attacks, in which backdoor malware was implanted into a legitimate-looking software update from the eponymous comms provider, is thought to have been a targeted attempt at hitting crypto exchanges.

https://www.infosecurity-magazine.com/news/north-korea-makes-50-income/

• Going Beyond “Next Generation” Network Security

Over a decade ago, the phrase “next generation” was used in the network security space to describe the introduction of application-layer controls with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the perimeter. A lot has happened in the last decade though, most notably, the rapid adoption of cloud and multicloud architectures and the loss of the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organisations use between two and three public Infrastructure as a Service (IaaS) clouds. On top of that, 95% of web traffic is encrypted which limits visibility. Applications are everywhere, access privileges are unstructured, increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency. What was once considered “next-generation” network security no longer cuts it.

https://blogs.cisco.com/security/going-beyond-next-generation-network-security-cisco-platform-approach

• Worldwide 2022 Email Phishing Statistics and Examples

Remote and hybrid work environments have become the new norm. The fact that email has become increasingly integral to business operations, has led malicious actors to favour email as an attack vector. According to a report by security company Egress, 92% of organisations have fallen victim to phishing attacks in 2022, a 29% increase in phishing incidents from 2021. Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Rather worryingly, there was a 35% increase in the number of detections that related to business email compromise (BEC); these attacks mostly impersonated executives or high-ranking management personnel. With the increase in AI tools, it is expected that cyber criminals will be better able to create and deploy more sophisticated phishing attacks.

https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html

Governance, Risk and Compliance

• Insurers Predict $33bn Bill for Catastrophic "Cyber Event" - Infosecurity Magazine (infosecurity-magazine.com)

• Verizon 2023 Data Breach Investigations Report: 74% of breaches involve human element - Help Net Security

• 4 Areas of Cyber Risk That Boards Need to Address (hbr.org)

• CISOs, IT lack confidence in executives’ cyber-defence knowledge | CSO Online

• Cyber spotlight falls on boardroom ‘privilege’ as incidents soar | Computer Weekly

• CISOs focus more on business strategy than threat research - Help Net Security

• With SEC Rule Changes on the Horizon, Research Reveals Only 14% of CISOs Have Traits Desired for Cyber Expert Board Positions (darkreading.com)

• Only one in 10 CISOs today are board-ready, study says | CSO Online

• Employee cyber security awareness takes centre stage in defence strategies - Help Net Security

• The Importance of Managing Your Data Security Posture (thehackernews.com)

• How CISOs Can Manage the Intersection of Security, Privacy, And Trust (darkreading.com)

• Why Companies Should Consider Developing A Chief Security Officer Position (forbes.com)

• Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)

• VeeamON 2023: When Your Nightmare Comes True - The New Stack

• Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)

• UK Organisations lack clear path to achieve threat intelligence - IT Security Guru

• CIOs prioritize new technologies over tech stack optimization - Help Net Security

• Top factors driving enterprise demand for new cyber security technology - Help Net Security

• Why a proactive detection and incident response plan is crucial for your organisation | Microsoft Security Blog

• Factors influencing IT security spending - Help Net Security

• How to Boost Cyber Security Through Better Communication (securityintelligence.com)

• Generative AI's influence on data governance and compliance - Help Net Security

• Essential Cyber security Compliance Standards (trendmicro.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)

• Ransomware Behind Most Cyber Attacks, Verizon Business Reports - MSSP Alert

• Ransomware Hit New Attack Highs in May 2023, BlackFog Report Says - MSSP Alert

• Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg

• Clop ransomware likely testing MOVEit zero-day since 2021 (bleepingcomputer.com)

• Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online

• New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal (thehackernews.com)

• Cyclops Ransomware group offers a multiplatform Info StealerSecurity Affairs

• 0mega ransomware gang changes tactics - Help Net Security

• Firms warned not to give in to blackmail threats after Russia-linked payroll data hack | Evening Standard

• Royal ransomware gang adds BlackSuit encryptor to their arsenal (bleepingcomputer.com)

• Cyber Extortionists Seek Out Fresh Victims in LatAm and Asia - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Victims

• BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)

• Ransomware takes down multiple municipalities in May | TechTarget

• Several Major Organisations Confirm Being Impacted by MOVEit Attack - SecurityWeek

• Spanish Bank Globalcaja Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• 2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)

• Burton Snowboards discloses data breach after February attack (bleepingcomputer.com)

• Pharmaceutical Giant Eisai Hit By Ransomware Incident - Infosecurity Magazine (infosecurity-magazine.com)

• City of Dallas Still Clawing Back Weeks After Cyber Incident (darkreading.com)

• Caribbean Island Suffers Cyber Attack, MSSP Expert Recommends Low-Code Automation - MSSP Alert

Phishing & Email Based Attacks

• Fixing email security: It's still a rocky road ahead - SiliconANGLE

• Worldwide 2022 Email Phishing Statistics and Examples (trendmicro.com)

• New Security Warning Issued For Google's 1.8 Billion Gmail Users (forbes.com)

• New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)

• Chinese Phishing Gang "PostalFurious" Expands Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)

• Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)

BEC – Business Email Compromise

• BEC Volumes and Ransomware Costs Double in a Year - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)

Artificial Intelligence

• AI poses national security threat, warns terror watchdog | Artificial intelligence (AI) | The Guardian

• ChatGPT creates mutating malware that evades detection by EDR | CSO Online

• The Growing Cyber Threats of Generative AI: Who's Accountable? (darkreading.com)

• Consumers overestimate their deepfake detection skills - Help Net Security

• Department of Defence AI principles have a place in the CISO’s playbook | CSO Online

• Generative AI's influence on data governance and compliance - Help Net Security

• Traditional malware increasingly takes advantage of ChatGPT for attacks | CSO Online

• AI drone 'kills' human operator during 'simulation' - which US Air Force says didn't take place | Science & Tech News | Sky News

• OWASP lists 10 most critical large language model vulnerabilities | CSO Online

• Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters

• New ChatGPT Attack Technique Spreads Malicious Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)

• Cyber crooks Scrape OpenAI API Keys to Pirate GPT-4 (darkreading.com)

2FA/MFA

• PyPI's 2FA Requirements Don't Go Far Enough, Researchers Say (darkreading.com)

• How fraudsters undermine text passcodes - Help Net Security

Malware

• High-profile malware and targeted attacks in Q1 2023 | Securelist

• ChatGPT creates mutating malware that evades detection by EDR | CSO Online

• Malicious Chrome extensions with 75M installs removed from Web Store (bleepingcomputer.com)

• Qakbot: The trojan that just won't go away - Help Net Security

• Qbot malware adapts to live another day … and another … • The Register

• Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)

• New ChatGPT Attack Technique Spreads Malicious Packages - Infosecurity Magazine (infosecurity-magazine.com)

• New PowerDrop Malware Targeting US Aerospace Industry (thehackernews.com)

• Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)

• Minecraft Malware Spreading Through Mods, Plug-ins (darkreading.com)

• Online sellers targeted by new information-stealing malware campaign (bleepingcomputer.com)

• Google puts $1M behind its mining-malware detection promise • The Register

Mobile

• Over 60,000 Android apps secretly installed adware for past six months (bleepingcomputer.com)

• Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)

• New tool scans iPhones for 'Triangulation' malware infection (bleepingcomputer.com)

• New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews

• Apple announces next-level privacy and security innovations - Help Net Security

• How Does Android Stack Up Vs IOS? (informationsecuritybuzz.com)

Botnets

• New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)

• Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)

Denial of Service/DoS/DDOS

• Outlook.com hit by outages as hacktivists claim DDoS attacks (bleepingcomputer.com)

• The evolution of DDoS attacks in 2023 - Help Net Security

• Microsoft OneDrive down worldwide following claims of DDoS attacks (bleepingcomputer.com)

Internet of Things – IoT             

• Britain to remove Chinese surveillance gear from government sites | Surveillance | The Guardian

• Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)

• Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)

• High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security

• New York City sues Hyundai, Kia claiming cars easy to steal • The Register

Data Breaches/Leaks

• Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)

• BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)

• This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar

• Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App (thehackernews.com)

• Hackers launch another wave of mass-hacks targeting company file transfer tools | TechCrunch

• Massive free VPN data breach exposes 360M records | Fox News

• 2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)

• Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online

• Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)

• Every Netherlands resident affected by data leak: watchdog | NL Times

• German recruiter Pflegia leaks sensitive job seeker info- Security Affairs

• What’s really changed 10 years after the Snowden revelations? | Edward Snowden | The Guardian

Organised Crime & Criminal Actors

• RaidForums: The child hacker facing extradition to the US | Euronews

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft – Security Week

• Google puts $1M behind its mining-malware detection promise • The Register

Insider Risk and Insider Threats

• Verizon 2023 Data Breach Investigations Report: 74% of breaches involve human element - Help Net Security

• How to Boost Cyber Security Through Better Communication (securityintelligence.com)

Fraud, Scams & Financial Crime

• Scammers publish ads for hacking services on government websites | TechCrunch

• Hackers hijack legitimate sites to host credit card stealer scripts (bleepingcomputer.com)

• A new wave of sophisticated digital fraud hits Europe - Help Net Security

• ID fraud a possibility forever, claims data breach lawsuit • The Register

• How fraudsters undermine text passcodes - Help Net Security

• Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack (thehackernews.com)

• Brazilian Cyber criminals Using LOLBaS and CMD Scripts to Drain Bank Accounts (thehackernews.com)

• Virtual claims raise alarms among insurance carriers and customers - Help Net Security

• UK banks to reimburse fraud victims under new rules, regulator confirms | Scams | The Guardian

• Interpol: Human Trafficking is Fueling Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• 'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting (darkreading.com)

• Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)

Deepfakes

• Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)

• Deepfakes being used in ‘sextortion’ scams, FBI warns • The Register

• Consumers overestimate their deepfake detection skills - Help Net Security

• Defenders Buckle Up for a Future of Detecting Deepfakes (darkreading.com)

Insurance

• Insurers Predict $33bn Bill for Catastrophic "Cyber Event" - Infosecurity Magazine (infosecurity-magazine.com)

• Virtual claims raise alarms among insurance carriers and customers - Help Net Security

Dark Web

• New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews

• Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)

• What is the dark web and how do you access it? (androidpolice.com)

Supply Chain and Third Parties

• Firms warned not to give in to blackmail threats after Russia-linked payroll data hack | Evening Standard

• Capita data breach ‘may affect millions’ (thetimes.co.uk)

• BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)

• Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App (thehackernews.com)

• Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online

• Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 (thehackernews.com)

• Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg

• data privacy: Swiss administration hit by cyber attack - The Economic Times (indiatimes.com)

Software Supply Chain

• SBOMs - Software Supply Chain Security’s Future or Fantasy? - SecurityWeek

• 10 security tool categories needed to shore up software supply chain security | CSO Online

Cloud/SaaS

• Cloud Security Tops Concerns for Cyber Security Leaders: EC-Council's Certified CISO Hall of Fame Report 2023 (thehackernews.com)

• The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)

• Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online

• This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar

• Current SaaS security strategies don't go far enough - Help Net Security

Hybrid/Remote Working

• Filling the Gaps: How to Secure the Future of Hybrid Work (darkreading.com)

• Thought of Going Into Office Gives Quarter of Employees Sunday Scaries - IT Security Guru

• Surveilling your employees? You could be putting your company at risk of attack - Help Net Security

Shadow IT

• Shadow IT is increasing and so are the associated security risks | CSO Online

Encryption

• UK Government Official Offers Up Nonsensical Defence Of Criminalizing End-To-End Encryption | Techdirt

API

• Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)

• OWASP's 2023 API Security Top 10 Refines View of API Risks - SecurityWeek

Passwords, Credential Stuffing & Brute Force Attacks

• Watch brute force hacking attempts fail in realtime | Boing Boing

Social Media

• UK mental health charities handed sensitive data to Facebook for targeted ads | Mental health | The Guardian

• Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)

• Hate speech is driving advertisers away from Twitter • Graham Cluley

• US government's TikTok ban extended to include contractors • The Register

Training, Education and Awareness

• Employee cyber security awareness takes center stage in defense strategies - Help Net Security

• Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)

• Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)

• How to Boost Cyber security Through Better Communication (securityintelligence.com)

• Embracing realistic simulations in cyber security training programs - Help Net Security

Data Protection

• SEC drops 42 cases after staff bungle data protection • The Register

• Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters

• Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)

• Microsoft Fined $20M For Xbox Child Data Collection (darkreading.com)

Careers, Working in Cyber and Information Security

• Governments Need a Cyber Blueprint to Hire, Retain Cyber security Talent, Report Says - MSSP Alert

Privacy, Surveillance and Mass Monitoring

• UK mental health charities handed sensitive data to Facebook for targeted ads | Mental health | The Guardian

• Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• British Army organises major Western European cyber warfare exercise (ibtimes.co.uk)

• Still standing after 260m attacks: inside Ukraine’s cyber warfare squad (thetimes.co.uk)

• Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED

Nation State Actors

• North Korea Makes 50% of Income from Cyber-Attacks: Report - Infosecurity Magazine (infosecurity-magazine.com)

• A Peek Behind the Curtain: Examining the Dimensions of a National-level Cyber Program | Mandiant

• Chinese Phishing Gang "PostalFurious" Expands Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean APT group targets email credentials in social engineering campaign | CSO Online

• UK to strip Chinese surveillance cameras from sensitive government sites | Financial Times (ft.com)

• Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)

• US government's TikTok ban extended to include contractors • The Register

• Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering (thehackernews.com)

• Kimsuky APT poses as journalists and broadcast writers in attacks- Security Affairs

• Meet TeamT5, the Taiwanese infosec outfit taking on Beijing • The Register

• China has closed unofficial ‘police stations’ in Britain, UK minister says | China | The Guardian

• Lazarus hackers linked to the $35 million Atomic Wallet heist (bleepingcomputer.com)

• Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks (thehackernews.com)

• Hostile states face contract ban amid security concerns (thetimes.co.uk)

• North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft - SecurityWeek

• Espionage Attacks in North Africa Linked to "Stealth Soldier" Backdoor - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Exploitation of Vulnerabilities Soared By 55% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• New vulnerabilities increase by 25 percent (betanews.com)

• OWASP lists 10 most critical large language model vulnerabilities | CSO Online

• Public sector apps show higher rates of security flaws - Help Net Security

Vulnerabilities

• CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog- Security Affairs

• Zyxel vulnerability under 'widespread exploitation' | TechTarget

• Barracuda Urges Immediate Replacement of Hacked ESG Appliances (thehackernews.com)

• Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation (thehackernews.com)

• Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities (thehackernews.com)

• High-Severity Vulnerabilities Patched in Splunk Enterprise - SecurityWeek

• Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution

• Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update (darkreading.com)

• Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! (thehackernews.com)

• Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)

• Three Vulnerabilities Discovered in Game Dev Tool RenderDoc - Infosecurity Magazine (infosecurity-magazine.com)

• Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug – Naked Security (sophos.com)

• High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security

• Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover (darkreading.com)

Tools and Controls

• CISOs focus more on business strategy than threat research - Help Net Security

• CIOs prioritize new technologies over tech stack optimization - Help Net Security

• Going Beyond “Next Generation” Network Security - Cisco Blogs

• Make Your Employees Your Best Asset in Combating Cybercrime | CISO Collective (fortinet.com)

• UK Organisations lack clear path to achieve threat intelligence - IT Security Guru

• Why a proactive detection and incident response plan is crucial for your organisation | Microsoft Security Blog

• Employee cybersecurity awareness takes center stage in defence strategies - Help Net Security

• Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)

• Factors influencing IT security spending - Help Net Security

• Top factors driving enterprise demand for new cyber security technology - Help Net Security

• How to Boost Cyber security Through Better Communication (securityintelligence.com)

• MoD adopts ‘secure by design’ for cyber security | UKAuthority

• Everyone is selling VPNs, and that's a problem for security | Engadget

• ISMG Editors: Why Communications Skills Matter for CISOs (inforisktoday.com)

• Network Security Checklist - 2023 (cybersecuritynews.com)

• Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)

• Ransomware Attack Prevention Checklist - 2023 (cybersecuritynews.com)

• OWASP lists 10 most critical large language model vulnerabilities | CSO Online

• This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar

• How to make developers love security - Help Net Security

• Embracing realistic simulations in cyber security training programs - Help Net Security

• The Key to Zero Trust Identity Is Automation (darkreading.com)

• What generative AI's rise means for the cyber security industry | TechTarget

• Cisco spotlights generative AI in security, collaboration | Network World

• 10 security tool categories needed to shore up software supply chain security | CSO Online

• How to Improve Your API Security Posture (thehackernews.com)

• Consolidate Vendors and Products for Better Security - SecurityWeek

Reports Published in the Last Week

• Verizon 2023 DBIR: Ransomware remains steady but complicated | TechTarget

• The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)

• Threat Intelligence report 2023 | Nokia

Other News

• The country with the best cyber security skills may surprise you | TechRadar

• CEO guilty of selling counterfeit Cisco devices to military, govt orgs (bleepingcomputer.com)

• NASA website flaw jeopardizes astrobiology fans- Security Affairs

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Organisations Lack Basic Cyber Hygiene Despite High Confidence In Their Cyber Defences

A new report released this week analysed IT security leaders’ perceived threat of ransomware attacks and the maturity of their cyber security defences. The report found that while 81% of those surveyed consider their security to be above average or exceptional, many lack basic cyber hygiene – 41% lack a password complexity requirement, one of the cheapest, easiest forms of protection, and only 55.6% have implemented multi-factor authentication (MFA). https://www.helpnetsecurity.com/2021/10/21/organizations-cyber-hygiene/

83% Of Ransomware Victims Paid Ransom

A new survey of 300 US-based IT decision-makers found that 64% have been victims of a ransomware attack in the last 12 months, and 83% of those attack victims paid the ransom demand.

Cybersecurity company ThycoticCentrify released its "2021 State of Ransomware Survey & Report" on Tuesday, featuring the insights of IT leaders who have dealt with ransomware attacks over the last year. https://www.zdnet.com/article/83-of-ransomware-victims-paid-ransom-survey/

Ransomware Affected 72% Of Organisations In Past Year

72% of organisations were affected by ransomware at least once within the past twelve months, with 18% impacted more than six times in the past year. Organizations of all sizes were affected nearly to the same extent, with the exception of those with more than 25,000 employees. https://venturebeat.com/2021/10/20/report-ransomware-affected-72-of-organizations-in-past-year/

Ransomware: Looking For Weaknesses In Your Own Network Is Key To Stopping Attacks

Ransomware is a major cybersecurity threat to organisations around the world, but it's possible to reduce the impact of an attack if you have a thorough understanding of your own network and the correct protections are in place.

While the best form of defence is to stop ransomware infiltrating the network in the first place, thinking about how the network is put together can help slow down or stop the spread of an attack, even if the intruders have successfully breached the perimeter. https://www.zdnet.com/article/ransomware-looking-for-weaknesses-in-your-own-network-is-key-to-stopping-attacks/

A Hacker Warns: Give Up Trying To Keep Me Out — And Focus On Your Data

There is a misconceived notion that the security arena is a battlefield. It is not. It is a chess board and requires foresight and calculated pawn placement to protect the king — your data. If your main focus lies on keeping hackers out of your environment, then it’s already check mate. Your mission should be to buy time, slow hackers down and ultimately contain an attack.

Businesses must therefore make it as hard as possible for adversaries to exploit the relationships that allow them to move laterally through the corporate network. They can do this by distrusting anyone within their data’s environment and repeatedly corroborating that all users are who they say they are, and that they act like it too. That last part is crucial, because while identities are easy to compromise and imitate, behaviours are not. https://www.ft.com/content/93cec8b6-3fe9-4e9e-800a-62e13a0e2eac

Cyber Risk Trends Driving The Surge In Ransomware Incidents

During the COVID-19 crisis, another outbreak took place in the cyber space: a digital pandemic driven by ransomware. In a recent report, Allianz Global Corporate & Specialty (AGCS) analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices

The increasing frequency and severity of ransomware incidents is driven by several factors:

·         Growing number of different attack patterns such as double and triple extortion campaigns

·         Criminal business model around ‘ransomware as a service’ and cryptocurrencies

·         Recent skyrocketing of ransom demands

·         Rise of supply chain attacks.

Not all attacks are targeted. Criminals also adopt a scattergun approach to exploit those businesses that aren’t addressing or understanding the vulnerabilities they may have. Businesses must understand the need to strengthen their controls.

Cyber intrusion activity globally jumped 125% in the first half of 2021 compared to the previous year, according to Accenture, with ransomware and extortion operations one of the major contributors behind this increase. According to the FBI, there was a 62% increase in ransomware incidents in the US in the same period that followed an increase of 20% for the full year 2020. https://www.helpnetsecurity.com/2021/10/18/five-ransomware-trends/

US Ransomware Victims Paid $600 Million to Hackers in 1H of 2021

US Ransomware victims coughed up nearly $600 million to cyber hijackers in the first six months of 2021, further stamping cyber extortionists as an “increasing threat” to the U.S. financial, business and public sectors, a recent report released by the Treasury Department said.

Data gathered by the Financial Crimes Enforcement Network (FinCEN) derived from financial institutions’ Suspicious Activity Reports (SARs) revealed that the 635 reports filed for the first six months of this year is already 30 percent greater than the 487 filed for all of last year. Some 458 financial transitions have been reported as of June 30, 2021 with the total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 amounting to $590 million, or 42 percent more than the $416 million filed for all of 2020. https://www.msspalert.com/cybersecurity-research/victims-paid-600-millon-1h-2021/

Hacking Group Created Fake Cyber Security Companies To Hire Experts And Involve Them In Ransomware Attacks Tricking Them Of Conducting A Pentest

The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang is creating fake cyber security companies that hire experts requesting them to carry out pen testing attacks under the guise of pentesting activities.

FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces.

One of the companies created by the cyber criminal organizations with this purpose is Combi Security, but researchers from Gemini Advisory discovered other similar organizations by analyzing the site of another fake cybersecurity company named Bastion Security. https://securityaffairs.co/wordpress/123673/cyber-crime/fin7-fake-cybersecurity-firm.html

Nearly Three-Quarters of Organisations Victimized by DNS Attacks in Past 12 Months

Domain name system (DNS) attacks are impacting organizations at worrisome rates. According to a new survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Among those targeted, 61% have seen multiple attacks and 11% said they have been victimized regularly. While one-third of respondents recovered within minutes, 58% saw their businesses disrupted for more than an hour, and 14% took several hours to recover. https://www.darkreading.com/attacks-breaches/nearly-three-quarters-of-organizations-victimized-by-dns-attacks-in-past-12-months

Cyber Crime Matures As Hackers Are Forced To Work Smarter

An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.

Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide.

One key finding of the study is that the level of security on office software, web services, email platforms, etc., is getting better, browser vulnerabilities have reduced in numbers, and websites are not as easy to compromise and use as infection vectors today.

This has resulted in making web infections too difficult to pursue for non-sophisticated threat groups.

The case is similar with vulnerabilities, which are fewer and more expensive to discover.

Instead, hacking groups are waiting for a PoC or patch to be released, and then use that information to create their own exploits. https://www.bleepingcomputer.com/news/security/cybercrime-matures-as-hackers-are-forced-to-work-smarter/

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts

Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder.

That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting the video platform with cookie theft malware. The actors behind the infiltration have been attributed to a group of hackers recruited in a Russian-speaking forum. https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html

Threats

Ransomware

• 2021 Ransomware Transactions Already Exceed 2020 Numbers, Treasury Department Says - CyberScoop

• Ransomware: US Financial Institutions Report Major Increase In Payments To Cybercriminals - CNNpolitics

• DarkSide Ransomware Rushes To Cash Out $7 Million In Bitcoin (Bleepingcomputer.Com)

• Gigabyte Allegedly Hit by AvosLocker Ransomware | Threatpost

• Evil Corp Demands $40 Million In New Macaw Ransomware Attacks (Bleepingcomputer.com)

• Olympus US Hack Tied To Sanctioned Russian Ransomware Group | Techcrunch

• 81% of UK Healthcare Organizations Hit by Ransomware in Last Year - Infosecurity Magazine

BEC

• BEC Attacks: Scammers' Latest Tricks - Help Net Security

• Palo Alto Warns of BEC-As-A-Service | ZDNet

Phishing

• This Monster Of A Phishing Campaign Is After Your Passwords | ZDNet

Malware

• Cyber Criminals Have Found A Way To Get Their Malware Certified By Microsoft | Techradar

• Watch Out: ‘Squid Game’ Malware Hits Google Play As Hundreds Of Unofficial Apps Flood Store (forbes.com)

• Minecraft Declared The Most Malware-Infected Game (Hackread.Com)

Mobile

• Experts Hacked A Fully Patched iOS 15 Running On iPhone 13 At Tianfu Cup - Security Affairs

Vulnerabilities

• Update Now! Chrome Fixes More Security Issues - Malwarebytes Labs

• Patch PowerShell Now, Microsoft Tells Admins | TechRadar

• A Flaw In WinRAR Could Lead To Remote Code Execution - Security Affairs

• Injection Vulnerabilities In Popular WordPress Plugin Could Expose Credentials, Allow Admin Access | The Daily Swig (Portswigger.Net)

• SQL Is The Top Critical Risk In The Web Application Layer In Q3, 2021 - IT Security Guru

Data Breaches/Leaks

• Data Scrapers Expose 2.6 Million Instagram and TikTok Users - Infosecurity Magazine

Organised Crime & Criminal Actors

• Criminals Use Fake AI Voice To Swindle UAE Bank Out Of $35m • The Register

Insider Threats

• Most Employees Believe Backing Up Company Data Is Not Their Problem - Help Net Security

Dark Web

• The Dark Web Has Become Darker And Busier, Cyber Crime Services Cost Less Than $500 | Techspot

• Increased Activity Surrounding Stolen Data On The Dark Web - Help Net Security

• The Truth About The Dark Web's Secret Red Rooms (grunge.com)

Supply Chain

• Supply Chain Cybersecurity Breaches Have Hit Alarming Percentage Of Firms: Survey | Fox Business

OT, ICS, IIoT and SCADA

• Shared Responsibility Key to Protecting Critical Infrastructure - Infosecurity Magazine

Nation State Actors

• State-Backed Hackers Breach Telcos With Custom Malware (Bleepingcomputer.Com)

• Suspected Chinese Hackers Behind Attacks On Ten Israeli Hospitals (Bleepingcomputer.Com)

Cloud

• Russian Cyber-Criminals Switch to Cloud - Infosecurity Magazine

Privacy

• Over 80% of Brits Deluged with Scam Calls and Texts - Infosecurity Magazine

• How mobile devices can be tracked via Bluetooth analysis • The Register

• Brave Ditches Google For Its Own Privacy-Centric Search Engine (Bleepingcomputer.Com)

• A Massive ‘Stalkerware’ Leak Puts The Phone Data Of Thousands At Risk | Techcrunch

Reports Published in the Last Week

• Ransomware Report: State of Ransomware Survey & Report (thycotic.com)

Other News

• The Simmering Cybersecurity Risk of Employee Burnout (darkreading.com)

• Acer Hacked Twice In A Week By The Same Threat Actor (Bleepingcomputer.Com)

• Threat Actors Abusing Discord to Spread Malware - Infosecurity Magazine

• Mysterious Hacking Group Is Quietly Breaking Into Global Telecommunications Networks, Research Finds | Sky News

• Hacker Steals Government Id Database For Argentina's Entire Population - The Record By Recorded Future

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

SMBs Increasingly Vulnerable To Ransomware, Despite The Perception They Are Too Small To Target

A new report this week warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year. The report revealed that during the first half of 2021, 4 out of 5 organisations experienced a cyber security breach originating from a vulnerability in their third-party vendor ecosystem. That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than $100,000.

https://www.helpnetsecurity.com/2021/08/10/smbs-ransomware/

May 2021 Saw A 440% Increase In Phishing, The Single Largest Phishing Spike On Record

In May 2021, a report revealed a 440% increase in phishing, holding the record for the single largest phishing spike in a single month. It also showed that industries such as oil, gas and mining saw a 47% increase in the same six-month period, with manufacturing and wholesale traders seeing a 32% increase. The report extends its yearly threat intelligence report, with updated metrics between January 1 and June 30 2021. It also investigates the latest trends in malware, phishing and crypto exchanges.

https://www.infosecurity-magazine.com/news/may-phishing-increase-webroot/

Users Can Be Just As Dangerous As Hackers

Most organisations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad. Most organisations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding. However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce. All these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of protecting against outside attackers. However, e2ee also resists internal governance and compliance programs.

https://thehackernews.com/2021/08/users-can-be-just-as-dangerous-as.html?m=1

With Crime-As-A-Service, Anyone Can Be An Attacker

Crime-as-a-Service (CaaS) is the practice of experienced cybercriminals selling access to the tools and knowledge needed to execute cyber crime – in particular, it’s often used to create phishing attacks. For hackers, phishing is one of the easiest ways to steal your organisation’s data. Traditionally, executing a successful phishing campaign required a seasoned cyber criminal with technical expertise and knowledge of social engineering. However, with the emergence of CaaS, just about anyone can become a master of phishing for a small fee.

https://www.helpnetsecurity.com/2021/08/03/crime-as-a-service/

The Rise Of Cloud Is Creating Security Blindspots

Businesses are growing increasingly reliant on cloud services, but with all the good, businesses must also face the bad, according to a new report which says that the rise of cloud means greater complexity and more security blind spots.

Increased expansion into the cloud has led to new risks. All of the respondents in the report had suffered at least one incident in their public cloud environment in the last year, with 30 percent saying they had no formal sign-off before pushing to production.

https://www.itproportal.com/news/the-rise-of-cloud-is-creating-security-blindspots/

Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily

A report has been released on the state of connected devices. The 2021 study addresses pandemic-related cyber security challenges, including the growth of connected devices and related increase of security risks from these devices as threat actors took advantage of chaos to launch attacks. The study incorporates security risk and trend analysis of anonymized data for the past 12 months (June 2020 through June 2021) across the company’s 500+ deployments in healthcare, life sciences, retail, and manufacturing verticals. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020).

https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/

The Value Of PII And How It Still Fuels Malign Activities In The Digital Ecosystem

The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums, an Intelligence report reveals. The research analysed the value of personally identifiable information (PII), drawing links between the breach economy, PII, and a range of emerging digital threats to executives and brands.

https://www.helpnetsecurity.com/2021/08/10/pii-value-digital-ecosystem/

Ransomware Payments Explode Amid ‘Quadruple Extortion’

Two reports slap hard figures on what’s already crystal clear: Ransomware attacks have skyrocketed, and ransomware payments are the comet trails that have followed them skyward. The average ransomware payment spiked 82 percent year over year: It’s now over half a million dollars, according to the first-half 2021 update report. As far as the sheer multitude of attacks goes, researchers on Thursday reported that they’ve identified and analysed 121 ransomware incidents so far in 2021, a 64 percent increase in attacks, year-over-year.

https://threatpost.com/ransomware-payments-quadruple-extortion/168622/

Hackers Netting Average Of Nearly $10,000 For Stolen Network Access

A new report from a cyber security company has spotlighted the thriving market on the dark web for network access that nets cyber criminals thousands of dollars. Researchers have examined network access sales on underground Russian and English-language forums before compiling a study on why criminals sell their network access and how criminals transfer their network access to buyers. More than 37% of all victims in a sample of the data were based in North America while there was an average price of $9,640 and a median price of $3,000.

https://www.zdnet.com/article/hackers-netting-average-of-nearly-10000-for-stolen-network-access/

1M Stolen Credit Cards Hit Dark Web For Free

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cyber criminal site dedicated to…selling payment-card credentials. Researchers noticed the leak of the payment-card data during a “routine monitoring of cyber crime and Dark Web marketplaces,” researchers said in a post published over the weekend. The cards were published on an underground card-selling market, AllWorld.Cards, and stolen between 2018 and 2019, according to info posted on the forum.

https://threatpost.com/1m-stolen-credit-cards-dark-web/168514/

Ransomware Group Demanding $50M In Accenture Security Breach

The hacker group behind a ransomware attack on global solution provider giant Accenture has made a ransom demand for $50 million, according to a cyber security firm that reports seeing the demand. The threat actor is demanding the $50 million in exchange for more than 6 TB of data, according to a tweet.

https://www.crn.com/news/security/ransomware-group-demanding-50m-in-accenture-security-breach-cyber-firm

Threats

Ransomware

• Top 5 Ransomware Operators By Income

• Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities

• Hackers Reportedly Threaten To Leak Data From Gigabyte Ransomware Attack

• Bitcoin Ransomware Hackers Hit Accenture

• Why Ransomware Is Such A Threat To Critical Infrastructure

• Ransomware Demands And Payments Hit New Records

• Synology Warns Of Malware Infecting NAS Devices With Ransomware

Phishing

• AI Wrote Better Phishing Emails Than Humans In A Recent Test

Other Social Engineering

• Cyber Fraud Shifts To Gaming, Travel And Leisure, Report Finds

Malware

• Discord Malware Is A Persistent And Growing Threat Warns Sophos

• Microsoft Warning: This Unusual Malware Attack Has Just Added Some New Tricks

• Experts Shed Light On New Russian Malware-As-A-Service Written In Rust

• IISpy: A Complex Server‑Side Backdoor With Anti‑Forensic Features

• Anatomy Of Native IIS Malware

Mobile

• A 5G Shortcut Leaves Phones Exposed to Stingray Surveillance

• Beware! New Android Malware Hacks Thousands of Facebook Accounts

IOT

• A Critical Random Number Generator Flaw Affects Billions Of IoT Devices

Vulnerabilities

• Microsoft's August 2021 Patch Tuesday: 44 Flaws Fixed, Seven Critical Including Print Spooler Vulnerability

• Microsoft Confirms There's Yet Another New Windows Print Spooler Security Bug

• Microsoft Exchange Server: Threat Actors Actively Scanning For Proxyshell Vulnerability, Researchers Warn

• Magento Update Released To Fix Critical Flaws Affecting E-Commerce Sites

• Vulnerability Found In Kindle E-Reader

• Got A Cheap Cisco Router In Your Home Office? If It's One Of These, There's An Exposed RCE Hole You Need To Plug

Organised Crime & Criminal Actors

• Attackers Started Exploiting a Router Vulnerability Just 2 Days After Its Disclosure

• Hackers Steal $600 Million In Crypto From DeFi Site Poly Network

Dark Web

• 1M Stolen Credit Cards Hit Dark Web For Free

Supply Chain

• MSSPs Particularly Vulnerable To Cisco FDM Flaw

DoS/DDoS

• Attackers Increasingly Turning to DDoS As A Ransom Vector

Nation State Actors

• Briton Suspected Of Spying For Russia Arrested In Germany

• Putin Is Crushing Biden’s Room To Negotiate On Ransomware

Cloud

• Data Of Three Million Elderly Citizens Exposed In Cloud Security Oversight

• AWS S3 Can Be A Security Risk For Your Business

Privacy

• UN Human Rights Experts Call For Spyware Crackdown

• Apple Says ‘Screeching Minority” Who Object Against Their Photos Being Scanned For The Police ‘Have Misunderstanding’

• Is Your Router Giving Away Your Location?

Other News

• The Challenges Healthcare CISOs Face In An Evolving Threat Landscape

• Hacker Shares The Scariest Things He's Seen On The Dark Web

• Researchers Develop RISC-V Chip for Quantum-Resistant Encryption

• Quantum Computers Could Threaten Blockchain Security. These New Defenses Might Be The Answer

• Saving Money By Holding Onto Old Tech Is Costing Us All Billions

• Unwanted Bot Traffic Costs Businesses $250 Million A Year

• Attacks Against Industrial Networks Will Become A Bigger Problem. We Need To Fix Security Now

• Kaseya's Universal Revil Decryption Key Leaked On A Hacking Forum

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.