Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 05 April 2024

Black Arrow Cyber Threat Intelligence Briefing 05 April 2024:

-Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns

-Ransomware Incidents Reported to UK Financial Regulator Doubled

-Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023

-Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023

-AI Abuse and Misinformation Campaigns Threaten Financial Institutions

-Security Teams are ‘Overconfident’ About Handling Next-Gen Threats

-AI Makes Phishing Attacks Accessible to Basic Users

-Cyber Attacks Wreaking Physical Disruption on the Rise

-73% Brace for Cyber Security Impact on Business in Next Two Years

-To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset

-Cyber Security Imperative for Protecting Executives

-The Increasing Role of Cyber Security Experts in Complex Legal Disputes

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns

According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.

Sources: [Help Net Security ] [Dark Reading]

Ransomware Incidents Reported to UK Financial Regulator Doubled

The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.

Sources: [Digital Journal] [Digital Journal]

Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023

According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.

A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.

To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.

Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]

Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023

According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.

The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.

Sources: [Infosecurity Magazine] [Infosecurity Magazine]

AI Abuse and Misinformation Campaigns Threaten Financial Institutions

According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.

Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”

Source: [Help Net Security]

Security Teams are ‘Overconfident’ About Handling Next-Gen Threats

In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.

Source: [CSO Online]

AI Makes Phishing Attacks Accessible to Basic Users

One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.

Source: [The Economic Times]

Cyber Attacks Wreaking Physical Disruption on the Rise

According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.

Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.

Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.

Source: [Dark Reading]

73% Brace for Cyber Security Impact on Business in Next Two Years

A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.

Source: [Help Net Security]

To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset

2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.

Source: [IBTimes]

Cyber Security Imperative for Protecting Executives

The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.

Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.

Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.

Source: [Forbes]

The Increasing Role of Cyber Security Experts in Complex Legal Disputes

Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.

Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.

Source: [JDSupra]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea



Tools and Controls

Other News


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 29 March 2024

Black Arrow Cyber Threat Intelligence Briefing 29 March 2024:

-Only 3% of Organisations Globally are Fully Prepared for Cyber Threats

-China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security

-Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers

-Hackers Hit High-Risk Individuals’ Personal Accounts

-Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?

-High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime

-Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account

-Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach

-IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time

-Only 5% of Boards Have Cyber Security Expertise

-Google’s New AI Search Results Promotes Sites Pushing Malware and Scams

-Report Calls Out Cyber Risks to Financial Sector Fuelled by AI

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Only 3% of Organisations Globally are Fully Prepared for Cyber Threats

A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.

Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.

Sources: [PR Newswire] [SiliconANGLE]

China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security

The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”

Sources: [Sky News] [GovInfoSecurity] [The Guardian]

Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers

A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.

Source: [Business Wire] [Computer Weekly]

Hackers Hit High-Risk Individuals’ Personal Accounts

Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.

A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.

Source: [Gov Info Security]

Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?

Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.

The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.

Source: [Eurasia Review]

High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime

High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.

As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.

Source: [Financial Times]

Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account

Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.

Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.

Source: [The Hacker News]

Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach

Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.

Source: [Dark Reading]

IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time

A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.

Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.

With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.

Source: [Beta News] [The Fast Mode]

Only 5% of Boards Have Cyber Security Expertise

There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.

Source: [Infosecurity Magazine]

Google’s New AI Search Results Promotes Sites Pushing Malware and Scams

Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.

Source: [Bleeping Computer]

Report Calls Out Cyber Risks to Financial Sector Fuelled by AI

A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.

Source: [CyberScoop]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

2FA/MFA

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea


Vulnerability Management

Vulnerabilities



Reports Published in the Last Week



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More