Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 20 October 2023
Black Arrow Cyber Threat Intelligence Briefing 20 October 2023:
-Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment
-Cyber Security Investments Show Mature Business Mindset
-SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High
-Phishing Attacks Reach Record Highs as Banks, Financial Services Remain Top Targets with HR Remaining the Most Effective Phishing Lure
-Cyber Attacks are a Matter of When not if, The Best Time to Deal With Them is Before They Happen
-Lloyd's Of London Warns Of Worst-Case-Scenario Cyber Attack
-20,000 Britons Approached By Chinese Agents On LinkedIn, Says MI5 Head
-Ransomware - All it Takes is One Employee Mistake, Criminals are Aiming at Third-Party Vendors
-39% of Individuals Use the Same Password for Multiple Accounts
-Why Fourth-Party Risk Management Is a Must-Have
-AI Adoption Surges But Security Awareness Lags Behind
-UK watchdog fines Equifax £11 million for role in cyber breach
-Why Boards Must Understand and Govern Cyber Security Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment
A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.
Sources: [PR Newswire] [TechRadar]
Cyber Security Investments Show Mature Business Mindset
Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.
Source: [Insider Media] [Compare the Cloud]
SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High
Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.
SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).
Source: (IT Security Guru)
Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure
Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.
In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.
Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]
Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen
Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.
Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Euronews] [The Times] [AI-CIO]
Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack
In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.
The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.
Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]
20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head
An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.
A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.
Sources: [Computer Weekly] [Tech Monitor] [Guardian]
Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors
According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.
Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.
Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.
Sources: [Security Affairs] [Claims Journal]
39% of Individuals Use the Same Password for Multiple Accounts
According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.
Source: [Security Magazine]
Why Fourth-Party Risk Management Is a Must-Have
Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.
Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.
Source: [Tech Target]
AI Adoption Surges but Security Awareness Lags Behind
A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.
Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.
Source: [Infosecurity Magazine]
UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach
Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six weeks after their parent company discover the hack.
Source: [Reuters]
Why Boards Must Understand and Govern Cyber Security Risk
The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Forbes]
Governance, Risk and Compliance
Many cyber bosses just aren't confident in their company's defences | TechRadar
SMBs seek help as cyber threats reach an all-time high - Help Net Security
SMBs seek cyber training, support as attack risk surges | CIO Dive
The real impact of the cyber security poverty line on small organisations - Help Net Security
Cyber security investments show mature business mindset, says IT expert | Insider Media
Is Cyber security Finally Becoming a Business Enabler? - Compare the Cloud
The best time to deal with cyber attacks is before they happen (thetimes.co.uk)
Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)
Over 70% of firms hit by cyber attack in last 12 months (rte.ie)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
Getting ready for NIS2 with strong identity controls | ITPro
10 Ways Boards Are Setting Their Companies Up For Cyber security Failure (forbes.com)
NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)
AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)
Cyber attacks to cost $23 trillion in 2027: US official | ABS-CBN News
How Cyber security Provides the Green Light for Business Innovation (govinfosecurity.com)
Essential cyber hygiene: Making cyber defence cost effective - Help Net Security
The Need for a Cyber security-Centric Business Culture (darkreading.com)
The double-edged sword of heightened regulation for financial services - Help Net Security
Report: Cyber attacks No. 1 cause of downtime and data loss | Security Magazine
Will CISOs Become Personally Liable for Breach Response? (inforisktoday.com)
Keeping control in complex regulatory environments - Help Net Security
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
7 risk mitigation strategies to protect business operations | TechTarget
How to go from collecting risk data to actually reducing risk? - Help Net Security
SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra
Regulations are still necessary to compel adoption of cyber security measures | ZDNET
CISOs and board members are finding a common language - Help Net Security
IT Disaster Recovery Best Practices: Preparing For The Worst (informationsecuritybuzz.com)
When And How To Hire A vCISO For Your Company's Cyber security Program (forbes.com)
18 Factors And Metrics To Show The Value Of Cyber security Initiatives (forbes.com)
Improve your cyber threat understanding with geopolitical context | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats? (thehackernews.com)
Ransomware realities in 2023: one employee mistake can cost a company millions (securityaffairs.com)
Ransomware Criminals Aiming at Third-Party Vendors in Hunt for ‘Big Game’ (claimsjournal.com)
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure (darkreading.com)
Giant health insurer struck by ransomware didn't have antivirus protection (malwarebytes.com)
CISA shares vulnerabilities, misconfigs used by ransomware gangs (bleepingcomputer.com)
What Are the Legal Implications of Paying Ransomware Demands? | HackerNoon
63% of organisations restore data after a ransomware attack | Security Magazine
Black Basta ransomware is out and about, again. (thecyberwire.com)
Ukrainian activists hack Trigona ransomware gang, wipe servers (bleepingcomputer.com)
Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire
Scammers are targeting plastic surgery clinics with extortion scams | TechRadar
BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks (bleepingcomputer.com)
Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)
Ransomware Victims
Lockbit ransomware gang demanded an 80 million ransom to CDW (securityaffairs.com)
Alphv gang stole 5TB of data from Morrison Community Hospital (securityaffairs.com)
Kansas Supreme Court Probes Potential Ransomware Attack (govinfosecurity.com)
KwikTrip all but says IT outage was caused by a cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
More than 95 per cent of phishing attacks target the banking and finance sectors (bizhub.vn)
Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE
VIPRE finds 233.9 million malicious emails detected in Q3 2023 (securitybrief.co.nz)
Make sure that email from HR is legit - it could be another phishing scam | TechRadar
Human resources emails remain top phishing targets - SiliconANGLE
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)
Artificial Intelligence
AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge (thehackernews.com)
AI-generated cyber attacks pose new risk to key UK infrastructure, experts warn | The Independent
North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar
Generative AI is scaring CISOs – but adoption isn’t slowing down | CSO Online
Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online
2FA/MFA
Malware
Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE
DarkGate malware spreads through compromised Skype accounts (bleepingcomputer.com)
BLOODALCHEMY provides backdoor to ASEAN secrets • The Register
Discord still a hotbed of malware activity — Now APTs join the fun (bleepingcomputer.com)
Researchers warn of increased malware delivery via fake browser updates - Help Net Security
Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)
Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica
Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)
Beware - that Google Chrome update alert might actually just be malware | TechRadar
Mobile
SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls (thehackernews.com)
The top 9 mobile security threats and how you can avoid them | ZDNET
Hackers exploit security flaw to target iOS 17 iPhones with 'notification attack' | Macworld
Google Play Protect adds real-time scanning to fight Android malware (bleepingcomputer.com)
Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Inadequate IoT protection can be a costly mistake - Help Net Security
Israelis told to secure their home security cameras against hackers • Graham Cluley
Logistics Matters - Alert: How hackers use printers to gain access
Data Breaches/Leaks
UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters
Casio discloses data breach impacting customers in 149 countries (bleepingcomputer.com)
530K people's info stolen from cloud PC gaming's Shadow • The Register
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)
Hackers stole a million people's DNA. But what will they do with it? | Tech News | Metro News
23AndMe Hacker Leaks New Tranche of Stolen Data (darkreading.com)
Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)
Lost and Stolen Devices: A Gateway to Data Breaches and Leaks - SecurityWeek
Twitter glitch allows CIA informant channel to be hijacked - BBC News
Care provider under fire over response to cyber attack (thetimes.co.uk)
Organised Crime & Criminal Actors
Cyber attacks -- where they come from and the tactics they use (betanews.com)
Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online
Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)
Single Sign On and the Cyber crime Ecosystem (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Employees leaving businesses open to cyber attack – QBE research - CIR Magazine
Why disaffected employees are your greatest cyber security risk | Federal News Network
Ex-Navy IT head gets 5 years for selling people’s data on darkweb (bleepingcomputer.com)
Insurance
How MOVEit Is Likely to Shift Cyber Insurance Calculus (darkreading.com)
How Data Changes the Cyber Insurance Market Outlook (darkreading.com)
What to Look for in Cyber Insurance Coverage | Proofpoint US
Supply Chain and Third Parties
Identity and Access Management
Encryption
Linux and Open Source
Open To Attack: The Risks Of Open-Source Software Attacks (informationsecuritybuzz.com)
Can open source be saved from the EU's Cyber Resilience Act? • The Register
Report Finds Few Open Source Projects are Actively Maintained - Slashdot
Passwords, Credential Stuffing & Brute Force Attacks
IT Admins Are Just as Guilty For Weak Password Use- IT Security Guru
Over 40,000 admin portal accounts use 'admin' as a password (bleepingcomputer.com)
39% of individuals use the same password for multiple accounts | Security Magazine
Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)
Passkeys Are Cool, But They Aren't Enterprise-Ready (darkreading.com)
A worrying amount of corporate IDs still aren't properly protected | TechRadar
Social Media
Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)
Twitter glitch allows CIA informant channel to be hijacked - BBC News
Malvertising
Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)
Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica
Clever malvertising attack uses Punycode to look like KeePass's official website (malwarebytes.com)
Training, Education and Awareness
Regulations, Fines and Legislation
UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters
One year left for companies to implement NIS2 cyber security directive (wbj.pl)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)
Can open source be saved from the EU's Cyber Resilience Act? • The Register
Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky (darkreading.com)
The double-edged sword of heightened regulation for financial services - Help Net Security
Top US Cyber Agency Pushing Toward First Hack Reporting Rule (bloomberglaw.com)
Keeping control in complex regulatory environments - Help Net Security
UN cyber crime treaty: A menace in the making – EURACTIV.com
SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra
Models, Frameworks and Standards
One year left for companies to implement NIS2 cyber security directive (wbj.pl)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)
NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)
Backup and Recovery
Principles for ransomware-resistant cloud backups - NCSC.GOV.UK
63% of organisations restore data after a ransomware attack | Security Magazine
Data Protection
Careers, Working in Cyber and Information Security
Over half of cyber security pros say they want to switch jobs (betanews.com)
Compelling Reasons Why You Should Study Cyber Security - Minutehack
Your guide to landing a job in cyber security (fastcompany.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats
Misc Nation State/Cyber Warfare
‘Only a matter of time’ before cyber attacks are viewed as acts of war: Ex-NSA chief
Five Eyes issues five tips on thwarting nation state threats | Computer Weekly
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure (thehackernews.com)
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
The evolution of deception tactics from traditional to cyber warfare - Help Net Security
Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)
Government officials debate effectiveness of multilateral relations in cyber security | ZDNET
Defence leaders recognise need to adapt to win in ‘information battlespace’ | BAE Systems
Geopolitical Threats/Activity
How Cyber attacks Could Affect the Israel-Hamas War (govinfosecurity.com)
Israelis told to secure their home security cameras against hackers • Graham Cluley
Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)
Pro-Israeli Hacktivist Group Predatory Sparrow Reappears (darkreading.com)
AI-Powered Israeli 'Cyber Dome' Defence Operation Comes to Life (darkreading.com)
Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)
Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)
Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems (darkreading.com)
China
Mandia: China replaces Russia as top cyber threat | CyberScoop
FBI boss slams ‘unprecedented’ Chinese cyberespionage and IP theft | SC Media (scmagazine.com)
Five Eyes warn of growing threat of IP 'theft' by China's hackers (techmonitor.ai)
20,000 Britons approached by Chinese agents on LinkedIn, says MI5 head | MI5 | The Guardian
Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration (thehackernews.com)
BLOODALCHEMY provides backdoor to ASEAN secrets • The Register
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)
Huawei wants to know why EU labelled it high security risk • The Register
Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw (thehackernews.com)
Russia
Mandia: China replaces Russia as top cyber threat | CyberScoop
Russia-based Wizard Spider is Top Threat Group: Netskope Report | MSSP Alert
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
Russian Sandworm hackers breached 11 Ukrainian telcos since May (bleepingcomputer.com)
Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)
Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)
Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)
Iran
Iranian hackers lurked in Middle Eastern govt network for 8 months (bleepingcomputer.com)
Hamas-linked app offers window into cyber infrastructure, possible links to Iran | CyberScoop
North Korea
Vulnerability Management
Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)
Microsoft Needs to Get Serious About Its Windows 10 Upgrade Problem (pcmag.com)
Vulnerabilities
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 - SecurityWeek
Cisco working on fix for critical IOS XE zero-day | TechTarget
Oracle Patches 185 Vulnerabilities With October 2023 CPU - SecurityWeek
Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms (thehackernews.com)
Juniper Networks Patches Over 30 Vulnerabilities in Junos OS - SecurityWeek
Hackers exploit critical flaw in WordPress Royal Elementor plugin (bleepingcomputer.com)
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software (thehackernews.com)
Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
Tools and Controls
Well-informed employees act as 1st line of defence against cyber threats
SMBs seek cyber training, support as attack risk surges | CIO Dive
Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)
Essential cyber hygiene: Making cyber defence cost effective - Help Net Security
Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)
Improve your cyber threat understanding with geopolitical context | CSO Online
Why Zero Trust Is the Cloud Security Imperative (darkreading.com)
3 Essential Steps to Strengthen SaaS Security (darkreading.com)
Google Authenticator synchronization raises MFA concerns | TechTarget
Email Security Best Practices for Phishing Prevention (trendmicro.com)
What to Look for in Cyber Insurance Coverage | Proofpoint US
How to go from collecting risk data to actually reducing risk? - Help Net Security
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
OSINT isn't immediate ground truth--it's the result of analysis. (thecyberwire.com)
How Data Changes the Cyber Insurance Market Outlook (darkreading.com)
What is Structured Threat Information eXpression (STIX)? (techtarget.com)
Other News
SMBs Struggle to Keep Pace with Cyber Security Threats - IT Security Guru
Many SMBs really don't know exactly what security tools they need | TechRadar
Hackers Hit The IT Industry: 12 Companies Targeted In 2023 | CRN
What the Hollywood Writers Strike Resolution Means for Cyber security (darkreading.com)
Progress gets SEC subpoena over MOVEit breach – and more! • The Register
Cyber attacks on healthcare organisations affect patient care - Help Net Security
Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)
Thinking about the phrase 'cyber security' | Microscope (computerweekly.com)
Space industry group turns up volume on satellite vulnerabilities - SpaceNews
5 Tips for Improving Security in Public Sector (govinfosecurity.com)
Marketers Must Make Cyber security A Priority Every Day (forbes.com)
UK at risk of massive security breach from national HMRC IT meltdown | The Independent
UK warns nuclear power plant operator of cyber security failings (therecord.media)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 August 2023
Black Arrow Cyber Threat Intelligence Briefing 25 August 2023:
-Cloud Hosting Firm Loses All Customer Data After Ransomware Attack
-Would You Infect Others to Rid Yourself of Ransomware?
-Artificial Intelligence and USBs Drive 8% Rise in Cyber Attacks
-Ransomware Attacks Broke Records in July, Mainly Driven By One Group
-Cyber Risk in The Boardroom
-Malware-Infected Advertising Grows Ever More Sophisticated, And More Damaging
-Cyber Security is Everyone’s Responsibility
-QR Code Hacks Are Another Thing to Worry About Now
-Security Basics Aren’t So Basic Anymore
-Apple MacOS Security Myths
-Security Leaders Report Misalignment of Investments and Risk Reduction
-Many CISOs Tout SaaS (Cloud) Cyber Security Confidence, but 79% Admit to SaaS Incidents, New Report Finds
-If You Ever Used Duolingo, Watch Out for Phishing Email
-91% of Security and IT Professionals Agree Cyber Criminals are Already Using AI in Email Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cloud Hosting Firm Loses All Customer Data After Ransomware Attack
CloudNordic, a Danish cloud hosting provider, has told customers to consider all of their data as having been lost following a ransomware infection that encrypted the large Danish cloud provider. The threat actors had destroyed the organisation’s backups, which prevented the firm from recovering effectively. The attack also impacted AzeroCloud, which is owned by the same company.
Worryingly, many organisations believe that having backups and using the cloud is enough for them to be able to recover from any cyber incident; unfortunately, as shown in the CloudNordic and AzeroCloud attacks, it is not enough. Organisations need to have a recovery plan in place which is tested and improved, to best strengthen themselves in the event of a cyber incident.
Sources: [The Register] [Bleeping Computer] [Help Net Security]
Would You Infect Others to Rid Yourself of Ransomware?
Hackers continually develop ransomware with new and creative attack methods that keep internet security professionals on their toes and pose challenges for people trying to detect threats. Victims of ransomware usually see messages asking them to pay for file access restoration; however, the Popcorn Time ransomware group takes a different approach to getting victims involved.
The Popcorn Time ransomware approach works via the referral method. The ransomware group is willing to give victims access to their files if they send the referral link to two other people, extending the attacker’s reach. Most people would hesitate to distribute a ransomware link through email, WhatsApp, or another method that is easy for victims to identify them as the perpetrators. Law enforcement bodies categorise ransomware attacks as crimes that come with hefty fines and prison time. Even those choosing to send the links to people they know face disastrous consequences beyond law enforcement, including the loss of jobs and relationships.
Source: [CyberNews]
Artificial Intelligence and USBs Drive 8% Rise in Cyber Attacks
Checkpoint’s 2023 Mid-Year Security Report shows an 8% surge in global weekly cyber attacks during Q2, marking the most significant increase in two years. The report highlights the fusion of advanced artificial intelligence (AI) technology with traditional tools like USB devices used for disruptive cyber attacks.
Other significant findings include the evolution of ransomware tactics. The report found that ransomware groups are exploiting vulnerabilities in common corporate software and shifting focus from encrypting data to stealing it. USB devices have resurfaced as threats, employed by both state-affiliated groups and cyber-criminals to distribute malware globally. The misuse of AI has escalated, as attackers use generative AI tools for phishing emails, keystroke monitoring malware and basic ransomware code.
Source: [InfoSecurity Magazine]
Ransomware Attacks Broke Records in July, Mainly Driven By One Group
A number of ransomware actors are utilising the threat of releasing sensitive data to get organisations to pay ransoms; in some cases this is combined with encryption to give the actor two avenues of payment. A report has found there were over 500 attacks last month, an increase of 153% compared to one year ago, and a 16% increase compared to June. Within Europe, there was a 59% increase in ransomware attacks from June to July.
Part of the significant rise is due to the ransomware group called Cl0p, whose attack on the MOVEit software has accounted for hundreds of victims this year. The Cl0p ransomware group has kept its promise to publish files on the clearweb of all its victims if contact was not made. The clearweb is simply what we know as the internet; anyone can access it. As such, there will be many organisations who are now having their sensitive data published and readily viewable for anyone who has access to the internet.
Sources: [Gov Info Seccurity] [Security Week] [ZDNET] [Cyber News]
Cyber Risk in The Boardroom
The relationship between the CISO and the wider boardroom has become increasingly cooperative, with 77% of CEO’s seeing cyber as a strategic function and a potential source of competitive advantage. While it is ultimately up to the board to take steps to keep cybersecurity high on the agenda, the CISO also has a responsibility to press the message and bridge any gaps.
CISOs must deliver concerns, strategies and recommendations in a business-first manner, while avoiding jargon and overly technical language. Attracting and retaining good quality senior security professionals is very challenging in the current market and Black Arrow offer a fractional CISO service, giving access to a whole team of specialists with wider expertise, experience and backgrounds, for less than the cost of hiring one individual.
Sources: [Security Week] [TechRadar]
Malware-Infected Advertising Grows Ever More Sophisticated, And More Damaging
The malware exploits known as malware-infected ads, or malvertising, have been around for decades, but new reports point to a steady rise in efficacy. With malvertising, the infected ads are typically placed on legitimate ad networks, which makes them more difficult to spot and remove. The technique continues to use more and more sophisticated mechanisms for getting their infections spread throughout the web and keeping them running for a long time. The exploits can operate in one of several ways, including intercepting a user’s clickstream on random hyperlinks and substituting them with redirects to advertising websites.
Adblockers either on endpoints or at the network level can also help to prevent malvertising from causing harm.
Source: [SiliconAngle]
Cyber Security is Everyone’s Responsibility
A recent survey found that 41% of respondents said that poor quality training, or a lack of training altogether, and insider threats were impacting their organisation’s security. Cyber security involves everyone as any employee can be an entry point for a cyber incident, but they also have the power to prevent one. It is important to make sure all employees are provided adequate training. Not every role requires the same training however, so it is important for organisations to identify and provide training that is appropriate to employees. Black Arrow provide live in person and online instructor lead cyber security training, both through Cyber Risk and Governance Workshops for Senior Leadership and Awareness, Behaviour and Culture Training for employees and contractors.
Source: [IT Pro Today]
QR Code Hacks Are Another Thing to Worry About Now
One of the upcoming technologies thrust upon us is QR codes. At this point, you can find them at most restaurants and parking sites. You simply scan the code and you are taken to the relevant site, for example, the menu for the restaurant. Attackers have cottoned on to this and started to use QR codes in phishing attacks; the idea being that the victim will scan the code without scrutinising it and be taken to a malicious website instead.
Source: [Bloomberg]
Security Basics Aren’t So Basic Anymore
The basics of cyber security, it turns out, aren’t so basic anymore. What was considered basic has moved way beyond just having firewalls and antivirus, and the most basic controls nowadays include more advanced controls such as robust identity and access management, multi-factor authentication (MFA) and patching and vulnerability management. Many of these now basic controls are lacking or non-existent across the economy according to cyber security experts. A report found that only 28% of Microsoft users had MFA enabled as 2022 closed.
You can’t solve all the problems at once. However, progress on these fronts also relies heavily on the need for a cultural shift. Organisations need to get to the point where they view cyber security in the same light as locks on doors and seatbelts in cars.
Source: [CioDive]
Apple MacOS Security Myths
Apple has maintained a reputation as being more secure than other manufacturers, and whilst Apple has put many different security mechanisms into its operating system, no technology is bulletproof. Assuming an Apple device is invulnerable can lead users to believe that their Mac will not get viruses or be subject to a plethora of other cyber threats. As a result, this can lead to poor cyber hygiene from the individual, as they assume they are safe regardless of what they do. Apple users need to remain every bit as aware of risks, social engineering, keeping devices up to date, and having appropriate security controls.
Source: [Huntress]
Security Leaders Report Misalignment of Investments and Risk Reduction
The cyber risk landscape was analysed in a recent report that examined the amount of risk that organisations are willing to accept, their resource constraints and key priorities for approaching cyber risk in the future. The report found 66% of respondents indicating that they have limited visibility and insight into their cyber risk profiles, hindering their ability to prioritise investments and allocate resources effectively. 67% of organisations experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place. Further, 61% of security executives expressed concerns over the current misalignment between cyber security investments and their organisation's risk reduction priorities.
Source: [InfoSecurity Magazine]
Many CISOs Tout SaaS (Cloud) Cyber Security Confidence, but 79% Admit to Incidents
Cyber security, IT, and business leaders alike recognise SaaS (cloud) cyber security as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cyber security as 85% answered that they are confident or very confident in their company's or customer's data security in sanctioned SaaS apps.
Despite the confidence, 79% of respondents confirmed that their organisation had identified SaaS cyber security incidents over the past 12 months. Many of those incidents occurred in environments with cyber security policies in place and enforced, as 66% of respondents claimed in their responses.
Source: [The Hacker News]
If You Ever Used Duolingo, Watch Out for Phishing Email
Users of Duolingo, past and present, should be wary of phishing emails as data on about 2.6 million accounts were scraped through an exposed application programming interface (API), and then offered on a hacking forum back in January. Login and real names, email addresses, phone numbers, and courses studied were part of the collection, which went for $1,500. Now that data has resurfaced on a different forum, and at a substantially lower cost of just a few dollars, users of the service can expect this data to be used in fresh phishing campaigns.
Source: [PCWorld]
91% of Security and IT Professionals: Criminals are Already Using AI in Email Attacks
Recent research found that 91% of security and IT professionals are noticing cyber criminals already using AI as part of email attack campaigns, with 74% indicating they have experienced an increase in the use of AI by cyber criminals in the past six months. This is worrying as 52% reported that email security is among one of their top three concerns.
Organisations need to make sure that their technologies, procedures and policies are updated to factor in AI-enabled email attacks to help reduce the risk they pose to the organisation. Such improvements should also include employees.
Source: [PR Newswire]
Governance, Risk and Compliance
Cyber security 'number one on the agenda in boardrooms,' Cramer says (cnbc.com)
Firms have mere hours to deflect cyber attacks, warns cyber security CEO (cointelegraph.com)
The End of “Groundhog Day” for the Security in the Boardroom Discussion? - SecurityWeek
How Cyber Security Leaders Can Help Lower Expenses While Reducing Risk (informationweek.com)
Cyber crime: A Multi-Billion-Dollar Industry (thecyberwire.com)
How the downmarket impacted enterprise cyber security budgets - Help Net Security
The Changing Landscape of Cyber Security Education (inforisktoday.com)
Protect Your Cyber Security Budget and Your Organisation | Dell USA
Rapid cyber attacks demand modernised security, says Palo Alto CEO (crypto.news)
Threats
Ransomware, Extortion and Destructive Attacks
Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy | Cybernews
Cuba ransomware gang looking for unpatched Veeam installations: Report | IT Business
Ransomware attacks broke records in July, mainly driven by this one group | ZDNET
Hosting firm says it lost all customer data after ransomware attack (bleepingcomputer.com)
Would You Infect Others to Rid Yourself of Ransomware? (makeuseof.com)
How Application Allowlisting Combats Ransomware Attacks (securityintelligence.com)
Akira ransomware gang spotted targeting Cisco VPN products to hack organisations-Security Affairs
Why Ransomware Gangs Opt for Encryption-Less Attacks (govinfosecurity.com)
MOVEit Health Data Breach Tally Keeps Growing (inforisktoday.com)
British intelligence is tipping off ransomware targets to disrupt attacks (therecord.media)
What the Hive Ransomware Case Says About RaaS and Cryptocurrency (darkreading.com)
Three trends to watch in the growing threat landscape (betanews.com)
Ransomware Victims
Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy | Cybernews
Hosting firm says it lost all customer data after ransomware attack (bleepingcomputer.com)
BlackCat ransomware group claims the hack of Seiko network -Security Affairs
Mysterious Cyber Attack Shuts Down Yet More Telescopes For Weeks | IFLScience
St Helens Council hit by suspected Ransomware cyber attack | St Helens Star
Phishing & Email Based Attacks
91% of security pros say cyber criminals are using AI in email attacks | Security Magazine
Cyber criminals turn to AI to bypass modern email security measures - Help Net Security
New Generation of Phishing Hides Behind Trusted Services (securityintelligence.com)
New phishing campaign recognised in Europe and South America | Security Magazine
If you ever used Duolingo, watch out for phishing emails | PCWorld
Open redirect flaws increasingly exploited by phishers - Help Net Security
How to spot phishing on a hacked WordPress website | Kaspersky official blog
New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia (thehackernews.com)
eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot (darkreading.com)
Phish in a Barrel: Real-World Cyber Attack Examples (govinfosecurity.com)
Email Security: Top 5 Threats and How to Protect Your Business - ReadWrite
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)
What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)
Artificial Intelligence
Cyber criminals turn to AI to bypass modern email security measures - Help Net Security
Tricks for making AI chatbots break rules are freely available online | New Scientist
What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)
Generative AI Is Scraping Your Data. So, Now What? (darkreading.com)
Fake versions of Google Bard are spreading malware | TechRadar
AI and the evolution of surveillance systems - Help Net Security
Thinking of Deploying Generative AI? You May Already Have (govinfosecurity.com)
Three trends to watch in the growing threat landscape (betanews.com)
Careful -- Hackers are targeting Google Bard ads for malware | Digital Trends
Malware
Serious WinRAR Flaw Can Be Exploited to Launch Malware (pcmag.com)
Hackers use VPN provider's code certificate to sign malware (bleepingcomputer.com)
HiatusRAT Malware Resurfaces: Taiwan Firms and US Military Under Attack (thehackernews.com) Ask the Mac Guy: macOS Security Myths (huntress.com)
New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App (thehackernews.com)
Researchers Uncover New Lazarus Group Malware Details | Decipher (duo.com)
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
TP-Link smart bulbs can let hackers steal your WiFi password (bleepingcomputer.com)
When Your Home Security System Turns the Camera on You | The Epoch Times
Anticipating the next wave of IoT cyber security challenges - Help Net Security
The Physical Impact of Cyber Attacks on Cities (darkreading.com)
Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick? - SecurityWeek
Data Breaches/Leaks
Tesla Data Breach Investigation Reveals Inside Job (darkreading.com)
Leak of 75k staff records was insiders' fault, Tesla claims • The Register
Guernsey CCTV investigation widened after more footage leaked | Bailiwick Express Jersey
Scraped data of 2.6 million Duolingo users released on hacking forum (bleepingcomputer.com)
Thousands of Charity Donors Have Details Leaked Onto Dark Web | The Epoch Times
How a Christie’s website revealed where people kept their art | The Seattle Times
Defence contractor Belcan leaks admin password with a list of flaws-Security Affairs
What lessons must be learned from the Electoral Register cyber attack? | theHRD (thehrdirector.com)
5 Early Warning Indicators That Are Key to Protecting National Secrets (darkreading.com)
University of Minnesota Confirms Data Breach, Says Ransomware Not Involved - SecurityWeek
Organised Crime & Criminal Actors
Check Point reveals 8% spike in global cyber attacks by mid-2023 (securitybrief.co.nz)
UK Court Convicts Lapsus$ Hacker for Breaching ISP BT and EE UPDATE - ISPreview UK
Cyber crime: A Multi-Billion-Dollar Industry (thecyberwire.com)
Hacking group KittenSec claims to 'pwn anything we see' to expose corruption | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)
What the Hive Ransomware Case Says About RaaS and Cryptocurrency (darkreading.com)
Insider Risk and Insider Threats
Leak of 75k staff records was insiders' fault, Tesla claims • The Register
Three trends to watch in the growing threat landscape (betanews.com)
Phish in a Barrel: Real-World Cyber Attack Examples (govinfosecurity.com)
Fraud, Scams & Financial Crime
Interpol arrest 14 who allegedly scammed $40m from victims • The Register
Germany Hunts for Cyber Criminals Amid Billion-Euro Scams - Bloomberg
Sneaky Amazon Google ad leads to Microsoft support scam (bleepingcomputer.com)
Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)
Surge in identity crime victims reporting suicidal thoughts - Help Net Security
Impersonation Attacks
Deepfakes
Insurance
Cyber security insurance is missing the risk - Help Net Security
Cyber Security Insurance Market Size & Share Analysis - (globenewswire.com)
Dark Web
Supply Chain and Third Parties
Cloud/SaaS
Cloud hosting firms hit by devastating ransomware attack - Help Net Security
Warning: Attackers Abusing Legitimate Internet Services (inforisktoday.com)
Maintaining consistent security in diverse cloud infrastructures - Help Net Security
How API authentication vulnerabilities are at the center of cloud security concerns | CSO Online
Lack of visibility into cloud access policies leaves enterprises flying blind - Help Net Security
Cloud services are creating more cyber-risks for telcos - Mobile Europe
Identity and Access Management
Ongoing Duo outage causes Azure Auth authentication errors (bleepingcomputer.com)
Cisco's Duo Security suffers major authentication outage • The Register
Encryption
API
Understanding how attackers exploit APIs is more important than ever - Help Net Security
How API authentication vulnerabilities are at the centre of cloud security concerns | CSO Online
Biometrics
ICO publishes guidance on use of biometric data in the UK - Tech Monitor
Is Facial Recognition Technology Becoming a Privacy Risk? (makeuseof.com)
Facial Recognition Technology (FRT) Statistics for 2023 (techreport.com)
Social Media
Malvertising
Sneaky Amazon Google ad leads to Microsoft support scam (bleepingcomputer.com)
Malware-infected advertising grows ever more sophisticated, and lethal - SiliconANGLE
Careful -- Hackers are targeting Google Bard ads for malware | Digital Trends
Training, Education and Awareness
2023 Cyber Security Awareness Month Appeal: Make Online Security Easier (govtech.com)
The Changing Landscape of Cyber Security Education (inforisktoday.com)
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Apple security updates could be banned by British government (9to5mac.com)
How EU lawmakers can make mandatory vulnerability disclosure responsible - Help Net Security
Morgan Stanley Fined for UK Energy Trading WhatsApp Breach (yahoo.com)
Controversial Cyber crime Law Passes in Jordan (darkreading.com)
Experian Pays $650,000 to Settle Spam Claims - Infosecurity Magazine (infosecurity-magazine.com)
Strengthening Cyber Security In Finance: A Look At EU DORA Regulations (forbes.com)
Backup and Recovery
Data Protection
ICO publishes guidance on use of biometric data in the UK - Tech Monitor
Experian Pays $650,000 to Settle Spam Claims - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
Unrealistic expectations exacerbate the cyber security talent shortage - Help Net Security
It's Time to Approach The Cyber Security Skills Gap Differently - IT Security Guru
How To Become Chief Information Security Officer - The Economic Times (indiatimes.com)
4 ways simulation training alleviates team burnout - Help Net Security
Tens of thousands of students receive free training to build cyber skills - The Business Magazine
5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast
The Importance of Accessible and Inclusive Cyber Security (securityintelligence.com)
Law Enforcement Action and Take Downs
Interpol arrest 14 who allegedly scammed $40m from victims • The Register
UK Court Convicts Lapsus$ Hacker for Breaching ISP BT and EE UPDATE - ISPreview UK
Germany Hunts for Cyber Criminals Amid Billion-Euro Scams - Bloomberg
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Incident response lessons learned from the Russian attack on Viasat | CSO Online
Ukrainian hackers claim to leak emails of Russian parliament deputy chief (therecord.media)
New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia (thehackernews.com)
China
Mounting Cyber Espionage and Hacking Threat from China - Modern Diplomacy
HiatusRAT Malware Resurfaces: Taiwan Firms and US Military Under Attack (thehackernews.com)
New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China | WIRED
Exposed: the Chinese spy using LinkedIn to hunt UK secrets (thetimes.co.uk)
FBI: Suspected Chinese actors continue Barracuda ESG attacks | TechTarget
Microsoft says Chinese hacking crew is targeting Taiwan | CyberScoop
US space companies face foreign spy threat, intelligence agencies say (usatoday.com)
North Korea
N. Korean Kimsuky APT targets S. Korea-US military exercises-Security Affairs
Researchers Uncover New Lazarus Group Malware Details | Decipher (duo.com)
Misc/Other/Unknown
Vulnerability Management
NCSC issues warning on cyber vulnerabilities (ukdefencejournal.org.uk)
How EU lawmakers can make mandatory vulnerability disclosure responsible - Help Net Security
Vulnerabilities
Juniper Networks fixes flaws leading to RCE in firewalls and switches - Help Net Security
Serious WinRAR Flaw Can Be Exploited to Launch Malware (pcmag.com)
Ivanti issues fix for third zero-day flaw exploited in the wild | TechTarget
Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability - SecurityWeek
FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective - SecurityWeek
Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog (thehackernews.com)
3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability - SecurityWeek
Western Digital patches potentially dangerous security flaw, so update now | TechRadar
Tools and Controls
How Cyber Security Leaders Can Help Lower Expenses While Reducing Risk (informationweek.com)
Security leaders report misalignment of investments and risk reduction | Security Magazine
Cyber security insurance is missing the risk - Help Net Security
Bolstering Cyber Security: Why Browser Security Is Crucial (inforisktoday.com)
How Application Allowlisting Combats Ransomware Attacks (securityintelligence.com)
The Vanishing Data Loss Prevention (DLP) Category - IT Security Guru
Unveiling the Hidden Risks of Routing Protocols (darkreading.com)
Hackers use VPN provider's code certificate to sign malware (bleepingcomputer.com)
Network detection and response in the modern era - Help Net Security
What’s Beyond SASE? The Next Steps (informationsecuritybuzz.com)
Prevention First: Don’t Neglect Endpoint Security | CSO Online
More Than Half of Browser Extensions Pose Security Risks (darkreading.com)
Protect Your Cyber Security Budget and Your Organisation | Dell USA
How the downmarket impacted enterprise cyber security budgets - Help Net Security
SEC Cyber Security Rules: Considerations for Incident Response Planning
Maintaining consistent security in diverse cloud infrastructures - Help Net Security
How API authentication vulnerabilities are at the centre of cloud security concerns | CSO Online
The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)
2023 Cyber Security Awareness Month Appeal: Make Online Security Easier (govtech.com)
The MOVEit hack and what it taught us about application security (bleepingcomputer.com)
The Changing Landscape of Cyber Security Education (inforisktoday.com)
Akamai Survey Finds Third-Party Defences Help Reduce Risk from Online Threats (prnewswire.com)
5 Best Practices for Implementing Risk-First Cyber Security (darkreading.com)
What's Going on With LastPass, and is it Safe to Use? (securityintelligence.com)
Malicious web application transactions skyrocket 500% (securitybrief.co.nz)
Other News
Our health care system may soon receive a much-needed cyber security boost | Ars Technica
Swan Retail cyber attack: 300 retailers crippled by breach (techmonitor.ai)
Cyber Attack on Energy One affects corporate systems in Australia and the UK | CSO Online
Vendors criticize Microsoft for repeated security failings | TechTarget
Microsoft's become a cyber security titan. That could be a problem - Tech Monitor
Global Naval Communication Market Research Report (globenewswire.com)
IT's rising role in physical security technology - Help Net Security
Hackers knocked out San Francisco's main real estate database | Fortune
Microsoft's 6 Biggest Hacks: Is Better Security Needed? (makeuseof.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 July 2023
Black Arrow Cyber Threat Briefing 21 July 2023:
-Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
-MOVEit Body Count Closes in on 400 orgs, 20M+ Individuals
-IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
-Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
-Risk is Driving Medium-Sized Business Decisions
-Talent and Governance, Not Technology, are Key to Drive Change around Cyber Security
-Hybrid Work, Digital Transformation can Exploit Security Gaps
-Human Cyber-Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
-AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
-Pro-Russian Hacktivists Increase Focus on Western Targets
-Infosec Doesn't Know What AI Tools Orgs Are Using
-Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
-Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.
A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.
https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/
MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals
The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.
The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.
https://www.theregister.com/2023/07/20/moveit_victim_count/
IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.
Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.
Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.
A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.
Risk is Driving Medium-Sized Business Decisions
Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.
In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.
Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security
For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.
However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.
This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.
Hybrid Work, Digital Transformation can Exploit Security Gaps
A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.
The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.
Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.
What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.
AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.
https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/
https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html
Pro-Russian Hacktivists Increase Focus on Western Targets
‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.
The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.
https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/
Infosec Doesn't Know What AI Tools Organisations Are Using
With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.
Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.
https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using
Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.
Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.
https://www.theregister.com/2023/07/19/google_cuts_internet/
Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.
The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023
Governance, Risk and Compliance
Risk is Driving Small and Medium-Sized Businesses (SMB) Decisions - MSSP Alert
Stabilising The Cyber security Landscape: The Rise Of vCISOs (forbes.com)
Talent and Governance, not Technology, are Key to Drive Change around Cyber Security - TechNative
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
CISOs are making cyber security a business problem - Help Net Security
Top Information Security Threats for Businesses 2023 (cybersecuritynews.com)
Best practices for an effective cyber security strategy | CSO Online
Exploring the macro shifts in enterprise security - Help Net Security
Google Cloud CISO Phil Venables On Cyber security, Cloud Adoption And The Boardroom (forbes.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro
Ransomware attacks are on the rise—and so are ransom payments (fastcompany.com)
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Cyber security firm Sophos impersonated by new SophosEncrypt ransomware (bleepingcomputer.com)
Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net SecurityFIN8 deploys ALPHV ransomware using Sardonic malware variant (bleepingcomputer.com)
Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security (yahoo.com)
SophosEncrypt Ransomware Fools Security Researchers (darkreading.com)
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks (thehackernews.com)
New Ransomware With RAT Capabilities Impersonating Sophos - SecurityWeek
Google’s Bard poses ransomware risk, say researchers | Cybernews
FIN8 Group spotted delivering the BlackCat Ransomware - Security Affairs
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Ransomware Victims
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward | TechCrunch
MOVEit Transfer vulnerability: New Cl0p 'victims' include Discovery (techmonitor.ai)
BlackCat and Clop gangs both claim cyber attack on Estée Lauder | Computer Weekly
Iron ore giant Fortescue Metals targeted by Russian ransomware group | Cybercrime | The Guardian
Russian medical lab suspends some services after ransomware attack (therecord.media)
Recycling Giant Tomra Takes Systems Offline Following Cyber attack - SecurityWeek
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Phishing & Email Based Attacks
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 - MSSP Alert
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | CISA
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
BEC – Business Email Compromise
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT rival WormGPT with ‘no ethical boundaries’ sold to hackers on dark web | The Independent
Infosec Doesn't Know What AI Tools Orgs Are Using (darkreading.com)
AI models must be reconciled with data protection laws • The Register
1 in 4 Brits play with generative AI and some believe it too • The Register
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
AI must have better security, says top cyber official - BBC News
Google Categorises 6 Real-World AI Attacks to Prepare for Now (darkreading.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Google’s Bard poses ransomware risk, say researchers | Cybernews
Malware
Microsoft: Hackers turn Exchange servers into malware control centers (bleepingcomputer.com)
Malicious USB Drives Targeting Global Targets with SOGU and SNOWYDRIVE Malware (thehackernews.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Hackers Target Gamers With Microsoft-Signed Rootkit (darkreading.com)
Source code of the BlackLotus UEFI Bootkit was leaked on GitHub - Security Affairs
Are Viruses Still a Threat to Cyber security? (makeuseof.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Pernicious Rootkits Pose Growing Blight On Threat Landscape (darkreading.com)
Mobile
Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps (thehackernews.com)
Meta confirms WhatsApp is down worldwide (bleepingcomputer.com)
Botnets
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Denial of Service/DoS/DDOS
Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months | CyberScoop
Attackers intensify DDoS attacks with new tactics - Help Net Security
Internet of Things – IoT
How your internet-connected domestic devices can be a critical tool of cyber attack (mid-day.com)
US preparing Cyber Trust Mark for more secure smart devices (bleepingcomputer.com)
Seven new gadgets added to riskiest connected devices list | SC Media (scmagazine.com)
Data Breaches/Leaks
MOVEit Hack: Number of Impacted Organisations Exceeds 340 - SecurityWeek
Data compromises on track to set a new record - Help Net Security
Virustotal data leak exposed data of some registered customers - Security Affairs
What to do (and what not to do) after a data breach - Help Net Security
Thousands of images on Docker Hub leak auth secrets, private keys (bleepingcomputer.com)
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
LastPass: The lessons we learnt from our devastating breach | TechRadar
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Rogue Azure AD Guests Can Steal Data via Power Apps (darkreading.com)
FIA World Endurance Championship driver passports leaked - Security Affairs
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Colorado State University says data breach impacts students, staff (bleepingcomputer.com)
Organised Crime & Criminal Actors
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat - SecurityWeek
Go Beyond the Headlines for Deeper Dives into the Cyber criminal Underground (thehackernews.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Former contractor accused of remotely accessing town's water treatment facility | Tripwire
Insider Risk Management Starts With SaaS Security (darkreading.com)
Fraud, Scams & Financial Crime
Growing scam activity linked to social media and automation - Help Net Security
A fresh look at the current state of financial fraud - Help Net Security
Tech support scammers now accepting cash via snail mail • The Register
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
AML/CFT/Sanctions
Insurance
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Dark Web
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
Supply Chain and Third Parties
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Supply chain executives unaware of growing customer trust issues - Help Net Security
Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad (trendmicro.com)
Cloud/SaaS
Microsoft makes cloud security logs available for free • The Register
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Hybrid/Remote Working
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Securing The Hybrid Workforce Begins With Browsing (forbes.com)
Attack Surface Management
Identity and Access Management
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
The rise of hassle-free and secure authentication | CyberScoop
Encryption
Real-world examples of quantum-based attacks - Help Net Security
EU Urged to Prepare for Quantum Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Signal president rejects ‘mass surveillance’ UK law | Fortune
API
Docker Leaks API Secrets & Private Keys, as Cyber criminals Pounce (darkreading.com)
API keys: Weaknesses and security best practices | TechTarget
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass: The lessons we learnt from our devastating breach | TechRadar
Millions of Keyboard Walk Patterns Found in Compromised Passwords - IT Security Guru
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Social Media
Growing scam activity linked to social media and automation - Help Net Security
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
Training, Education and Awareness
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
Companywide Cyber security Training: 20 Tips To Make It ‘Stick’ (forbes.com)
Digital Transformation
Travel
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
Regulations, Fines and Legislation
AI models must be reconciled with data protection laws • The Register
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Career Benefits of Learning Ethical Hacking (analyticsinsight.net)
Should You Be Using a Cyber security Careers Framework? (darkreading.com)
Law Enforcement Action and Take Downs
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Privacy, Surveillance and Mass Monitoring
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Gamaredon hackers start stealing data 30 minutes after a breach (bleepingcomputer.com)
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. | CyberScoop
Elon Musk’s Starlink is putting our soldiers at risk, Ukraine warns (telegraph.co.uk)
Thousands of Russian officials to give up iPhones over US spying fears | Financial Times (ft.com)
Ukraine innovates on cyber defence | Financial Times (ft.com)
China
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
China Espionage Operatives Left Empty Handed in Email Heist, White House Official Says - MSSP Alert
Xi wants to make the Great Firewall of China even greater • The Register
North Korea
JumpCloud breach traced back to North Korean state hackers (bleepingcomputer.com)
North Korean hackers breached a US tech company to steal crypto | Reuters
Misc/Other/Unknown
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
APT Protection: The Key to Safeguarding Your Business (ts2.space)
How to Secure Your OT Network Against Advanced Persistent Threats (APTs) (ts2.space)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
What is Vulnerability Assessment In Cyber security? (gbhackers.com)
Vulnerabilities
Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits (forbes.com)
Microsoft still unsure how hackers stole Azure AD signing key (bleepingcomputer.com)
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog
New critical Citrix ADC and Gateway flaw exploited as zero-day (bleepingcomputer.com)
OpenSSH Addresses Remote Code Execution Vulnerability: CVE-2023-38408 - VULNERA
Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)
Cisco fixed a critical flaw in SD-WAN vManage - Security Affairs
Hacking campaign targets sites using WordPress WooCommerce Payments Plugin - Security Affairs
Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security (sophos.com)
5 Major Takeaways From Microsoft's July Patch Tuesday (darkreading.com)
Two Jira Plugin Vulnerabilities in Attacker Crosshairs - SecurityWeek
Google says Apple employee found a zero-day but did not report it | TechCrunch
Tools and Controls
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defences (darkreading.com)
A Few More Reasons Why RDP is Insecure (Surprise!) (thehackernews.com)
Enterprise communication security a growing risk, priority | TechTarget
MIT’s Cyber security Metior: A Secret Weapon Against Side-Channel Attacks (scitechdaily.com)
NCSC Shares Alternatives to Using a SOC - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft's security roadmap: Protect Azure DevOps secrets • The Register
CISA shares free tools to help secure data in the cloud (bleepingcomputer.com)
What is the new Enhanced Safe Browsing for Gmail (and should you enable it)? | ZDNET
Insider Risk Management Starts With SaaS Security (darkreading.com)
67% of daily security alerts overwhelm SOC analysts - Help Net Security
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Microsoft makes cloud security logs available for free • The Register
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
API keys: Weaknesses and security best practices | TechTarget
Other News
Google restricting internet access to some employees for security (cnbc.com)
Enterprise communication security a growing risk, priority | TechTarget
Healthcare organisations in the crosshairs of cyber attackers - Help Net Security
Broadband consumers demand security and sustainability - Help Net Security
Microsoft Exchange Online hit by new outage blocking emails (bleepingcomputer.com)
Cyber security measures SMBs should implement - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.