Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Resilience Requires Maturity, Persistence & Board Engagement

Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.

Source: [Dark Reading]

Security is a Process, not a Tool

The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.

Source: [Dark Reading]

46% of SMBs and Enterprises Have Experienced a Ransomware Attack

A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.

Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.

Source: [Security Magazine] [IT Business]

Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries

In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.

Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.

Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.  

Source: [welivesecurity]

67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission

New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.

Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.

Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.

Sources: [Tech Radar] [the HR Director]

The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023

In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.  

This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.

Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups.  Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Forbes] [Infosecurity Magazine] [ITPro]

Financial Services Still Stubbornly Vulnerable to Cyber Disruption

A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.

According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.

Source: [FTAdviser]

World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks

The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.

Sources: [SC Media] [Bit Defender]

NCSC Warns UK Over Significant Threat to Critical Infrastructure

The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.

The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.

They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.

For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.

This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.

Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]

Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.

Sources: [Infosecurity Magazine] [Bleeping Computer]

Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks

A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).

Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.

Source: [TechRadar]

Phishing Emails Are More Believable Than Ever. Here's What to Do About It.

Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.

It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CSO Online]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• 29% of organisations cite data loss as top security breach result | Security Magazine

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)

• Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar

• Security Is a Process, Not a Tool (darkreading.com)

• 6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• Should cyber security overconfidence be on your threat radar? | TechRadar

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Every Business Owner Should Be Thinking About Improving Online Security | Inc.com

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)

• How to withstand the onslaught of cyber security threats - Help Net Security

• 8 ways to cope with cyber security budget cuts | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Law practices and government agencies experience the largest ransomware spikes - Digital Journal

• Orgs still losing logs, powerless to speedy ransomware • The Register

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• 29 new ransomware groups have emerged in 2023 | ITPro

• 46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine

• Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business

• Half of Ransomware Groups Operating in 2023 Are New - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• The Persistent Menace: Understanding And Combating Ransomware (forbes.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Ransomware tracker: The latest figures [November 2023] (therecord.media)

• Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)

• LockBit ransomware group assemble strike team to breach banks, law firms and governments. | by Kevin Beaumont | Nov, 2023 | DoublePulsar

• Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Uncovering the ransomware threat from global supply chains | ITPro

• Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Success eludes the International Counter Ransomware Initiative - Help Net Security

• New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)

• How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)

• Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK

• FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)

• ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• FBI pumping 'significant' resources into Scattered Spider • The Register

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

• It ain’t what you store, it’s the way you restore it. • The Register

Ransomware Victims

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• How a cyber attack crippled the world's largest bank for hours | Euronews

• ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)

• FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)

• Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)

• Major cyber attack on Australian ports suggests sabotage by a 'foreign state actor' (theconversation.com)

• Tri-City Medical Center cyber attack impacting patient care (10news.com)

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• LockBit leaks Boeing files after failed ransom negotiations • The Register

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• British Library’s Halloween cyber scare was ransomware | Computer Weekly

• Royal Mail ransomware recovery to cost at least $12 million • The Register

• 9 million patients had data stolen after US medical transcription firm hacked | TechCrunch

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)

• Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News

• Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)

• Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week

• Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)

• Stellantis production affected by cyber attack at auto supplier - The Columbian

Phishing & Email Based Attacks

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)

Artificial Intelligence

• UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)

• UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK

• AI disinformation campaigns pose major threat to 2024 elections - Help Net Security

• AI poses growing threat to next general election, warns UK cyber security agency | UK News | Sky News

• Microsoft blocks internal access to ChatGPT over security • The Register

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED

• CISA Has a New Road Map for Handling Weaponized AI | WIRED

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)

• How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker

• Top 5 Risks of Artificial Intelligence - IT Security Guru

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Malware

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Infostealers and the high value of stolen data - Help Net Security

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• Ducktail Malware Targets the Fashion Industry (darkreading.com)

Mobile

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com

• Apple and Google have made phones the key to your digital life. Here’s what to do if you lose it. - Vox

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• How to spot a fake data blocker that could hack your computer in seconds | ZDNET

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Denial of Service/DoS/DDOS

• Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online

• How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)

Internet of Things – IoT

• UK Privacy Regulator Issues Black Friday Smart Device Warning - Infosecurity Magazine (infosecurity-magazine.com)

• How to protect your organisation from IoT malware | TechTarget

• Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)

Data Breaches/Leaks

• Infostealers and the high value of stolen data - Help Net Security

• 29% of organisations cite data loss as top security breach result | Security Magazine

• McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)

• Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)

• Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)

• Fourth time unlucky: Okta hit by new cyber attack - Digital Journal

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• The real cost of healthcare cyber security breaches - Help Net Security

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)

• Samsung warns some customers their data may have been stolen by hackers | TechRadar

• Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)

• Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)

• Morgan Stanley fined over computers with personal data (cnbc.com)

• Samsung says hackers accessed customer data during year-long breach | TechCrunch

• A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED

• Electric Ireland Confirms Compromise of 8,000 Customers’ Personal and Financial Data - IT Security Guru

Organised Crime & Criminal Actors

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• 'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Ethereum hacked to steal millions from users across the world | TechRadar

• Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)

Insider Risk and Insider Threats

• Employees putting businesses at risk downloading apps and software without consent | theHRD (thehrdirector.com)

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Insurance

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• Cyber insurance predictions for 2024 - Help Net Security

• Cyber ‘Catastrophe Bonds’ Move Step Closer to Hitting Public Debt Markets | Tech News (hindustantimes.com)

• Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News

Supply Chain and Third Parties

• Uncovering the ransomware threat from global supply chains | ITPro

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)

Cloud/SaaS

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• Traditional cloud security isn't up to the task - Help Net Security

• Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security

Identity and Access Management

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

Encryption

• The new frontier in online security: Quantum-safe cryptography (techxplore.com)

• In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica

• TETRA encryption algorithms entering the public domain • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• 70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)

• Top Passwords Used By Business Executives | NordPass

• Google Workspace security flaws could see hackers easily snaffle your password | TechRadar

• Stop using weak passwords for streaming services - it's riskier than you think | ZDNET

• The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot

Social Media

• Meta and YouTube face criminal surveillance complaints • The Register

• How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)

Malvertising

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Adware activity doubles in Q3 (betanews.com)

Training, Education and Awareness

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Regulations, Fines and Legislation

• EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)

• MPs Dangerously Uninformed About Facial Recognition – Report - Infosecurity Magazine (infosecurity-magazine.com)

• Meta and YouTube face criminal surveillance complaints • The Register

• SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)

• Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Morgan Stanley fined over computers with personal data (cnbc.com)

• White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop

Models, Frameworks and Standards

• What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra

• Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security

Backup and Recovery

• Why backup matters more than ever - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Data Protection

• Web browsing data collected in more detail than previously known, report finds (ft.com)

• Online ad auction data harms national security – claim • The Register

Careers, Working in Cyber and Information Security

• The challenges and opportunities of working in cyber security | TechRadar

• How US SEC legal actions put CISOs at risk and what to do about it | CSO Online

• Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)

Law Enforcement Action and Take Downs

• Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity

Cyber Warfare and Cyber Espionage

• NCSC Annual Review on 'state-aligned actors' | Professional Security

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

Nation State Actors

China

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC/ransomware: China’s cyber security industry moves out of the shadows

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• The alarming cyber hack at ICBC (ft.com)

• China proposes auditors undergo cyber security checks if national security involved - CNA (channelnewsasia.com)

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Labour warns against watering down of UK’s takeover screening powers

Russia

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC pays ransom after US hack (finextra.com)

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert

• Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure (thehackernews.com)

• Russia will target other countries for web attacks, Ukraine cyber defence chief warns – The Irish Times

• Major hack by Russian gang steals social security numbers and health information from 1.3 million in Maine | Daily Mail Online

• EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)

Iran

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

North Korea

• Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)

• Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Cyber Criminals Exploit Gaza Crisis With Fake Charity - Infosecurity Magazine (infosecurity-magazine.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

Vulnerabilities

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• Juniper networking devices under attack - Help Net Security

• CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)

• WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)

• Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)

• Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)

• Adobe Releases Security Updates for Multiple Products | CISA

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week

• Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week

• Fortinet Releases Security Updates for FortiClient and FortiGate | CISA

• Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)

• New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)

• SAP Patches Critical Vulnerability in Business One Product - Security Week

• Critical flaw fixed in SAP Business One product (securityaffairs.com)

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• Citrix Releases Security Updates for Citrix Hypervisor | CISA

• Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)

• An email vulnerability let hackers steal data from governments around the world (engadget.com)

• Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)

• Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr

• Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)

Tools and Controls

• Building resilience to shield your digital transformation from cyber threats - Help Net Security

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Overview of Open Source Intelligence (OSINT) (eweek.com)

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Web Application Attacks | Types of Web Application Attacks | Mimecast

• Traditional cloud security isn't up to the task - Help Net Security

• Top 10 API Security Threats for Q3 2023 - Security Week

• National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• 82% of Attacks Show Cyber Criminals Targeting Telemetry Data - Infosecurity Magazine (infosecurity-magazine.com)

• The Importance of Continuous Security Monitoring for a Robust Cyber security Strategy (thehackernews.com)

• NCSC backs use of security.txt for cyber resilience | UKAuthority

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• Hackers are wiping out traces of data traffic to remove attack traces: Sophos - The Hindu BusinessLine

• Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security

• The new imperative in API security strategy - Help Net Security

• How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)

• Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)

• Threat Intel: To Share or Not to Share is Not the Question - Security Week

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN

• How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics

• Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs

• 8 ways to cope with cyber security budget cuts | TechTarget

• Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)

• Kubernetes adoption creates new cyber security challenges - Help Net Security

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• CISOs vs. developers: A battle over security priorities - Help Net Security

• Cyber insurance predictions for 2024 - Help Net Security

• Hundreds of websites cloned to run ads for Chinese gambling • The Register

• AI helps leaders optimize costs and mitigate risks - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Reports Published in the Last Week

• NCSC Annual Review 2023 - NCSC.GOV.UK

Other News

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• 97% of Consumers Predict Cyber attacks Will Get Worse – or at Best, Stay Consistent – in 2024: ThreatX Data Reveals | Business Wire

• 'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT

• 82% of Attacks Show Cyber Criminals Targeting Telemetry Data - Infosecurity Magazine (infosecurity-magazine.com)

• National security at risk from web browsing data collection, report finds (ft.com)

• CISOs vs. developers: A battle over security priorities - Help Net Security

• Collaborative strategies are key to enhanced ICS security - Help Net Security

• Web Application Attacks | Types of Web Application Attacks | Mimecast

• Hackers are wiping out traces of data traffic to remove attack traces: Sophos - The Hindu BusinessLine

• Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Security Industry Still Fighting to Recruit and Retain Talent

Cyber security teams are struggling to find the right talent, with the right skills, and to retain experienced employees. The situation is only likely to worsen, as inflation and a tight labour market push up wages. Universities produce graduates with a strong focus on technical knowledge, but not always the broader skills they need to operate in a business environment. This includes the lack of communications skills, understanding of how businesses operate and even emotional intelligence. One solution is to outsource to a corporate cyber security provider or outsource to infill shortages whilst trying to recruit permanent staff.

https://www.infosecurity-magazine.com/news/cybersecurity-industry-recruit/

• How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools

The world of managed file transfer (MFT) software has become a lucrative target for ransom-seeking hackers, with significant breaches including those of Accellion Inc's File Transfer Appliance in 2021 and Fortra's GoAnywhere MFT earlier this year. These MFT programs, corporate versions of popular file sharing programs like Dropbox or WeTransfer, are highly desirable to hackers for the sensitive data they often transfer between organisations and partners. The recent mass compromise tied to Progress Software Corp's MOVEit transfer product has prompted governments and companies worldwide to scramble in response.

Hackers are shifting their tactics, with an increasing focus on MFT programs which typically face the open internet, making them more vulnerable to breaches. Once inside these file transfer points, hackers have direct access to a wealth of data. In addition, there's a noticeable shift from ransomware groups encrypting a company's network and demanding payment to unscramble it, to a simpler tactic of pure extortion by threatening to leak the data.

https://www.reuters.com/technology/how-moveit-breach-shows-hackers-interest-corporate-file-transfer-tools-2023-06-16/

• Attackers Discovering Exposed Cloud Assets within Minutes

The shift to cloud services, increased remote work, and reliance on third-parties has led to widespread use of Software-as-a-Service (SaaS) applications. This has also opened avenues for attackers to exploit weak security configurations and identities. Over the past year, attackers have intercepted authorisation tokens, bypassed multifactor authentication, and exploited misconfigured systems, targeting critical applications like GitHub, Microsoft 365, Google Workspace, Slack, and Okta. A study revealed alarmingly fast rates of breach discovery and compromise of exposed cloud assets, with assets being discovered within as little as two minutes for some and others within an hour.

https://www.techtarget.com/searchsecurity/news/366542352/Attackers-discovering-exposed-cloud-assets-within-minutes

https://www.darkreading.com/dr-tech/growing-saas-usage-means-larger-attack-surface

• Majority of Users Neglect Best Password Practices

The latest Password Management Report by Keeper Security has shed light on the concerning state of password security practices. The survey found that only 25% of respondents used solid and unique passwords. In comparison, 34% admitted to using repeat variations of passwords, and 30% still relied on simple and easily guessable passwords. The survey also found that 44% of individuals who claimed to have well-managed passwords still admitted to using repeated variations, while 20% acknowledged having had at least one password involved in a data breach or available on the dark web. The document also revealed that 35% of respondents feel overwhelmed when it comes to improving their cyber security. Furthermore, 10% admitted to neglecting password management altogether. More generally, Keeper Security said the survey’s findings highlight a significant gap between perception and reality regarding password security.

https://www.infosecurity-magazine.com/news/users-neglect-best-password/

• One in Three Workers Susceptible to Phishing

More than one in three workers in the UK and Ireland are susceptible to falling for phishing attacks, according to the new 2023 Phishing by Industry Benchmarking Report by KnowBe4. The study found that 35% of users who had received no security training were prone to clicking on suspicious links or engaging in fraudulent actions. Regular training and continual reinforcement can get this figure down but even with training very few organisations ever get click rates down to zero, and you only need one person to click to cause potentially devastating consequences.

Globally, ransomware was responsible for 24% of all data breaches in 2023, with human error accounting for 74% of these incidents. Phishing attacks can often lead to significant reputational damage, financial loss and disruption to business operations.

https://www.infosecurity-magazine.com/news/one-in-three-phishing/

• Ransomware Misconceptions Abound, to the Benefit of Attackers

There is a common ransomware misperception that there's no capability to fight this all too common hostage taking of business data. This is not true. Proactive organisations are increasingly making more strategic use of threat intelligence to prevent or disrupt attacks.

Ransomware has evolved into a massive, often state-sponsored, industry where operators buy, develop, and resell ransomware code, infiltrate networks, and collect ransoms. The perception that a speedy response is critical to prevent data encryption and loss is outdated; attackers now focus on data exfiltration, using ransomware as a distraction. They often target smaller organisations that are linked to larger ones through supply chains, using them as stepping stones. It is important to use in-depth defence measures, including email security to prevent phishing and efficient detection and response systems to identify and recover from changes.

https://www.darkreading.com/vulnerabilities-threats/ransomware-misconceptions-abound-to-the-benefit-of-attackers

• Threat Actors Scale and Commoditise Uncommon Tools and Techniques

Proofpoint’s 2023 Human Factor report highlights significant developments in the cyber attack landscape in 2022. Following two years of pandemic-induced disruption, cyber criminals returned to their usual operations, honing their social engineering skills and commoditising once sophisticated attack techniques. There was a noticeable increase in brute-force and targeted attacks on cloud tenants, conversational smishing attacks, and multifactor authentication (MFA) bypasses. Microsoft 365 formed a large part of organisations' attack surfaces and faced broad abuse, from Office macros to OneNote documents.

Despite some advances in security controls, threat actors continue to innovate and scale their bypasses. Techniques like MFA bypass and telephone-oriented attack delivery are now commonplace. Attackers consistently exploit people, who remain the most critical variable in the attack chain.

https://www.proofpoint.com/uk/newsroom/press-releases/proofpoints-2023-human-factor-report-threat-actors-scale-and-commoditise

• Goodbyes are Difficult, IT Offboarding Processes Make Them Harder

A recent survey found that 68% of organisations recognise the offboarding process as a major cyber security risk, but only 36% have adequate controls in place to secure data access when employees depart. The study revealed that 60% of organisations have discovered former employees still had access to corporate applications after leaving, and 52% have had security incidents linked to former employees. Interestingly, IT professionals are not always alerted when employees leave, leading to access not being revoked and IT assets being mishandled 34% of the time.

https://www.helpnetsecurity.com/2023/06/19/it-offboarding-processes/

• Security Budget Hikes are Missing the Mark, CISOs Say

Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. A recent report found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defences. This lack of understanding shows that a lot of work needs to be done to ensure that information security receives the attention it deserves, especially in the boardroom.

The report found that just 9% of CISOs said information security is always in the top three priorities on the boardroom’s meeting agenda, and less than a quarter (22%) of CISOs are actively participating in business strategy and decision-making processes. Talking to the board about cyber security in a way that is productive can be a significant challenge for CISOs, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organisation.

https://www.csoonline.com/article/3700073/security-budget-hikes-are-missing-the-mark-cisos-say.html

https://www.helpnetsecurity.com/2023/06/22/average-cybersecurity-budget-increase/

• Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security

In today’s interconnected world, the threat of cyber attacks is a constant concern for organisations of all sizes and across all industries. Cyber resilience entails not only making it difficult for attackers to infiltrate your systems but also ensuring that your organisation can bounce back quickly and continue operations successfully.

Cyber resilience offers a holistic approach to cyber security, emphasising the ability to withstand and recover from cyber attacks. By adopting the right mindset, leveraging advanced technology, addressing cyber hygiene, and measuring key metrics, organisations can enhance their cyber resilience. Additionally, collaboration within industries and proactive board engagement are crucial for effective risk management. As cyber threats continue to evolve, organisations must prioritise cyber resilience as an ongoing journey, continuously adapting and refining their strategies to stay ahead of malicious actors.

https://informationsecuritybuzz.com/understanding-cyber-resilience-building-a-holistic-approach-to-cybersecurity/

• Emerging Ransomware Group 8Base Releasing Confidential Data from SMBs Globally

A ransomware group that operated under the radar for over a year has come to light in recent weeks, thanks to a series of business data leaks on the Dark Web. Since at least April 2022, 8base has been conducting double-extortion attacks against small and midsized businesses (SMBs). It all came to a head in May, when the group dumped data belonging to 67 organisations on the cyber underground.

Not much is known yet about the group's tactics, techniques, and procedures (TTPs), likely due to the low profile of their victims. The victims span science and technology, manufacturing, retail, construction, healthcare, and more, with victims from as far afield as India, Peru, Madagascar and Brazil, amongst others.

https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally

• Financial Firms to Build Resilience in Face of Growing Cyber-Threats

Cyber resilience is now a key component of operational resilience for the UK’s financial markets, according to a Bank of England official. Cyber attacks have increased by 38% in 2022, and the range of firms and organisations being impacted seems to grow broader and broader.

Regulators want to see how financial firms will cope with an attack, and its impact on the wider financial services ecosystem. Similar work is being done at an international level by the G7, which has its own cyber expert group. In the UK, the main tools for improving resilience are threat intelligence sharing, better coordination between firms, regulators, the Bank and the Treasury, and penetration testing including CBEST. Financial services firms should have scenario specific playbooks, to set out how to contain intruders and stop them spreading to clients and counterparties. In the past, simulation exercises have been used to model terrorist incidents and pandemics and they are now being used to model cyber attacks.

https://www.infosecurity-magazine.com/news/financial-firms-to-build-resilience/

• Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level

The US Securities and Exchange Commission (SEC) is expected to introduce a rule requiring demonstration of cyber security expertise at the board level for public companies. A recent study found that currently up to 90% of companies in the Russell 3000 lack even a single director with the necessary cyber expertise. The simplest and speediest solution would be to promote the existing CISO, provided they have the appropriate qualities and experience, to the board but that would require transplanting a focused operational executive into a strategic business advisory role. A credible alternative is to bring in a cyber focused Non-Executive Director with the appropriate skills and experience.

https://www.securityweek.com/fulfilling-expected-sec-requirements-for-cybersecurity-expertise-at-board-level/

Governance, Risk and Compliance

• Why assessing third parties for security risk is still an unsolved problem | CSO Online

• How DORA Will Force Financial Firms to Adopt Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• Navigating the Complex World of Cyber security Compliance - MSSP Alert

• Security budget hikes are missing the mark, CISOs say | CSO Online

• Understanding Cyber Resilience: Building A Holistic Approach To Cyber security (informationsecuritybuzz.com)

• How to Weather the Coming Cyber security Storm - Infosecurity Magazine (infosecurity-magazine.com)

• Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)

• Increased spending doesn't translate to improved cyber security posture - Help Net Security

• Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)

• CISOs’ New Stressors Brought on by Digitalization: Report - SecurityWeek

• Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek

• Decrypting Cyber Risk Quantification (trendmicro.com)

• From details to big picture: how to improve security effectiveness | CIO

• IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters

• Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cyber crime group C10p (afr.com)

• Ransomware Misconceptions Abound, to the Benefit of Attackers (darkreading.com)

• US Offers $10m Reward For MOVEit Attackers - Infosecurity Magazine (infosecurity-magazine.com)

• Data leak at Australian law firm spooks government, business • The Register

• Moveit hack: attack on BBC and BA offers glimpse into the future of cyber crime (theconversation.com)

• Fresh Ransomware Gangs Emerge As Market Leaders Decline (darkreading.com)

• Emerging Ransomware Group 8Base Doxxes SMBs Globally (darkreading.com)

• A Russian national charged for committing LockBit Ransomware attacks - Security Affairs

• Rorschach Ransomware: What You Need to Know (darkreading.com)

• Ransomware is only getting faster: Six steps to a stronger defence (bleepingcomputer.com)

• Ransomware gang preys on cancer centers, triggers alert | SC Media (scmagazine.com)

• Ransomware attacks pose communications dilemmas for local governments | CSO Online

• LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems (darkreading.com)

Ransomware Victims

• MOVEit victim list | KonBriefing.com

• PwC and EY impacted by MOVEit cyber attack (cshub.com)

• Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek

• Hackers threaten to release photos of Beverly Hills plastic surgery patients (bitdefender.com)

• Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack - SecurityWeek

• BlackCat gang threatens to leak plastic surgery photos • The Register

• Reddit confirms BlackCat ransomware gang stole its data • The Register

• Adur and Worthing Councils investigating after contractor data breach | The Argus

• Iowa’s largest school district confirms ransomware attack, data theft (bleepingcomputer.com)

• Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)

• MOVEit cyber attack: US Energy Department gets two ransom notices as MOVEit hack claims more victims - The Economic Times (indiatimes.com)

• USDA is investigating a 'possible data breach' related to global Russian cyber criminal hack | CNN

• Avast, Norton Parent Latest Victim of MOVEit Ransomware Attacks (darkreading.com)

• MOVEit Vulnerability Breaches Targeted Fed Agencies (trendmicro.com)

Phishing & Email Based Attacks

• One in Three UK&I Workers Susceptible to Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber crime: what does psychology have to do with phishing? – podcast | Science | The Guardian

• Hackers Will Be Quick to Bypass Gmail's Blue Check Verification System (darkreading.com)

• UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)

• Insurance companies neglect basic email security - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• The Simplest Social Engineering Hack Of Them All | Hackaday

• Attackers Create Synthetic Security Researchers to Steal IP (darkreading.com)

Artificial Intelligence

• Civil servants told not to share state secrets with ChatGPT, leaked guidance reveals (telegraph.co.uk)

• How generative AI is creating new classes of security threats | VentureBeat

• Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces (thehackernews.com)

• ‘With hackers adopting AI, it’s a cat-and-mouse game’ | Mint (livemint.com)

• ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security

• Biden Discusses Risks and Promises of Artificial Intelligence With Tech Leaders in San Francisco - SecurityWeek

• The next wave of cyber threats: Defending your company against cyber criminals empowered by generative AI | VentureBeat

• Google Tells Employees to Stay Away from Its Bard Chatbot (gizmodo.com)

Malware

• Experts Uncover Year-Long Cyber Attack on IT Firm Utilising Custom Malware RDStealer (thehackernews.com)

• Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)

• Hackers use fake OnlyFans pics to drop info-stealing malware (bleepingcomputer.com)

• Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems (thehackernews.com)

• Mysterious Mystic Stealer Spreads Like Wildfire in Mere Months (darkreading.com)

• Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)

• To kill BlackLotus malware, patching is a good start, but... • The Register

• Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)

• APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)

• ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)

• Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)

• USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)

• NSA shares tips on blocking BlackLotus UEFI malware attacks (bleepingcomputer.com)

• Chinese malware accidentally infects networked storage • The Register

• ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)

Mobile

• New Version of Android GravityRAT Spyware Targets WhatsApp Backups - Infosecurity Magazine (infosecurity-magazine.com)

• SMS delivery reports can be used to infer recipient's location (bleepingcomputer.com)

• Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)

• This Android app with over 50,000 installs steals your files and microphone recordings — what to do | Tom's Guide (tomsguide.com)

• Android spyware camouflaged as VPN, chat apps on Google Play (bleepingcomputer.com)

Botnets

• Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online

• New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)

• Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)

• Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)

• Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west | Cyber crime | The Guardian

• European Investment Bank hit by cyber attack after Russian hackers vow to bring down financial system (telegraph.co.uk)

• New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)

• Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times

• From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)

Internet of Things – IoT

• Thousands left vulnerable after severe weakness is discovered in home security system's mobile app | TechSpot

• Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online

• Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)

• Security for embedded devices is ignored by too many companies, expert says | Fierce Electronics

• Our cities are becoming increasingly automated—and we’re not ready (fastcompany.com)

• US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek

• Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)

Data Breaches/Leaks

• Data leak at Australian law firm spooks government, business • The Register

• Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek

• 3CX data exposed, third-party to blame - Security Affairs

• Mondelez says crooks stole staff data in security breach • The Register

• UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)

• Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)

• Australia Inc roiled by raft of cyber attacks since late 2022 - The Economic Times (indiatimes.com)

• SSD missing from SAP datacenter turns up on eBay • The Register

• Millions of UK University Credentials Found on Dark Web - Infosecurity Magazine (infosecurity-magazine.com)

• Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Darknet Parliament is now a thing | Cybernews

• Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)

• Moveit hack: attack on BBC and BA offers glimpse into the future of cyber crime (theconversation.com)

• Cyber attackers Got More Creative Post-Pandemic, Proofpoint Study Finds - MSSP Alert

• The Great Exodus to Telegram: A Tour of the New Cyber crime Underground (bleepingcomputer.com)

• Cyber crime Doesn't Take a Vacation (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)

• Blockchain security: Everything you should know for safe use | TechTarget

• From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)

Insider Risk and Insider Threats

• Cost-of-Living Crisis increasing chances of Insider threats - IT Security Guru

• Preventing breaches through cyber awareness: How every federal employee contributes to cyber security | Federal News Network

Fraud, Scams & Financial Crime

• Influencers in firing line as France tackles scams - BBC News

• Keep Job Scams From Hurting Your Organisation (darkreading.com)

• Job Seekers, Look Out for Job Scams (darkreading.com)

Impersonation Attacks

• Attackers Create Synthetic Security Researchers to Steal IP (darkreading.com)

AML/CFT/Sanctions

• EU agrees new sanctions against Russia, targeting Chinese companies suspected of circumvention | Euronews

Dark Web

• Darknet Parliament is now a thing | Cybernews

• Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces (thehackernews.com)

• Millions of UK University Credentials Found on Dark Web - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Capita faces first legal Letter of Claim over mega breach • The Register

• Why assessing third parties for security risk is still an unsolved problem | CSO Online

• 3CX data exposed, third-party to blame - Security Affairs

• Mondelez says crooks stole staff data in security breach • The Register

• Untangling the web of supply chain security with Tony Turner - Help Net Security

Software Supply Chain

• CISA SBOM standards efforts stymied by confusion, inertia | TechTarget

Cloud/SaaS

• Growing SaaS Usage Means Larger Attack Surface (darkreading.com)

• Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters

• A new threat to financial stability lurks in the cloud | Financial Times (ft.com)

• Cloud CISO Perspectives: Early June 2023 | Google Cloud Blog

• Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west | Cyber crime | The Guardian

• Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek

• Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)

• Attackers discovering exposed cloud assets within minutes | TechTarget

• Cloud-native security hinges on open source - Help Net Security

• Hybrid Microsoft network/cloud legacy settings may impact your future security posture | CSO Online

• US cyber ambassador says China can win on AI, cloud • The Register

Hybrid/Remote Working

• Home working puts confidential data at risk, GCHQ warns law firms (telegraph.co.uk)

Shadow IT

• Ending the ‘forever war’ against shadow IT | CIO

Identity and Access Management

• The future of passwords and authentication - Help Net Security

Encryption

• Intel to start shipping a quantum processor | Ars Technica

• Quantum hacking alert: Critical vulnerabilities found in quantum key distribution (techxplore.com)

• The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica

• Physics - Long-Range Quantum Cryptography Gets Simpler (aps.org)

API

• Why API Security Could Be the Next Big Thing in Cyber - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)

• Beware bad passwords as attackers co-opt Linux servers into cyber crime – Naked Security (sophos.com)

• Cloud-native security hinges on open source - Help Net Security

• ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Majority of Users Neglect Best Password Practices: Keeper Security - Infosecurity Magazine (infosecurity-magazine.com)

• Forging a Path to Account Takeover: Copy Password Reset Link Vulnerability worth $$$$. | by Manav Bankatwala | Jun, 2023 | InfoSec Write-ups (infosecwriteups.com)

• The future of passwords and authentication - Help Net Security

• These are the most hacked passwords. Is yours on the list? | ZDNET

• Beware bad passwords as attackers co-opt Linux servers into cyber crime – Naked Security (sophos.com)

Social Media

• Influencers in firing line as France tackles scams - BBC News

• Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)

Training, Education and Awareness

• Preventing breaches through cyber awareness: How every federal employee contributes to cyber security | Federal News Network

• Security Training Fail Impacting Digital Transformation - Infosecurity Magazine (infosecurity-magazine.com)

• Security Training Needs to Nudge, Not Nag - Infosecurity Magazine (infosecurity-magazine.com)

Digital Transformation

• Security Training Fail Impacting Digital Transformation - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security

• Bill allowing CISA to assist foreign governments passes Senate committee | SC Media (scmagazine.com)

• Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek

Models, Frameworks and Standards

• The significance of CIS Control mapping in the 2023 Verizon DBIR - Help Net Security

• What is PCI Compliance? 12 Requirements and More Explained | Definition from TechTarget

Secure Disposal

• SSD missing from SAP datacenter turns up on eBay • The Register

Data Protection

• ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security

• Consumer Data: The Risk and Reward for Manufacturing Companies (darkreading.com)

• IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)

Careers, Working in Cyber and Information Security

• 8 notable entry-level cyber security career and skills initiatives in 2023 | CSO Online

• UK military is struggling to recruit tech experts, says report | Financial Times (ft.com)

• Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)

• The Quintessential Toolkit: Five Essential Skills For Advancing In The Cyber security Realm (informationsecuritybuzz.com)

• Cyber security Industry Still Fighting to Recruit and Retain Talent - Infosecurity Magazine (infosecurity-magazine.com)

• It’s Time to Think Creatively to Combat Skills Shortages - Infosecurity Magazine (infosecurity-magazine.com)

• Google announces $20 million investment for cyber clinics | CyberScoop

Law Enforcement Action and Take Downs

• Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)

• Megaupload duo will go to prison at last, but Kim Dotcom fights on… – Naked Security (sophos.com)

• A Russian national charged for committing LockBit Ransomware attacks - Security Affairs

Privacy, Surveillance and Mass Monitoring

• SMS delivery reports can be used to infer recipient's location (bleepingcomputer.com)

• US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Killnet Threatens Imminent SWIFT, World Banking Attacks (darkreading.com)

• A Newly Named Group of GRU Hackers is Wreaking Havoc in Ukraine | WIRED

• Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west | Cyber crime | The Guardian

• UK Pledges Millions in Cyber-Defence Aid to Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• European Investment Bank hit by cyber attack after Russian hackers vow to bring down financial system (telegraph.co.uk)

• Russia sent its reserve team to wipe Ukrainian hard drives • The Register

• Russian APT Group Caught Hacking Roundcube Email Servers - SecurityWeek

• Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)

• Russian APT28 hackers breach Ukrainian govt email servers (bleepingcomputer.com)

• Strategies for staying ahead of modern cyber warfare - CyberTalk

• German intelligence services point to increased hybrid security threats – EURACTIV.com

Nation State Actors

• Microsoft Pins Early June DDoS Attacks on Russian-linked Cyber Crew - MSSP Alert

• US DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors - SecurityWeek

• Cooperation or Competition? China’s Security Industry Sees the US, Not AI, as the Bigger Threat - SecurityWeek

• US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek

• USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)

• CISA orders govt agencies to patch bugs exploited by Russian hackers (bleepingcomputer.com)

• US Cyber Ambassador says China can win on AI, cloud • The Register

• Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog

• State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments (thehackernews.com)

• The Israeli weapons and spyware falling into the hands of despots | Financial Times (ft.com)

• The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica

• Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times

• A Russian national charged for committing LockBit Ransomware attacks - Security Affairs

• Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)

• APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)

• ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)

• 20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks (darkreading.com)

• Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)

• North Korean APT targets defectors, activists with infostealer malware | SC Media (scmagazine.com)

• RedEyes Group Targets Individuals with Wiretapping Malware - Infosecurity Magazine (infosecurity-magazine.com)

• US Justice Department Launches New National Security Cyber Section - Infosecurity Magazine (infosecurity-magazine.com)

• China-sponsored APT group targets government ministries in the Americas | CSO Online

• Chinese malware accidentally infects networked storage • The Register

• Trellix Detects Leading Threat Actor Countries Behind Nation-State Activity - MSSP Alert

Vulnerability Management

• Guess what happened to this US agency that didn't patch? • The Register

• EU Council mulls pan-European platform to handle cyber vulnerabilities – EURACTIV.com

• The Benefits of Red Zone Threat Intelligence - SecurityWeek

Vulnerabilities

• VMware warns of critical vRealize flaw exploited in attacks (bleepingcomputer.com)

• Microsoft Teams Vulnerability: The GIFShell Attack (latesthackingnews.com)

• Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari (thehackernews.com)

• Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild (darkreading.com)

• Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices - Security Affairs

• Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)

• Chrome and Its Vulnerabilities - Is the Web Browser Safe to Use? - SecurityWeek

• Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites - SecurityWeek

• SMB Edge Devices Walloped With Asus, Zyxel Patch Warnings (darkreading.com)

• VMware fixes vCenter Server bugs allowing code execution, auth bypass (bleepingcomputer.com)

• Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands (darkreading.com)

• Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek

• Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks | TechTarget

• ASUS warns router customers: Patch now, or block all inbound requests – Naked Security (sophos.com)

• Firmware Backdoor Discovered in Gigabyte Motherboards, Hundreds of Models Affected - CPO Magazine

• Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)

• A (cautionary) tale of two patched bugs, both under exploit • The Register

• Millions of GitHub repos likely vulnerable to RepoJacking, researchers say (bleepingcomputer.com)

• Windows 11 KB5027231 also breaks Chrome for Cisco, WatchGuard EDR users (bleepingcomputer.com)

• Gaps in Azure Service Fabric’s Security Call for User Vigilance (trendmicro.com)

Tools and Controls

• Getting Over the DNS Security Awareness Gap (darkreading.com)

• Zscaler CEO: Firewalls Are Going The Way Of The Mainframe | CRN

• The future of passwords and authentication - Help Net Security

• Understanding Cyber Resilience: Building A Holistic Approach To Cyber security (informationsecuritybuzz.com)

• Increased spending doesn't translate to improved cyber security posture - Help Net Security

• Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)

• Security investments that help companies navigate the macroeconomic climate - Help Net Security

• The Benefits of Red Zone Threat Intelligence - SecurityWeek

Reports Published in the Last Week

• Proofpoint’s 2023 Human Factor Report: Threat Actors Scale and Commoditise Uncommon Tools and Techniques | Proofpoint UK

• Trellix Detects Leading Threat Actor Countries Behind Nation-State Activity - MSSP Alert

• The Threat Report: June 2023 | Trellix

• Navigating The Cyber Threat Landscape: Key Insights From Trellix ARC's Q1 2023 Report (informationsecuritybuzz.com)

Other News

• Boris Johnson’s notebooks cause national security alarm (thetimes.co.uk)

• ‘It could be taken down by an enthusiastic child’: Whitehall wide open to cyber attack, warn campaigners | Cyber crime | The Guardian

• Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation - SecurityWeek

• Cyber attacks on OT, ICS Lay Groundwork for Kinetic Warfare (darkreading.com)

• Why CISOs should be concerned about space-based attacks | CSO Online

• Legal firms urged to strengthen cyber defences with latest... - NCSC.GOV.UK

• 6 Attack Surfaces You Must Protect (darkreading.com)

• GCHQ’s top hacker James Babbage quits to join NCA in blow to UK cyber force (telegraph.co.uk)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.