Executive Summary

Following on from a security incident in November 2022, GoTo, a remote access and communications software provider who also own LastPass, has announced that a threat actor exfiltrated encrypted backups from a third-party cloud storage service, along with an encryption key which allowed access to a “portion” of these encrypted backup files.

What’s the risk to me or my business?

According to GoTo, the products impacted are “Central, Pro, join.me, Hamachi, and RemotelyAnywhere”. GoTo later explain that the affected information varies depending on the product and may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings and some licensing information and product settings. In addition to this, whilst GoToMyPC and Rescue were not exfiltrated, MFA settings of a small subset of their customers were impacted.

What can I do?

As a precaution we would recommend that users change their password of affected accounts and ensure that multi-factor authentication is enabled all accounts where available.

GoTo have been resetting passwords and re-authorising MFA settings of affected users. The users have then been migrated onto an “enhanced Identity Management Platform” to provide additional security with authentication and login-based security options.

Further information on this security incident be found here: https://www.goto.com/blog/our-response-to-a-recent-security-incident

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Supply Chain Attacks Caused More Data Compromises Than Malware

According to the Identity Theft Resource Center, data compromises steadily increased in the second half of 2022 and cyber attacks remained the primary source of data breaches.

The number of data breaches resulting from supply chain attacks exceeded malware related compromises in 2022 by 40%. According to the report, more than 10 million people were impacted by supply chain attacks targeting 1,743 entities. By comparison, 70 malware-based cyber attacks affected 4.3 million people.

https://www.helpnetsecurity.com/2023/01/26/data-compromises-2022/

• What Makes Small and Medium-Sized Businesses Vulnerable to BEC Attacks

According to the United States’ FBI’s 2021 Internet Crime Report, business email compromise (BEC) accounted for almost a third of the country’s $6.9 billion in cyber losses that year – around $2.4 billion. In surprisingly sharp contrast, ransomware attacks accounted for only $50 million of those losses.

Small and medium-sized businesses (SMBs) are especially vulnerable to this form of attack and BEC’s contribution to annual cyber losses not only makes sense but is also likely underreported.

In stark contrast to highly disruptive ransomware attacks, BEC is subversive and is neither technically complicated nor expensive to deploy. In the case of large organisations, the financial fallout of BEC is almost negligible. That’s not the case for small and medium-sized businesses, which often lack the means to absorb similar financial losses.

BEC’s simplicity gives more credence for attackers to target smaller organisations, and because of that, it’s doubly essential for SMBs to be vigilant.

https://www.helpnetsecurity.com/2023/01/25/what-makes-small-medium-sized-businesses-vulnerable-bec-attacks-video/

• Understanding Your Attack Surface Makes It Easier to Prioritise Technologies and Systems

It has been observed that attackers will attempt to start exploiting vulnerabilities within the first fifteen minutes of their disclosure. As the time to patch gets shorter, organisations need to be more pragmatic when it comes to remediating vulnerabilities, particularly when it comes to prioritisation.

Attack surfaces constantly evolve and change as new applications are developed, old systems are decommissioned, and new assets are registered. Also, more and more organisations are moving towards cloud-hosted infrastructure, which changes the risk and responsibility for securing those assets. Therefore, it is essential to carry out continuous or regular assessments to understand what systems are at risk, instead of just taking a point-in-time snapshot of how the attack surface looks at that moment.

The first step would be to map “traditional” asset types – those easily associated with an organisation and easy to monitor, such as domains and IP addresses. Ownership of these assets can be easily identified through available information (e.g., WHOIS data). The less traditional asset types (such as GitHub repositories) aren’t directly owned by the organisation but can also provide high-value targets or information for attackers.

It’s also important to understand which technologies are in use to make sound judgements based on the vulnerabilities relevant to the organisation. For example, out of one hundred vulnerabilities released within one month only 20% might affect the organisation’s technologies.

Once organisations have a good understanding of which assets might be at risk, context and prioritisation can be applied to the vulnerabilities affecting those assets. Threat intelligence can be utilised to determine which vulnerabilities are already being exploited in the wild.

What is then the correct answer for this conundrum? The answer is that there is no answer! Instead, organisations should consider a mindset shift and look towards preventing issues whilst adopting a defence-in-depth approach; focus on minimising impact and risk by prioritising assets that matter the most and reducing time spent on addressing those that don’t. This can be achieved by understanding your organisation’s attack surface and prioritising issues based on context and relevance.

https://www.helpnetsecurity.com/2023/01/24/understanding-your-attack-surface/

• Cyber Security Pros Sound Alarm Over Insider Threats

Gurucul, a security information and event management (SIEM) solution provider, and Cyber security Insiders, a 600,000-plus member online community for information security professionals, found in their annual 2023 Insider Threat Report that only 3% of respondents surveyed are not concerned with insider risk.

Among all potential insiders, cyber security professionals are most concerned about IT users and admins with far-reaching access privileges (60%). This is followed by third-party contractors (such as MSPs and MSSPs) and service providers (57%), regular employees (55%), and privileged business users (53%).

The research also found that more than half of organisations in the study had been victimised by an insider threat in the past year. According to the data, 75% of the respondents believe they are moderately to extremely vulnerable to insider threats, an 8% spike from last year. That coincided with a similar percentage who said attacks have become more frequent, with 60% experiencing at least one attack and 25% getting hit by more than six attacks.

https://www.msspalert.com/cybersecurity-research/research-report-cybersecurity-pros-sound-alarm-over-insider-threats/

• Ransomware Attack Hit KFC and Pizza Hut Stores in the UK

Nearly 300 fast food restaurants, including branches of KFC and Pizza Hut, were forced to close following a ransomware attack against parent company Yum! Brands. In a statement dated 18 January 2023, Yum! confirmed that unnamed ransomware had impacted some of its IT infrastructure, and that data had been exfiltrated by hackers from its servers. However, although an investigation into the security breach continues, the company said that it had seen no evidence that customer details had been exposed.

What has not yet been made public, and may not even be known to those investigating the breach, is how long hackers might have had access to the company's IT infrastructure, and how they might have been able to gain access to what should have been a secure system. Yum! has also not shared whether it has received a ransom demand from its attackers, and if it did how much ransom was demanded, and whether it would be prepared to negotiate with its extortionists.

https://www.bitdefender.com/blog/hotforsecurity/ransomware-attack-hit-kfc-and-pizza-hut-stores-in-the-uk/

• Forthcoming SEC Rules Will Trigger ‘Tectonic Shift’ in How Corporate Boards Treat Cyber Security

Under rules first proposed in 2022 but expected to be finalised as soon as April 2023, publicly traded companies in the US that determine a cyber incident has become “material”, meaning it could have a significant impact on the business, must disclose details to the SEC and investors within four business days. That requirement would also apply “when a series of previously undisclosed, individually immaterial cyber security incidents has become material in the aggregate.

The SEC’s rules will also require the boards of those companies to disclose significant information on their security governance, such as how and when it exercises oversight on cyber risks. That info includes identifying who on the board (or which subcommittee) is responsible for cyber security and their relevant expertise. Required disclosures will also include how often and by which processes board members are informed and discuss cyber risk. The former cyber adviser to the SEC commented that “The problem we have with the current cyber security ecosystem is that it’s very focused on technical mitigation measures and does not contemplate these business, operational, [or] financial factors.”

Whilst this only impacts US firms, we can expect other jurisdictions to follow suit.

https://www.itbrew.com/stories/2023/01/20/forthcoming-sec-rules-will-trigger-tectonic-shift-in-how-corporate-boards-treat-cybersecurity

• Why CISOs Make Great Board Members

Cyber security-related risk is a top concern, so boards need to know they have the proper oversight in place. The past three years created a perfect storm situation with lasting consequences for how we think about cyber security, and as a result cyber security technologies and teams have shifted from being viewed as a cost centre to a business enabler.

Gartner predicts that by 2025, 40% of companies will have a dedicated cyber security committee. Who is better suited than a CISO to lead that conversation? Cyber security-related risk is a top concern, so boards need to know they have the proper oversight in place. CISOs can provide advice on moving forward with digital change initiatives and help companies prepare for the future. They can explain the organisation’s risk posture, including exposure related to geopolitical conflict as well as to new business initiatives and emerging threats, and what can be done to mitigate risk.

Lastly, the role of the CISO has evolved from being a risk metrics presenter to a translator of risk to the business. Therefore, the expertise CISOs have developed in recent years in how to explain risk to the board makes them valuable contributors to these conversations. They can elevate the discussion to ensure deep understanding of the trade-offs between growth and risk, enable more informed decision-making, and serve as guardrails for total business alignment.

https://www.securityweek.com/why-cisos-make-great-board-members/

• View From Davos: The Changing Economics of Cyber Crime

Cyber crime is a risk created by humans, driven by the economic conditions of high profit and easy opportunity. Ransomware is the most recent monetisation of these motives and opportunities, and it has evolved from simple malware to advanced exploits and double or triple extortion models.

The motive for cyber crime is clear: to steal money, but the digital nature of cyber crime makes the opportunity uniquely attractive, due to the following:

·       Cryptocurrency makes online extortion, trading illicit goods and services, and laundering fraudulent funds highly anonymous and usually beyond the reach of financial regulators or inspection

·       There isn't enough fear of getting caught for cyber crime.

·       With the explosion in spending on digital transformation, data is the new gold and it is incredibly easy to steal, due to lapses in basic hygiene like encrypting data-at-rest and in-transit or limiting access to only authorised users.

·       Paying extortion through extensive cyber insurance policies only feeds the ransomware epidemic by incentivising further crime, as noted by the FBI.

Fighting cyber crime is a team sport, and to succeed, we must adopt this framework of cyber resilience that integrates the technical, policy, behavioural, and economic elements necessary to manage the reality of ever-growing cyber crime as a predictable and manageable cyber risk.

https://www.darkreading.com/edge-articles/view-from-davos-the-changing-economics-of-cybercrime

• Cloud Based Networks Under Increasing Attack, Report Finds

As enterprises around the world continue to move to the cloud, cyber criminals are following right behind them. There was a 48 percent year-over-year jump in 2022 in cyber attacks on cloud-based networks, and it comes at a time when 98 percent of global organisations use cloud services, according to Check Point. The increases in cyber attacks were experienced in various regions, including Asia (with a 60 percent jump), Europe (50 percent), and North America (28 percent) according to a report by Checkpoint last week.

Check Point explained that "The rise in attacks on the cloud was driven both by an overall increase in cyber attacks globally (38 percent overall in 2022, compared to 48 percent in the cloud) and also by the fact that it holds much more data and incorporates infrastructure and services from large amounts of potential victims, so when exploited the attacks could have a larger impact,". Later, Checkpoint highlighted that human error is a significant factor in the vulnerability of cloud-based networks.

The report highlighted the need for defence capabilities in the cloud to improve. According to Check Point, this means adopting zero-trust cloud network security controls, incorporating security and compliance earlier in the development lifecycle, avoiding misconfigurations, and using tools such as an intrusion detection and prevention systems and next-generation web application firewalls. As  commented by Check Point “it is still up to the network and security admins to make sure all their infrastructure is not vulnerable.

https://www.theregister.com/2023/01/20/cloud_networks_under_attack/

• GoTo Admits: Customer Cloud Backups Stolen Together with Decryption Key

On 2022-11-30, GoTo informed customers that it had suffered “a security incident”, summarising the situation as follows:

“Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. The third-party cloud storage service is currently shared by both GoTo and its affiliate, LastPass.”

Two months later, GoTo has come back with an update, and the news isn’t great:

“[A] threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.”

The company also noted that although MFA settings for some Rescue and GoToMyPC customers were stolen, their encrypted databases were not.

https://nakedsecurity.sophos.com/2023/01/25/goto-admits-customer-cloud-backups-stolen-together-with-decryption-key/

• State-Linked Hackers in Russia and Iran are Targeting UK Groups, NCSC Warns

Russian and Iranian state-linked hackers are increasingly targeting British politicians, journalists and researchers with sophisticated campaigns aimed at gaining access to a person’s email, Britain’s online security agency warned on Thursday. The National Cyber Security Centre (NCSC) issued an alert about two groups from Russia and Iran, warning those in government, defence, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues.

Both groups have been active for some years, but it is understood they have recently stepped up their activities in the UK as the war in Ukraine continues, as well as operating in the US and other NATO countries.

The hackers typically seek to gain confidence of a target by impersonating somebody likely to make contact with them, such as by falsely impersonating a journalist, and ultimately luring them to click on a malicious link, sometimes over the course of several emails and other online interactions.

NCSC encourages people to use strong email passwords. One technique is to use three random words, and not replicate it as a login credential on other websites. It recommends people use two-factor authentication, using a mobile phone as part of the log on process, ideally by using a special authenticator app.

The cyber agency also advises people exercise particular caution when receiving plausible sounding messages from strangers who rely on Gmail, Yahoo, Outlook or other webmail accounts, sometimes impersonating “known contacts” of the target culled from social media.

https://www.theguardian.com/technology/2023/jan/26/state-linked-hackers-in-russia-and-iran-are-targeting-uk-groups-ncsc-warns

• 3.7 Million Customers’ Data of Hilton Hotels Put Up For Sale

A member of a hacker forum going by the name IntelBroker, has offered a database allegedly containing the personal information of 3.7 million people participating in the Hilton Hotels Honors program. According to the actor, the data in question includes personally identifying information such as name, address and Honors IDs. According to the Hilton Hotel, no guest login credentials, contacts, or financial information have been leaked.

https://informationsecuritybuzz.com/3-7-millions-customers-data-hilton-hotel-up-for-sale/

Threats

Ransomware, Extortion and Destructive Attacks

• Rebranded Ransomware Crews Spike Number of Hijacking Incidents in Q4 2022 - MSSP Alert

• The Unrelenting Menace of the LockBit Ransomware Gang | WIRED

• Ransomware access brokers use Google ads to breach your network (bleepingcomputer.com)

• FBI hacked into Hive ransomware gang, disrupted operations | TechTarget

• "Workarounds" Helped Royal Mail Resume Shipping After Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware victims are refusing to pay, tanking attackers’ profits | Ars Technica

• Vice Society Ransomware Group Targets Manufacturing Companies (trendmicro.com)

• New Mimic ransomware abuses ‘Everything’ Windows search tool (bleepingcomputer.com)

• BlackCat Ransomware gang stole secret military data from industrial explosives manufacturer - Security Affairs

• Contractor error led to Baltimore schools ransomware attack | TechTarget

• LAUSD says Vice Society ransomware gang stole contractors’ SSNs (bleepingcomputer.com)

• Riot Games receives ransom demand from hackers, refuses to pay (bleepingcomputer.com)

Phishing & Email Based Attacks

• State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian

• ChatGPT is a bigger threat to cyber security than most realize - Help Net Security

• Phishers Use Blank Images to Disguise Malicious Attachments - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers often use this clever trick to take you to phishing sites — can you spot it? | Tom's Guide (tomsguide.com)

• Yahoo Most Faked Brand Name in Phishing Attempts by Threat Actors in Q4 2022 - MSSP Alert

• Yahoo Overtakes DHL As Most Impersonated Brand in Q4 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT could boost phishing scams | TechTarget

• SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK

• Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)

• New 'Blank Image' attack hides phishing scripts in SVG files (bleepingcomputer.com)

• Hackers now use Microsoft OneNote attachments to spread malware (bleepingcomputer.com)

BEC – Business Email Compromise

• What makes small and medium-sized businesses vulnerable to BEC attacks - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Social Engineering Tactics are Changing. Awareness Training Must Change Too.| CSA (cloudsecurityalliance.org)

Malware                                                                                   

• BlackBerry: Threat Actors Launch A Unique Malware Sample Every Minute - MSSP Alert

• Linux malware hit a new high in 2022 | TechRadar

• Phishers Use Blank Images to Disguise Malicious Attachments - Infosecurity Magazine (infosecurity-magazine.com)

• Consumers Face Greater Risks from Malware but Many are Unprepared and Vulnerable - MSSP Alert

• New 'Blank Image' attack hides phishing scripts in SVG files (bleepingcomputer.com)

• ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn (darkreading.com)

• Hackers now use Microsoft OneNote attachments to spread malware (bleepingcomputer.com)

• ChatGPT Can Write Polymorphic Malware to Infect Your Computer (gizmodo.com)

• Microsoft plans to kill malware delivery via Excel XLL add-ins (bleepingcomputer.com)

• Hackers use Golang source code interpreter to evade detection (bleepingcomputer.com)

• Hackers Deploy Open-Source Tool Sliver C2, Replacing Cobalt Strike, Metasploit - Infosecurity Magazine (infosecurity-magazine.com)

• Emotet Malware Makes a Comeback with New Evasion Techniques (thehackernews.com)

• 'DragonSpark' Malware: East Asian Cyber Attackers Create an OSS Frankenstein (darkreading.com)

• Malware exploited critical Realtek SDK bug in millions of attacks (bleepingcomputer.com)

• ‘DragonSpark’ threat actor leverages open-source RAT, other Chinese-language tools | SC Media (scmagazine.com)

Mobile

• Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps (thehackernews.com)

• New 'Hook' Android malware lets hackers remotely control your phone (bleepingcomputer.com)

• Pair of Galaxy App Store Bugs Offer Cyber Attackers Mobile Device Access (darkreading.com)

• Google to phase out legacy apps with Android 14 to improve security - GSMArena.com news

Botnets

• How Does a Botnet Attack Work? - Cyber Defense Magazine

Denial of Service/DoS/DDOS

• Why a hybrid approach can help mitigate DDoS attacks | SC Media

• Russia’s largest ISP says 2022 broke all DDoS attack records (bleepingcomputer.com)

Internet of Things – IoT

• Nice smart device – how long does it get software updates? • The Register

• Why British homes are at risk from ‘Trojan Horse’ smart devices (telegraph.co.uk)

• Why most IoT cyber security strategies give zero hope for zero trust - Help Net Security

Data Breaches/Leaks

• Companies impacted by Mailchimp breach warn their customers - Security Affairs

• LastPass owner GoTo says hackers stole customers’ backups | TechCrunch

• GoTo admits: Customer cloud backups stolen together with decryption key – Naked Security (sophos.com)

• GoTo warns customers of crypto key and backup heist • The Register

• 3.7 Million Customers Data Of Hilton Hotels Put Up For Sale (informationsecuritybuzz.com)

• QUT confirms personal data of thousands of staff compromised in cyber attack - ABC News

• Riot Games hacked, now it faces problems to release content - Security Affairs

• ICE releases asylum seekers after exposing their data • The Register

• Hacker Gets Hands on No-Fly List of Alleged Terrorist Suspects (gizmodo.com)

• Risk & Repeat: Breaking down the LastPass breach | TechTarget

• After data breach put their lives at risk, US releases 3000 immigrants seeking asylum (bitdefender.com)

• TSA No-Fly List Snafu Highlights Risk of Keeping Sensitive Data in Dev Environments (darkreading.com)

• T-Mobile Cyber Attack Spurs Law Firm Investigation - MSSP Alert

• Risk & Repeat: Another T-Mobile data breach disclosed | TechTarget

• Entire US "No Fly List" Exposed Online Via Unsecured Server (informationsecuritybuzz.com)

• Near-Record Year for US Data Breaches in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Zacks data breach impacted hundreds of thousands of customers - Security Affairs

• French rugby club Stade Français leaks source code - Security Affairs

Organised Crime & Criminal Actors

• View from Davos: The Changing Economics of Cyber crime (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Inside the crypto ‘prisons’ scamming Britons out of their life savings (telegraph.co.uk)

• FBI Confirms Lazarus Group Was Behind $100m Harmony Hack - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Take Over Robinhood Twitter Account To Promote Scam - Decrypt

Insider Risk and Insider Threats

• Research Report: Cyber Security Pros Sound Alarm Over Insider Threats - MSSP Alert

• Hunting Insider Threats on the Dark Web (darkreading.com)

Fraud, Scams & Financial Crime

• Inside the crypto ‘prisons’ scamming Britons out of their life savings (telegraph.co.uk)

• P-to-P fraud most concerning cyber threat in 2023: CSI | CSO Online

• Lloyds Bank Warns of 80% Surge in Advance Fee Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Posts Advertising Counterfeit Cash Surge 90% - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Take Over Robinhood Twitter Account To Promote Scam - Decrypt

Insurance

• Regulator Stress Test Highlights Cyber Insurance Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• 4 tips to find cyber insurance coverage in 2023 | TechTarget

• Insurers in talks on adding state-backed cyber to UK reinsurance scheme | Financial Times (ft.com)

• Cyber Security Posture & Insurance Outlook with Advisen (trendmicro.com)

Dark Web

• Hunting Insider Threats on the Dark Web (darkreading.com)

• Dark Web Posts Advertising Counterfeit Cash Surge 90% - Infosecurity Magazine (infosecurity-magazine.com)

Software Supply Chain

• Attacking The Supply Chain: Developer (trendmicro.com)

Cloud/SaaS

• Report: Cloud-based networks under growing attack • The Register

• Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)

• Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts (darkreading.com)

Attack Surface Management

• Understanding your attack surface makes it easier to prioritize technologies and systems - Help Net Security

Encryption

• Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)

API

• 9 API security tools on the frontlines of cyber security | CSO Online

Passwords, Credential Stuffing & Brute Force Attacks

• Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)

• Popular password managers auto-filled credentials on untrusted websites | The Daily Swig (portswigger.net)

• Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)

• Password Dependency: How to Break the Cycle - SecurityWeek

Social Media

• The metaverse brings a new breed of threats to challenge privacy and security gatekeepers | CSO Online

Malvertising

• Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps (thehackernews.com)

• Ad Fraud Scheme Tops 12 Billion Daily Bid Requests - Infosecurity Magazine (infosecurity-magazine.com)

• Google Ads invites being abused to push spam, adult sites (bleepingcomputer.com)

• Ransomware access brokers use Google ads to breach your network (bleepingcomputer.com)

• Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages (thehackernews.com)

Training, Education and Awareness

• Social Engineering Tactics are Changing. Awareness Training Must Too.| CSA (cloudsecurityalliance.org)

Regulations, Fines and Legislation

• Ireland’s data protection watchdog fines WhatsApp €5.5m • The Register

Governance, Risk and Compliance

• Forthcoming SEC rules will trigger ‘tectonic shift’ in how corporate boards treat cyber security (itbrew.com)

• Just Half of Firms Have Sufficient Cyber Security Budget - Infosecurity Magazine (infosecurity-magazine.com)

• View from Davos: The Changing Economics of Cyber Crime (darkreading.com)

• Why CISOs Make Great Board Members - SecurityWeek

• Awareness Training Must Change | CSA (cloudsecurityalliance.org)

• Despite Slowing Economy, Demand for Cyber Security Workers Remains Strong (darkreading.com)

• Organisations Must Brace for Privacy Impacts This Year (darkreading.com)

• The Business Imperative of Cyber Information Sharing for Our Collective Defence | World Economic Forum (weforum.org)

Data Protection

• Ireland’s data protection watchdog fines WhatsApp €5.5m • The Register

• ICO Offers Data Protection Advice to SMBs - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Why CISOs Make Great Board Members - SecurityWeek

• Davos Debrief: Critical Shortage of Cyber Security Talent Requires Action on Several Fronts, CompTIA Executive Says (darkreading.com)

• Despite Slowing Economy, Demand for Cyber Security Workers Remains Strong (darkreading.com)

• 8 cyber security roles to consider | TechTarget

• How To Safeguard Your Business From Cyber Security Stress And Prevent IT Burnout (informationsecuritybuzz.com)

• Can't Fill Open Positions? Rewrite Your Minimum Requirements (darkreading.com)

• Veterans bring high-value, real-life experience as potential cyber security employees | CSO Online

• US is Short Nearly 530,000 Skilled Cyber Security Workers, IT Layoffs Not Slowing Demand - MSSP Alert

• Dozens of Cyber Security Companies Announced Layoffs in Past Year - SecurityWeek

Law Enforcement Action and Take Downs

• FBI hacked into Hive ransomware gang, disrupted operations | TechTarget

• Dutchman Detained for Dealing Details of Tens of Millions of People (darkreading.com)

• Dutch suspect locked up for alleged personal data megathefts – Naked Security (sophos.com)

Privacy, Surveillance and Mass Monitoring

• Organisations Must Brace for Privacy Impacts This Year (darkreading.com)

• The metaverse brings a new breed of threats to challenge privacy and security gatekeepers | CSO Online

• Scientists use Wi-Fi routers to see humans through walls | ZDNET

• Most consumers would share anonymised personal data to improve AI products - Help Net Security

Artificial Intelligence

• ChatGPT is a bigger threat to cyber security than most realize - Help Net Security

• Learning to Lie: AI Tools Adept at Creating Disinformation - SecurityWeek

• Rogue AI ‘could kill everyone’ | News | The Times

• ChatGPT could boost phishing scams | TechTarget

• FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com

• ChatGPT Can Write Polymorphic Malware to Infect Your Computer (gizmodo.com)

• Chat Cyber Security: AI Promises a Lot, but Can It Deliver? (darkreading.com)

Misinformation, Disinformation and Propaganda

• Learning to Lie: AI Tools Adept at Creating Disinformation - SecurityWeek

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian

• UK authorities warn of phishing from Iran, Russia • The Register

• Armis State of Cyberwarfare and Trends Report - IT Security Guru

• North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyber Attacks (thehackernews.com)

• SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK

• Gamaredon Group Launches Cyber Attacks Against Ukraine Using Telegram (thehackernews.com)

• Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)

• FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com

• “Pegasus” lifts the lid on a sophisticated piece of spyware | The Economist

• North Korean Group TA444 Shows 'Startup' Culture, Tries Numerous Infection Methods - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked TA444 turns to credential harvesting activity - Security Affairs

Nation State Actors

Nation State Actors – Russia

• State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian

• UK authorities warn of phishing from Iran, Russia • The Register

• SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK

• Gamaredon Group Launches Cyber Attacks Against Ukraine Using Telegram (thehackernews.com)

• Russia’s largest ISP says 2022 broke all DDoS attack records (bleepingcomputer.com)

Nation State Actors – China

• Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)

• FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com

Nation State Actors – North Korea

• North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyber Attacks (thehackernews.com)

• FBI Confirms Lazarus Group Was Behind $100m Harmony Hack - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean Group TA444 Shows 'Startup' Culture, Tries Numerous Infection Methods - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked TA444 turns to credential harvesting activity - Security Affairs

Nation State Actors – Iran

• State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian

• UK authorities warn of phishing from Iran, Russia • The Register

• SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK

Vulnerability Management

• Extent of reported CVEs overwhelms critical infrastructure asset owners - Help Net Security

• Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium (thehackernews.com)

• Log4j Vulnerabilities Are Here to Stay — Are You Prepared? (darkreading.com)

• Trained developers get rid of more vulnerabilities than code scanning tools - Help Net Security

• New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch  - SecurityWeek

• Halo Security unveils KEV feature to improve attack surface visibility - Help Net Security

Vulnerabilities

• Crims can still exploit this NSA-discovered Microsoft bug • The Register

• 75k WordPress sites impacted by critical online course plugin flaws (bleepingcomputer.com)

• Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium (thehackernews.com)

• Log4j Vulnerabilities Are Here to Stay — Are You Prepared? (darkreading.com)

• Chrome 109 update addresses six security vulnerabilities - Security Affairs

• Microsoft urges admins to patch on-premises Exchange servers (bleepingcomputer.com)

• Drupal Patches Vulnerabilities Leading to Information Disclosure | SecurityWeek.Com

• Critical Vulnerabilities Patched in OpenText Enterprise Content Management System | SecurityWeek.Com

• Around 19,500 end-of-life Cisco routers exposed to hack - Security Affairs

• In-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences | SecurityWeek.Com

• Apple patches are out – old iPhones get an old zero-day fix at last! – Naked Security (sophos.com)

• Apple Patches WebKit Code Execution in iPhones, MacBooks - SecurityWeek

• VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities (thehackernews.com)

• Crooks are already exploiting this bug in old iPhones • The Register

• Logfile nightmare deepens thanks to critical VMware flaws • The Register

• Malware exploited critical Realtek SDK bug in millions of attacks (bleepingcomputer.com)

• Realtek SDK flaw CVE-2021-35394 actively exploited in the wild- Security Affairs

• Lexmark warns of RCE bug affecting 100 printer models, PoC released (bleepingcomputer.com)

• Crims can still exploit this NSA-discovered Microsoft bug • The Register

Tools and Controls

• Is Once-Yearly Pen Testing Enough for Your Organisation? (thehackernews.com)

• Just Half of Firms Have Sufficient Cyber Security Budget - Infosecurity Magazine (infosecurity-magazine.com)

• LastPass owner GoTo says hackers stole customers’ backups | TechCrunch

• Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)

• Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)

• Understanding your attack surface makes it easier to prioritize technologies and systems - Help Net Security

• Companies Struggle With Zero Trust as Attackers Adapt to Get Around It (darkreading.com)

• Federal Agencies Infested by Cyber Attackers via Legit Remote Management Systems (darkreading.com)

• Why a hybrid approach can help mitigate DDoS attacks | SC Media

• CISA Warns Against Malicious Use of Legitimate RMM Software - Infosecurity Magazine (infosecurity-magazine.com)

• Gartner Predicts 10% of Large Enterprises Will Have a Mature and Measurable Zero-Trust Program in Place by 2026 (darkreading.com)

• Steps To Planning And Implementation Of Endpoint Protection (informationsecuritybuzz.com)

Other News

• Hackers can make computers destroy their own chips with electricity | New Scientist

• Scientists use Wi-Fi routers to see humans through walls | ZDNET

• Microsoft 365 outage takes down Teams, Exchange Online, Outlook (bleepingcomputer.com)

• Lessons Learned from the Windows Remote Desktop Honeypot Report (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.