Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment

According to the UK Parliament’s Joint Committee on the National Security Strategy (JCNSS), the UK is one of the most targeted countries in the world for cyber attacks, predominantly coming from Russian-linked threat actors. The report describes the UK as being at high risk from catastrophic ransomware attacks, and warns that the country could face significant challenges in managing future attacks.

Further, the report noted that the UK’s regulatory frameworks are insufficient and large amounts of national infrastructure are still vulnerable to ransomware because of their reliance on legacy IT systems.

Sources: [ITPro] [Emerging Risks Media Ltd]

Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions

Despite increased investments in third-party cyber security risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions, according to a new Gartner survey. This is reinforced by a separate survey, in which 97% of respondents reported having suffered negative impacts from a breach in a third party or supplier partner in the last year; a figure that has remained unchanged for the past three years.

The results show that despite the increase in attention and investments in third party risk management, organisations are not carrying these out in a way that is decreasing the risk.

Sources: [CIR Magazine] [Gartner]

Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies

Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. Its mobile app and website were down but they managed to restore some of its landline services on the same day of the attack. 24 million Kyivstar users have been urged to change all passwords following the attack.

So far, two Russia-aligned hacker groups have claimed responsibility for the hack: Killnet and Solntsepek. While Killnet have not provided any evidence of the attack, Solntsepek posted several screenshots of Kyivstar systems that it allegedly hacked, on its Telegram channel. The group said it “destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage, and backup systems”.

Further, Russia is expected to ramp up their cyber campaign efforts targeting Ukraine’s allies as part of the ongoing conflict in the region. Last winter saw an increase in attacks that is likely to be repeated this year. The use of wiper malware to target critical national infrastructure (CNI) outside of Ukraine), similar to the attack on Kyivstar above, is just one tactic that could be deployed to disrupt Western allies’ ability, and motivation, to continue military support to Ukraine.

Sources: [Record Media] [New Voice of Ukraine] [Hacker news] [Infosecurity Magazine] [Gov Info Security]

81% of Companies had Malware, Phishing and Password Attacks in 2023

According to Verizon, 81% of organisations faced malware, phishing and password attacks last year, and these attacks were mainly targeted at users. Further, it was found that 62% percent of companies suffered a security breach connected to remote working. Certainly, attacks are not limited to particular sectors or organisations. Everyone can be a target and it is important to keep that in mind when focusing on securing the organisation; yet despite cyber security affecting everyone, 91% of CEOs/CFOs put the responsibility for cyber security squarely with IT.

Source: [Security Magazine]

Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors

According to SentinelOne, mid-sized businesses are being targeted by cyber criminals who are displaying skills previously limited to expert government hackers. Cyber criminals are more organised than ever and have a better understanding of how businesses run; this, paired with technical acumen and AI, has created a difficult environment for medium-sized businesses who don’t possess the budget of a large organisation.

Sources: [Washington Times] [SiliconANGLE]

Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact

The US National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that the Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and allied countries. To raise awareness and help organisations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released a Cyber Security Advisory (CSA) on SVR’s exploiting of JetBrain’s TeamCity software, widely used by developers and software providers.

The advisory warns that APT29, the notorious Russian group behind the 2020 SolarWinds hack, are actively exploiting this vulnerability, joining state-sponsored actors from North Korea. The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes.

Sources: [NSA] [Dark Reading] [The Register]

Why Cyber Security Is a Competitive Advantage: Reaching Digital Success

In the tech-driven world, cyber security’s importance is paramount for protecting sensitive data and critical systems. Significant increases in vulnerabilities and breaches have led to stricter guidelines and regulations for most sectors; a trend we expect to see increasing with regulations becoming more and more stringent. Increased regulation can only be good for affected industries and sectors to drive increased security.

However, beyond regulatory compliance, cyber security is a critical competitive differentiator and should be seen as such, rather than simply as a tick box exercise to satisfy a regulator or viewed as an increase in regulatory burden. Data breaches can lead to severe financial setbacks and damage to a company's reputation and customer trust. The legal and financial consequences of non-compliance with cyber security regulations are significant.

Building a comprehensive cyber security strategy that includes risk assessments, incident response plans, and proactive measures is essential in this era of rapid vulnerability exploitation. Embracing cyber security is not just a choice but a necessity for success in the digital age.

Source: [Forbes]

Ransomware-as-a-Service: The Growing Threat You Can't Ignore

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cyber security. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This latest ransomware business model allows inexperienced hackers to use on-demand tools for attacks, reducing time and cost. They pay a fee, choose a target, and launch an attack with the provider’s tools. The effects of RaaS are starting to be noticed, as a recent survey showed the time from network breach to file encryption has dropped below 24 hours for the first time.

Source: [Hacker News]

66% of Employees Prioritise Daily Tasks Over Cyber Security

According to a recent survey, 66% of respondents stated that completing daily tasks is more crucial than cyber security, such as cyber security training. The tasks that were being prioritised over cyber security training include monthly targets, manager-assigned tasks and emails.

The survey highlights the need for improved cyber security training in organisations, with 64% of employees wanting time for this training during work hours, and 43% referring more engaging methods like videos and interactive sessions. The data suggests a shift from the annual training model, with 29% receiving quarterly training, 13% semi-quarterly, and 11% monthly. Addressing these needs is crucial for cyber security readiness.

Source: [Security Magazine]

Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days

Last week, a cyber attack on a small Irish water utility disrupted the water supply for two days, affecting 180 people. The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed devices or controllers that are either not protected at all or protected by a default password. This follows a warning from the US Government about the CyberAv3ngers group, an Iranian affiliated threat actor, which has been actively attacking water facilities in multiple US states.

Source: [Security Week]

Who Is Responsible for Cyber Security? You.

Cyber security is a concern that should resonate with every member of the C-suite and senior staff because when it fails, the entire business is impacted. Recent examples like the “bleach breach” at Clorox and the cyber attack on MGM Resorts illustrate the financial and reputational consequences of cyber security incidents, with losses estimated in the hundreds of millions of dollars. To effectively address this, C-suite executives and their teams must actively support cyber security initiatives led by CIOs and CISOs. The introduction of new government regulations, such as those from the US Securities and Exchange Commission (SEC), require organisations to swiftly report and manage cyber security incidents, impacting various departments beyond just the security team. To succeed in this environment, organisations must make cyber security information accessible across teams, allocate budgets for cyber security, and view cyber security as a catalyst for innovation and growth rather than a burden. For this to happen every single person within an organisation, from the very top to the very bottom, has a role to play in keeping the organisation secure and no one can think that security is someone else’s job.

Source: [Forbes]

Many Popular Websites Still Cling to Password Creation Policies From 1985

Website security, particularly password creation policies and login practices, requires immediate attention. A study of over 20,000 websites uncovers significant vulnerabilities with 75% of websites permitting passwords even shorter than 8 characters (which was the recommendation all the way back in 2012), and 12% even allow single-character passwords. Furthermore, 40% limit password length to being far shorter than current recommendations, and worse 72% permit dictionary words or known breached passwords.

The study also reveals that a third of websites do not support special characters in passwords. Remarkably, many websites continue to adhere to outdated password policies from 2004 or even 1985, and only 5.5% comply with stricter modern guidelines. This underscores the immediate need for standardising and strengthening password policies across the web, as well as enhancing education and outreach efforts to address these critical security weaknesses. Such passwords can influence people’s password choice, which can then enter the corporate environment. This can lead to their account having a higher risk of compromise, and in turn, risks to the data belonging to the organisation.

Source: [Help Net Security]

Governance, Risk and Compliance

• Who Is Responsible For Cyber Security? You. (forbes.com)

• How C-Level Executives Can Increase Cyber Resilience (forbes.com)

• Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)

• Ex-Uber CSO: Lessons Learned from the Breach and Legal Case (darkreading.com)

• The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online

• How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast

• 7 Must-Ask Questions for Leaders on Security Culture | MSSP Alert

• Why Cyber Security Is A Competitive Advantage: Reaching Digital Success (forbes.com)

• Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur

• Tech prediction #2: Businesses will turn to Cyber Security as a Service - Digital Journal

• Is Cyber Security as a Service (CSaaS) the Answer? (automation.com)

Threats

Ransomware, Extortion and Destructive Attacks

• UK ransomware attack could bring country to a "standstill" as scathing report calls for greater security investment | ITPro

• UK Downplays Ransomware Threat at Its Peril, Says Committee (inforisktoday.com)

• Ransomware Surge is Driving UK Inflation, Says Veeam - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Groups' Latest Tactic: Weaponized Marketing (inforisktoday.com)

• CNI 'vulnerable to ransomware' | Professional Security

• Ransomware-as-a-Service: The Growing Threat You Can't Ignore (thehackernews.com)

• Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)

• The end of ransomware payments: how businesses fit into the fight | ITPro

• Vulnerabilities Now Top Initial Access Route For Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• OpenText Cyber Security 2023 Global Ransomware Survey | MSSP Alert

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

• US reveals email addresses used to send ransomware demands • The Register

• Virtual Kidnapping: The Dark World of Cyber Extortion (govinfosecurity.com)

Ransomware Victims

• Kraft Heinz launches investigation after ransomware gang claims to have stolen data - SiliconANGLE

• Norton Healthcare disclosed a data breach after ransomware attack (securityaffairs.com)

• US healthcare giant Norton says hackers stole millions of patients’ data during ransomware attack | TechCrunch

• Insomniac Reportedly Hacked, Blackmailed With Game Leaks And Doxing (thegamer.com)

• BAUER Group is operational again after cyber attack | Corporate - EQS News (eqs-news.com)

• Nissan dealerships in ANZ crippled by cyber attack - Drive

Phishing & Email Based Attacks

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• 39% of security leaders cite phishing as most feared cyber attack | Security Magazine

• Quishing is the new phishing: Why you need to think before you scan that QR code | ZDNET

• Cyber Criminals Exploit OAuth Apps for BEC, Phishing Attacks (petri.com)

• Google Forms Used in Call-Back Phishing Scam | Tripwire

• Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US reveals email addresses used to send ransomware demands • The Register

• Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)

Artificial Intelligence

• SMEs "losing" battle against AI-powered cyber attacks, say experts - Tech Monitor

• ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)

• AI in 2024: More business use, more fraud risks | Premium | Compliance Week

• Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week

• The White House's private fears over the rise of AI in the Middle East (telegraph.co.uk)

• Holiday Scams Propelled By Artificial Intelligence | Foodman CPAs & Advisors - JDSupra

• Responsibly Implementing AI, the Unstoppable Force (darkreading.com)

• How to stop Dropbox from sharing your personal files with OpenAI (cnbc.com)

• Israel's AI can produce 100 bombing targets a day in Gaza. Is this the future of war? (theconversation.com)

Malware

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques (thehackernews.com)

• Hacker Uses Infostealer Data to Gain Access to Brazil’s Police Portal | Info Stealers

• Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica

• Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans (thehackernews.com)

• Recruiters, beware of cyber crooks posing as job applicants! - Help Net Security

• How criminals disguise URLs | Kaspersky official blog

• Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)

• 29 malware families targeted 1800 banking apps in 61 countries | Security Magazine

• Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar

• Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)

• Surge in deceptive simplicity exploitation by cyber attackers (securitybrief.co.nz)

Mobile

• Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)

• Apple Testing New Stolen Device Protection Feature for iPhones - Security Week

• Hackers outsmart Apple to install keyloggers on iPhones - PhoneArena

• Android barcode scanner app exposes user passwords (securityaffairs.com)

• New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands (thehackernews.com)

• Six of the most popular Android password managers are leaking data | ZDNET

• SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users (thehackernews.com)

• '5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week

• WhatsApp, Slack, Teams, and other messaging platforms face constant security risks - Help Net Security

• 29 malware families targeted 1800 banking apps in 61 countries | Security Magazine

• Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• Websites down as Newsquest hit by cyber attack - Journalism News from HoldtheFrontPage

Internet of Things – IoT

• How Cyber Security Can Build Consumer Trust In Self-Driving Vehicles (forbes.com)

Data Breaches/Leaks

• Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches (darkreading.com)

• UK Ministry of Defence Fined For Afghan Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• DNA companies should receive severe penalties for losing our data | TechCrunch

• Why the 23andMe Data Breach Is Such a Disaster (gizmodo.com)

• US nuclear research lab data breach impacts 45,000 people (bleepingcomputer.com)

• Ubiquiti users claim to have access to other people’s devices (securityaffairs.com)

• 2.5m people's data lost in Norton hospital ransomware hit • The Register

• Dubai’s largest taxi app exposes 220K+ users (securityaffairs.com)

• Toyota Financial Services discloses data breach (securityaffairs.com)

• US Air Force Disciplines 15 as IG Finds That Security Failures Led to Massive Classified Documents Leak - Security Week

• DonorView exposes 1M records for unknown time frame • The Register

• Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)

Organised Crime & Criminal Actors

• Cyber criminals hit businesses with skills once limited to Chinese, Russian government hackers - Washington Times

• Cyber Crime Orgs Increasingly Use Human Trafficking to Staff Scam Mills (darkreading.com)

• Interpol strikes slavers who force people to scam you online • The Register

• Microsoft goes after a cyber criminal group that sold millions of fraudulent accounts online - Neowin

• Cyber criminals and nation states up their game in persistent global attacks - SiliconANGLE

• Dark web forums reveal next year’s cyber security threats - Digital Journal

• Trafficking for cyberfraud an increasingly globalized crime, Interpol says (nbcnews.com)

• Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)

• Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)

• New cyber crime market 'OLVX' gains popularity among hackers (bleepingcomputer.com)

• How cyber criminals are using Wyoming shell companies for global hacks | Reuters

• Exploitation of the internet and the mind: How cyber criminals operate | TechRadar

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto Startup Ledger Users’ Wallets Drained in Hack - Bloomberg

• Ledger says attacker conducted phishing attack on former employee - Blockworks

Insider Risk and Insider Threats

• 66% of employees prioritize daily tasks over cyber security | Security Magazine

• Privilege elevation exploits used in over 50% of insider attacks (bleepingcomputer.com)

• Prison for man who wiped bank's data after being fired for accessing porn in the office (bitdefender.com)

• Employees are weaponizing private emails with colleagues | Fortune

Insurance

• Making Cyber Insurance Available for Small Biz, Contractors (darkreading.com)

Supply Chain and Third Parties

• Gartner Survey Finds 45% of Organisations Experienced Third Party-Related Business Interruptions During the Past Two Years

• UK firms increasing their focus on supply chain cyber risk – report - CIR Magazine

• US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters

• Manchester Public Schools Lose $180K to Hacked Vendor (govtech.com)

• Software & Security: How to Move Supply Chain Security Up the Agenda (darkreading.com)

Cloud/SaaS

• Multi-Cloud vs. Hybrid Cloud: The Main Difference (techtarget.com)

• SAP's attempt to migrate security tools to cloud failed • The Register

• Cloud engineer wreaks havoc on bank's network after firing • The Register

Linux and Open Source

• Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• Almost 90 percent say they're prepared for password-based attacks -- but half still fall for them (betanews.com)

• Android barcode scanner app exposes user passwords (securityaffairs.com)

• Six of the most popular Android password managers are leaking data | ZDNET

• Many popular websites still cling to password creation policies from 1985 - Help Net Security

Social Media

• How a social engineering hack turned these Facebook pages into a dumping ground for spam (engadget.com)

Regulations, Fines and Legislation

• Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)

• ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)

• How European countries are implementing new cyber security framework – EURACTIV.com

• Cyber Solidarity Act moves ahead in EU Parliament with key committee vote – EURACTIV.com

• Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week

• FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure  - Security Week

• The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online

• SEC Cyber Security Breach Rule: What it Means for MSSPs | MSSP Alert

• Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction | TechCrunch

• Government plans to regulate to tackle datacentre threats | Computer Weekly

• eIDAS: EU’s internet reforms will undermine a decade of advances in online security - Help Net Security

Models, Frameworks and Standards

• MITRE Launches Critical Infrastructure Threat Model Framework - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• UK IT staff working nearly as much overtime as law enforcement | ITPro

• Getting Into Cyber Security: A Guide for IT Security Careers | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Law Enforcement Action and Take Downs

• Cloud engineer wreaks havoc on bank's network after firing • The Register

• Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)

• Microsoft goes after a cyber criminal group that sold millions of fraudulent accounts online - Neowin

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Another Cyber Attack on Critical Infrastructure and the Outlook on Cyberwarfare (informationweek.com)

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• International justice – France offers support to the International Criminal Court to step up cyber security (12 Dec. 2023) - Ministry for Europe and Foreign Affairs (diplomatie.gouv.fr)

• Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)

• Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register

Nation State Actors

• What CISOs Need to Know About Nation State Actors (informationweek.com)

China

• Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)

• China's Cyber Attacks Target US Infrastructure In Preparation For Potential Conflict: Report - Benzinga

• Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs (darkreading.com)

• China’s cyber intrusions have hit ports and utilities, officials say - The Washington Post

• CISA unveils Google Workspace guidelines informed by Chinese breach of Microsoft | CyberScoop

• Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet  - Security Week

• Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar

• China warns its geographic data breach puts industry at risk (techinformed.com)

Russia

• Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator (thehackernews.com)

• Ukraine’s Largest Phone Operator Hacked in “Act of War” - Infosecurity Magazine (infosecurity-magazine.com)

• 24 million Kyivstar users urged to change all passwords due to cyber attack / The New Voice of Ukraine (nv.ua)

• Hackers damaged some infrastructure of Ukraine’s Kyivstar telecom company (therecord.media)

• Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)

• Russia Set to Ramp Up Attacks on Ukraine’s Allies This Winter - Infosecurity Magazine (infosecurity-magazine.com)

• UK government takes steps to thwart Russia's FSB hackers (techmonitor.ai)

• Cyber criminals hit businesses with skills once limited to Chinese, Russian government hackers - Washington Times

• Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign (thehackernews.com)

• US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters

• Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare (darkreading.com)

• NCSC warning on Russian targeting | Professional Security

• Iranian Parliament Approves Information Security Deal With Russia | Iran International (iranintl.com)

• Ukrainian intelligence takes down Russia's tax system in major cyber warfare operation

• MI6 chief thanks Russian state television for its 'help' in encouraging Russians to spy for the UK | AP News

• Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)

• User activity showed greater increase in traffic on 3G network compared to 4G (LTE) network / The New Voice of Ukraine (nv.ua)

• Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

Iran

• Another Cyber Attack on Critical Infrastructure and the Outlook on Cyberwarfare (informationweek.com)

• Two-day water outage in remote Irish region caused by pro-Iran hackers (therecord.media)

• Iranian Parliament Approves Information Security Deal With Russia | Iran International (iranintl.com)

• Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)

North Korea

• Stronger action against North Korean cyber threats pushed by US, South Korea, Japan | SC Media (scmagazine.com)

• Lazarus sub-group targets South Korean defence firms | SC Media (scmagazine.com)

• Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)

• Lazarus Operation Blacksmith Attacking Organisations Worldwide (cybersecuritynews.com)

• Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)

• Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register

• Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)

• Cyber Attack Disrupts TV Services Across UAE, AI Anchor Broadcasts Graphic Content from Gaza | Metaverse Post (mpost.io)

Vulnerability Management

• Vulnerabilities Now Top Initial Access Route For Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Over 30% of Log4J apps use a vulnerable version of the library (bleepingcomputer.com)

• One in four apps remain exposed to Log4Shell • The Register

Vulnerabilities

• Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical (thehackernews.com)

• New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) - Help Net Security

• Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)

• SAP Security Patch Day December 2023 | SAP Blogs

• Adobe Releases Security Updates for Multiple Products | CISA

• Chrome 120 Update Patches High-Severity Vulnerabilities - Security Week

• 50K WordPress sites exposed to RCE attacks by critical bug in backup plugin (bleepingcomputer.com)

• '5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week

• Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)

• Sophos backports RCE fix after attacks on unsupported firewalls (bleepingcomputer.com)

• One in four apps remain exposed to Log4Shell • The Register

• Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)

• This is how to protect your computers from LogoFAIL attacks | ZDNET

• Over 1,450 pfSense servers exposed to RCE attacks via bug chain (bleepingcomputer.com)

Tools and Controls

• Attacks abuse Microsoft DHCP to spoof DNS records • The Register

• Balancing AI advantages and risks in cyber security strategies - Help Net Security

• What is Cyber security threat intelligence sharing (att.com)

• The Cyber Security Conundrum: Best-Of-Breed Vs. Single Pane Of Glass (forbes.com)

• Discord adds Security Key support for all users to enhance security (bleepingcomputer.com)

• Modern Attack Surface Management (ASM) for SecOps (trendmicro.com)

• Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur

• Are business cyber security measures really fit for purpose? - Digital Journal

• New Microsoft Incident Response team guide shares best practices for security teams and leaders | Microsoft Security Blog

• Which cyber security controls are organisations struggling with? - Help Net Security

Other News

• UK must improve cyber risk management in face of catastrophic threats - Emerging Risks Media Ltd

• Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)

• Sellafield nuclear plant: I pray fears of a leak at the site are being taken seriously | The Independent

• Is macOS as secure as its users think? | Kaspersky official blog

• The 3 Most Prevalent Cyber Threats of the Holidays (darkreading.com)

• Over 3,800 Ministry of Defence passes lost or stolen (ukdefencejournal.org.uk)

• My home, my castle: Only 1 in 6 Brits are concerned about cyberthreats at home – PCR (pcr-online.biz)

• NCSC CEO Lindy Cameron to step down in 2024 | Computer Weekly

• Reflecting On The Evolution Of Cyber Security In 2023 (forbes.com)

• Unveiling the Cyber Threats to Healthcare: Beyond the Myths (thehackernews.com)

• This is how to protect your computers from LogoFAIL attacks | ZDNET

• Polish train maker denies claims it geofenced trains • The Register

• Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)

• Cyber criminals continue targeting open remote access products - Help Net Security

• Threat actors misuse OAuth applications to automate financially driven attacks | Microsoft Security Blog

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian

British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.

UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.

Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.

The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.

https://www.telegraph.co.uk/business/2023/02/09/companies-banned-paying-hackers-attacks-royal-mail-guardian/

• Fraud Set to Be Upgraded as a Threat to National Security

Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.

It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.

It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.

https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/

• 98% of Attacks are Not Reported by Employees to their Employers

Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.

https://www.msspalert.com/cybersecurity-research/employees-fail-to-report-98-of-email-cyber-hacks-to-security-teams-study-finds/

• UK Second Most Targeted Nation Behind America for Ransomware

Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.

https://www.itsecurityguru.org/2023/02/07/uk-second-most-targeted-nation-behind-america-for-ransomware/

• Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.

https://www.darkreading.com/attacks-breaches/financial-institutions-are-suffering-from-increasingly-sophisticated-cyberattacks-according-to-contrast-security

• An Email Attack Can End Up Costing You Over $1 Million

According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.

https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/

• Cyber Crime Shows No Signs of Slowing Down

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.

https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down

• Surge of Swatting Attacks Targets Corporate Executive and Board Members

Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.

https://www.csoonline.com/article/3687177/surge-of-swatting-attacks-targets-corporate-executives-and-board-members.html#tk.rss_news

• Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.

https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead

• Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.

https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks

• Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.

https://www.cnbc.com/2023/02/04/crypto-investors-lost-nearly-4-billion-dollars-to-hackers-in-2022.html

• PayPal and Twitter Abused in Turkey Relief Donation Scams

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.

https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/

• Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.

https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/

Threats

Ransomware, Extortion and Destructive Attacks

• UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online

• US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek

• Bitcoin-demanding cyber criminals use bug from 2021 to initiate global ransomware attack  | TechCrunch

• UK second most targeted nation behind America for Ransomware - IT Security Guru

• Hackers who breached ION say ransom paid; company declines comment | Reuters

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)

• Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (bleepingcomputer.com)

• Royal Ransomware adds support for encrypting Linux, VMware ESXi systems-security affairs

• Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualisation Risks (darkreading.com)

• Lessons Learned on Ransomware Prevention from the Rackspace Attack (bleepingcomputer.com)

• ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek

• Ransomware Revolution: 4 Types of Cyber Risks in 2023 (trendmicro.com)

• Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget

• Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)

• Nevada Ransomware has released upgraded locker - Help Net Security

• Italy, France and Singapore Warn of a Spike in ESXI Ransomware-security affairs

• Massive ransomware attack targets VMware ESXi servers worldwide | CSO Online

• Major Florida Hospital Shuts Down Networks, Ransomware Attack Suspected - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware gang claims Royal Mail cyber ttack (bleepingcomputer.com)

• Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)

• New Linux variant of Clop Ransomware uses a flawed encryption-security affairs

• After Hive takedown, could the LockBit ransomware crew be the next to fall? | CyberScoop

• Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack (gizmodo.com)

• #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities | CISA

• Largest Canadian bookstore Indigo shuts down site after cyber ttack (bleepingcomputer.com)

• Kaspersky Finds Growing Number of Parents Experiencing Ransomware Attacks on Children's Schools (darkreading.com)

• Hackers hit Vesuvius, UK engineering company shuts down affected systems • Graham Cluley

• MKS Instruments falls victim to ransomware attack | CSO Online

• North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | CyberScoop

Phishing & Email Based Attacks

• Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)

• Employees Fail to Report 98% of Email Cyber Hacks To Security Teams, Study Finds - MSSP Alert

• An email attack can end up costing you over $1 million - Help Net Security

• What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)

• How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)

• Cyber criminals exploit volatile job market for targeted email attacks - Help Net Security

• Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate | South China Morning Post (scmp.com)

• 'Phishing-as-a-service' kits drive uptick in theft: One business owner's story (cnbc.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

• NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)

BEC – Business Email Compromise

• What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)

Malware

• Hacker develops new 'Screenshotter' malware to find high-value targets (bleepingcomputer.com)

• Threat group targets over 1,000 companies with screenshotting and infostealing malware | CSO Online

• ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (thehackernews.com)

• Hackers backdoor Windows devices in Sliver and BYOVD attacks (bleepingcomputer.com)

• GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (thehackernews.com)

• Novel Banking Trojan 'PixPirate' Targets Brazil - Infosecurity Magazine (infosecurity-magazine.com)

• New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)

• Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (thehackernews.com)

Mobile

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek

• Android phones from Chinese vendors share private data • The Register

• 'Money Lover' Finance App Exposes User Data (darkreading.com)

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• Android 14 to block malware from abusing sensitive permissions (bleepingcomputer.com)

• UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)

• Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Denial of Service/DoS/DDOS

• Passion botnet cyber  Attacks hit healthcare, as actors offer threat as DDoS-as-a-service  | SC Media (scmagazine.com)

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• Tor and I2P networks hit by wave of ongoing DDoS attacks (bleepingcomputer.com)

• Experts published a list of proxy IPs used by the group Killnet-security affairs

Internet of Things – IoT

• Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)

• Security manufacturer’s smart cameras went dark for two hours (mybroadband.co.za)

• Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek

• NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)

Data Breaches/Leaks

• Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)

• Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

• TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (bleepingcomputer.com)

• 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder - SecurityWeek

• US Cyber Ambassador's Twitter account hacked • The Register

• Over 12% of analysed online stores expose private data, backups (bleepingcomputer.com)

• 'Money Lover' Finance App Exposes User Data (darkreading.com)

• Reddit reveals security incident • The Register

• Reddit Suffers Security Breach Exposing Internal Documents and Source Code (thehackernews.com)

Organised Crime & Criminal Actors

• Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)

• Minister: Cyber crimes Now 20% of Spain’s Registered Offenses - SecurityWeek

• Finland’s Most-Wanted Hacker Nabbed in France – Krebs on Security

• Australian Man Sentenced for Scam Related to Optus Hack  - SecurityWeek

• Bungling Optus scammer was no criminal mastermind • Graham Cluley

• Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto investors lost nearly $4 billion to hackers in 2022 (cnbc.com)

• Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)

• Avraham Eisenberg in court accused of crypto exchange crash • The Register

• Crypto Drainers Are Ready to Ransack Investor Wallets (darkreading.com)

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• FTX Being Advised by Cyber security Firm Sygnia on Hack Inquiry, CEO Ray Says (coindesk.com)

• Scammers steal $4 million in crypto during in-person meeting • The Register

• Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs (trendmicro.com)

Insider Risk and Insider Threats

• Another RAC staffer nabbed for sharing road accident data • The Register

• Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (bitdefender.com)

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

Fraud, Scams & Financial Crime

• PayPal and Twitter abused in Turkey relief donation scams (bleepingcomputer.com)

• Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)

• Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

• Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware (darkreading.com)

• As V-Day nears: Romance scams cost victims $1.3B last year • The Register

• What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)

• Father killed himself after falling victim to romance scam | News | The Times

• 'Brushing' scams send people free items, but could be a warning sign about a data breach - ABC News

• Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek

• From ‘hi mum’ to crypto fraud: five of the latest scams to watch out for | Cyber crime | The Guardian

• Criminals use Telegram to recruit 'walkers' as America's big banks see an 84% increase in check fraud (cnbc.com)

• 5 Financial Scams To Watch Out For In 2023 (cnbc.com)

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• Banks leave doors open for scammers with flaws in online security | This is Money

• Trio Arrested in COVID PPE Fraud Probe - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs

Impersonation Attacks

• What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)

• HTML smuggling campaigns impersonate well-known brands to deliver malware | CSO Online

AML/CFT/Sanctions

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online

• US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek

Insurance

• Tackling the New Cyber Insurance Requirements: Can Your Organisation Comply? (thehackernews.com)

• Cyber Insurance, A Must-Have for Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• How to Optimise Your Cyber Insurance Coverage (darkreading.com)

Dark Web

• BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow (informationsecuritybuzz.com)

• Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Have we learnt nothing from SolarWinds supply chain attacks? • The Register

• Vulnerability Provided Access to Toyota Supplier Management Network - SecurityWeek

Software Supply Chain

• Security pros say third parties are increasingly the cause of cyber security incidents | SC Media (scmagazine.com)

Cloud/SaaS

• How the Cloud Is Shifting CISO Priorities (darkreading.com)

• Cloud Apps Still Demand Way More Privileges Than They Use (darkreading.com)

• Amazon S3 to apply security best practices for all new buckets - Help Net Security

• Why Some Cloud Services Vulnerabilities Are So Hard to Fix (darkreading.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

• 7 Critical Cloud Threats Facing the Enterprise in 2023 (darkreading.com)

Hybrid/Remote Working

• Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)

• Predictions For Securing Today's Hybrid Workforce (darkreading.com)

Identity and Access Management

• 4 identity predictions for 2023 | TechTarget

Encryption

• It Isn't Time to Worry About Quantum Computing Just Yet (darkreading.com)

• UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)

API

• 10 API Security Best Practices To Protect Your Organisation (informationsecuritybuzz.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)

Biometrics

• Novel face swaps emerge as a major threat to biometric security - Help Net Security

Social Media

• Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis? (darkreading.com)

• Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs

Malvertising

• FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (thehackernews.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

Training, Education and Awareness

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

• Infosec Launches New Office Comedy Themed Security Awareness Training Series (darkreading.com)

Parental Controls and Child Safety

• It’s never too early to chat to your kids about online safety | Sarah Ayoub | The Guardian

Regulations, Fines and Legislation

• Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)

• While governments pass privacy laws, companies struggle to change - Help Net Security

• Prioritising Cyber security Regulation Harmonisation (darkreading.com)

Governance, Risk and Compliance

• Quarter of CFOs Have Suffered $1m+ Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• A Hackers Pot of Gold: Your MSP's Data (thehackernews.com)

• The dangers of unsupported applications - Help Net Security

• Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)

• Trends that impact on organisations' 2023 security priorities - Help Net Security

• With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)

• Optimising Cyber security Investments in a Constrained Spending Environment (darkreading.com)

• Surge of swatting attacks targets corporate executives and board members | CSO Online

• Lessons From the Cold War: How Quality Trumps Quantity in Cyber security (darkreading.com)

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

Models, Frameworks and Standards

• NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)

Data Protection

• Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)

• While governments pass privacy laws, companies struggle to change - Help Net Security

• Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate | South China Morning Post (scmp.com)

• European Police Arrest 42 After Cracking Covert App - SecurityWeek

• Eurocops shut down Exclu encrypted messaging app • The Register

• Vastaamo hacking suspect arrested in France | TechTarget

• Finnish psychotherapy extortion suspect arrested in France – Naked Security (sophos.com)

Privacy, Surveillance and Mass Monitoring

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• Steps To Planning And Implementation Of Data Privacy (informationsecuritybuzz.com)

• ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica

Artificial Intelligence

• Adversaries Using OpenAI’s ChatGPT Chatbot for Cyber  Attacks? Here are Some Clues - MSSP Alert

• Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)

• IT Leaders Reveal Cyber Fears Around ChatGPT - Infosecurity Magazine (infosecurity-magazine.com)

• How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)

• ChatGPT's potential to aid attackers puts IT pros on high alert - Help Net Security

• Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica

• ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica

• Jailbreak Trick Breaks ChatGPT Content Safeguards (darkreading.com)

• Generative AI: A benefit and a hazard - Help Net Security

• Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Google's Bard AI bot mistake wipes $100bn off shares - BBC News

• $120bn wiped off Google after Bard AI chatbot gives wrong answer (telegraph.co.uk)

• Why ChatGPT Isn't a Death Sentence for Cyber Defenders (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Pro-Russian hacktivist group Killnet could just be getting started (axios.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• What is hybrid warfare? Inside the centre dealing with modern threats - BBC News

• Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB's warrantless surveillance-security affairs

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)

• Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)

• New Info-Stealer Discovered as Russia Prepares for New Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• The impact of Russia's Ukraine invasion on digital threats - Help Net Security

• Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)

• Spies, Hackers, Informants: How China Snoops on the US - SecurityWeek

• US teases new China tech sanctions to deflate balloon-makers • The Register

Nation State Actors

• Pro-Russian hacktivist group Killnet could just be getting started (axios.com)

• With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)

• Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op - SecurityWeek

• US Downs Chinese Balloon Off Carolina Coast - SecurityWeek

• How did the US successfully shoot down China's 'spy balloon' with a single missile - and what was on it? | US News | Sky News

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• Android phones from Chinese vendors share private data • The Register

• US sources insist Chinese balloon was military - BBC News

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)

• SNP MP Stewart McDonald's emails hacked by Russian group - BBC News

• Australia to remove Chinese surveillance cameras amid security fears - BBC News

• Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• UN Experts: North Korean Hackers Stole Record Virtual Assets - SecurityWeek

• Mysterious Russian satellites are now breaking apart in low-Earth orbit | Ars Technica

• New Info-Stealer Discovered as Russia Prepares for New Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• Downed balloon one of a ‘fleet’ of Chinese surveillance devices, US alleges | Surveillance | The Guardian

• #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities | CISA

• The impact of Russia's Ukraine invasion on digital threats - Help Net Security

• Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)

• Experts published a list of proxy IPs used by the group Killnet-security affairs

• NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities (thehackernews.com)

• NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)

• US teases new China tech sanctions to deflate balloon-makers • The Register

• North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | Cyber scoop

Vulnerability Management

• Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition | CSO Online

• The dangers of unsupported applications - Help Net Security

• Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)

• Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget

• How to fix the top 5 cyber security vulnerabilities | TechTarget

• 20 Powerful Vulnerability Scanning Tools In 2023 (informationsecuritybuzz.com)

Vulnerabilities

• High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)

• GoAnywhere MFT Users Warned of Zero-Day Exploit - SecurityWeek

• Serious security hole plugged in infosec tool binwalk | The Daily Swig (portswigger.net)

• Cisco fixed command injection bug in IOx Application Hosting Environment-security affairs

• Vulnerability In F5 BIG-IP May Cause DoS And Code Execution (informationsecuritybuzz.com)

• GoAnywhere MFT zero-day flaw actively exploited-security affairs

• Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release-security affairs

• Critical vulnerability patched in Jira Service Management Server and Data Center | CSO Online

• Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (thehackernews.com)

• Exploit released for actively exploited GoAnywhere MFT zero-day (bleepingcomputer.com)

• OpenSSL Ships Patch for High-Severity Flaws - SecurityWeek

• Patch Released for Actively Exploited GoAnywhere MFT Zero-Day - SecurityWeek

• Unpatched Security Flaws Disclosed in Multiple Document Management Systems (thehackernews.com)

• SonicWall warns web content filtering is broken on Windows 11 22H2 (bleepingcomputer.com)

• Chrome 110 Patches 15 Vulnerabilities - SecurityWeek

• OpenSSL Fixes Multiple New Security Flaws with Latest Update (thehackernews.com)

• Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Tools and Controls

• Growing number of endpoint security tools overwhelm users, leaving devices unprotected | CSO Online

• Poor Endpoint Device Management Trigger Cyber  Attacks, New Report Finds - MSSP Alert

• Implementing Digital Rights Management Systems to Safeguard Against Unauthorised Access Of Protected Content (informationsecuritybuzz.com)

• Endpoint security getting easier, but most organisations lack tool consolidation - Help Net Security

Other News

• A Hackers Pot of Gold: Your MSP's Data (thehackernews.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• How to Think Like a Hacker and Stay Ahead of Threats (thehackernews.com)

• Surge of swatting a attacks targets corporate executives and board members | CSO Online

• Bermuda: Major Internet And Power Outage Strikes (informationsecuritybuzz.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Set to Become ‘Uninsurable’, Says Zurich Chief

The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow.

Insurance executives have been increasingly vocal in recent years about systemic risks, such as pandemics and climate change, that test the sector’s ability to provide coverage. For the second year in a row, natural catastrophe-related claims are expected to top $100bn. 

But Mario Greco, chief executive at insurer Zurich, told the Financial Times that cyber was the risk to watch. “What will become uninsurable is going to be cyber,” he said. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” Recent attacks that have disrupted hospitals, shut down pipelines and targeted government departments have all fed concern about this expanding risk among industry executives. Focusing on the privacy risk to individuals was missing the bigger picture, Greco added: “First off, there must be a perception that this is not just data . . . this is about civilisation. These people can severely disrupt our lives.” 

Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are exemptions written into policies for certain types of attacks. In 2019, Zurich initially denied a $100mn claim from food company Mondelez, arising from the NotPetya attack, on the basis that the policy excluded a “warlike action”. The two sides later settled. In September, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks.

https://www.ft.com/content/63ea94fa-c6fc-449f-b2b8-ea29cc83637d

Your Business Should Compensate for Modern Ransomware Capabilities Right Now

The “if, not when” mentality surrounding ransomware may be the biggest modern threat to business longevity. Companies of all sizes and across all industries are increasingly common targets for ransomware attacks, and we know that 94% of organisations experienced a cyber security incident last year alone. Yet, many enterprises continue to operate with decades-old security protocols that are unequipped to combat modern ransomware. Leaders have prioritised improving physical security measures in light of the pandemic — so why haven’t ransomware protections improved?

Maybe it’s the mistaken notion that ransomware attacks are declining. In reality, Q1 of 2022 saw a 200% YoY increase in ransomware incidents. Meanwhile, the rise in Ransomware as a Service (RaaS) offerings suggests that cyber threats have become a commodity for bad actors.

The RaaS market presents a new and troubling trend for business leaders and IT professionals. With RaaS — a subscription ransomware model that allows affiliates to deploy malware for a fee — the barrier to entry for hackers is lower than ever. The relatively unskilled nature of RaaS hackers may explain why the average ransomware downtime has plummeted to just 3.85 days (compared to an average attack duration of over two months in 2019).

While the decrease in attack duration is promising, the rise of RaaS still suggests an inconvenient truth for business leaders: All organisations are at risk. And in time, all organisations will become a target, which is why it’s time for IT and business leaders to implement tough cyber security protocols.

https://venturebeat.com/security/your-business-should-compensate-for-modern-ransomware-capabilities-right-now/

• Reported Phishing Attacks Have Quintupled

In the third quarter of 2022, the international Anti-Phishing Working Group (APWG) consortium observed 1,270,883 total phishing attacks; the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to APWG.

Over recent years, reported phishing attacks submitted to APWG have more than quintupled since the first quarter of 2020, when APWG observed 230,554 attacks. The rise in Q3 2022 was attributable, in part, to increasing numbers of attacks reported against several specific targeted brands. These target companies and their customers suffered from large numbers of attacks from persistent phishers.

Threat researchers at the cyber security solution provider Fortra noted a 488 percent increase in response-based email attacks in Q3 2022 compared to the prior quarter. While every subtype of these attacks increased compared to Q2, the largest increase was in Advance Fee Fraud schemes, which rose by a staggering 1,074 percent.

In the third quarter of 2022, APWG founding member OpSec Security found that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against social media services fell to 11 percent of the total, down from 15.3 percent.

Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — fell from 4.5 percent of all phishing attacks in Q2 2022 to 2 percent in Q3. This mirrored the fall in value of many cryptocurrencies since mid-year.

https://www.helpnetsecurity.com/2022/12/28/reported-phishing-attacks-quintupled/

• Ransomware, DDoS See Major Upsurge Led by Upstart Hacker Group

Cyber threat actors Cuba and Royal are driving a 41% boom in ransomware and other attacks hitting industry and consumer goods and services.

According to the Global Threat Intelligence team of information assurance firm NCC Group, November saw a 41% increase in ransomware attacks from 188 incidents to 265. In its most recent Monthly Threat Pulse, the group reported that the month was the most active for ransomware attacks since April this year.

Key takeaways from the study:

• Ransomware attacks rose by 41% in November.

• Threat group Royal (16%) was the most active, replacing LockBit as the worst offender for the first time since September 2021.

• Industrials (32%) and consumer cyclicals (44%) remain the top two most targeted sectors, but technology experienced a large 75% increase over the last month.

• Regional data remains consistent with last month — North America (45%), Europe (25%) and Asia (14%)

• DDoS attacks continue to increase.

Recent examples in the services sector include the Play ransomware group’s claimed attack of the German H-Hotels chain, resulting in communications outages. This attack reportedly uses a vulnerability in Microsoft Exchange called ProxyNotShell, which as the name implies, has similarities to the ProxyShell zero-day vulnerability revealed in 2021.

Also, back on the scene is the TrueBot malware downloader (a.k.a., the silence.downloader), which is showing up in an increasing number of devices. TrueBot Windows malware, designed by a Russian-speaking hacking group identified as Silence, has resurfaced bearing Ransom.Clop, which first appeared in 2019. Clop ransomware encrypts systems and exfiltrates data with the threat that if no ransom is forthcoming, the data will show up on a leak site.

https://www.techrepublic.com/article/ransomware-ddos-major-upsurge-led-upstart-hacker-group/

• Videoconferencing Worries Grow, With SMBs in Cyber Attack Crosshairs

Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.

It's no secret that the acceleration of work-from-home and distributed workforce trends — infamously spurred on by the pandemic — has occurred in tandem with the rise of video communications and collaboration platforms, led by Zoom, Microsoft, and Cisco.

But given that videoconferencing now plays a critical role in how businesses interact with their employees, customers, clients, vendors, and others, these platforms carry significant potential security risks, researchers say.

Organisations use videoconferencing to discuss M&A, legal, military, healthcare, intellectual property and other topics, and even corporate strategies. A loss of that data could be catastrophic for a company, its employees, its clients, and its customers.

However, a recent report on videoconferencing security showed that 93% of IT professionals surveyed acknowledged security vulnerabilities and gaping risks in their videoconferencing solutions.

Among the most relevant risks is the lack of controlled access to conversations that could result in disruption, sabotage, compromise, or exposure of sensitive information, while use of nonsecure, outdated, or unpatched videoconferencing applications can expose security flaws.

The risks include the potential for interruptions, unauthorised access, and perhaps most concerning, the opportunity for a bad actor to acquire sensitive information.

https://www.darkreading.com/application-security/videoconferencing-worries-grow-with-smbs-in-cyberattack-crosshairs

• Will the Crypto Crash Impact Cyber Security in 2023? Maybe.

With the implosion of the FTX exchange putting a punctuation mark on the cryptocurrency crash of 2022, one of the natural questions for those in the cyber security world is, how will this rapid decline of cryptocurrency valuations change the cyber crime economy?

Throughout the most recent crypto boom, and even before then, cyber criminals have used and abused cryptocurrency to build up their empires. The cryptocurrency market provides the extortionary medium for ransomware; it's a hotbed of scams against consumers to steal their wallets and accounts. Traditionally, it's provided a ton of anonymous cover for money laundering on the back end of a range of cyber criminal enterprises.

Even so, according to cyber security experts and intelligence analysts, while there certainly have been some shifts in trends and tactics that they believe are loosely tied to the crypto crash, the jury's still out on long-term impacts.

Regardless of crypto values, cyber criminals this year have definitely become more sophisticated in how they use cryptocurrencies to monetise their attacks including the use by some ransomware groups taking advantage of yield farming within decentralised finance (DeFi), as an example.

The concept of yield farming is the same as lending money, with a contract in place that clearly shows how much interest will need to be paid. The advantage for ransomware groups is that the 'interest' will be legitimate proceeds, so there will be no need to launder or hide it.

Threat actors are increasingly turning toward 'stablecoins,' which are usually tied to fiat currencies or gold to stem their volatility. In many ways, the downturn in crypto values has increased the risk appetite of cyber criminals and is spurring them into more investment fraud and cryptocurrency scams.

https://www.darkreading.com/threat-intelligence/crypto-crash-impact-cybersecurity-2023-maybe

• The Worst Hacks of 2022

The year was marked by sinister new twists on cyber security classics, including phishing, breaches, and ransomware attacks.

With the pandemic evolving into an amorphous new phase and political polarisation on the rise around the world, 2022 was an uneasy and often perplexing year in digital security. And while hackers frequently leaned on old chestnuts like phishing and ransomware attacks, they still found vicious new variations to subvert defences.

Technology magazine Wired looked back on the year's worst breaches, leaks, ransomware attacks, state-sponsored hacking campaigns, and digital takeovers. If the first years of the 2020s are any indication, the digital security field in 2023 will be more bizarre and unpredictable than ever. Stay alert, and stay safe out there.

Russia Hacking Ukraine

For years, Russia has pummelled Ukraine with brutal digital attacks causing blackouts, stealing and destroying data, meddling in elections, and releasing destructive malware to ravage the country's networks. Since invading Ukraine in February, though, times have changed for some of Russia's most prominent and most dangerous military hackers. Shrewd long-term campaigns and grimly ingenious hacks have largely given way to a stricter and more regimented clip of quick intrusions into Ukrainian institutions, reconnaissance, and widespread destruction on the network—and then repeated access over and over again, whether through a new breach or by maintaining the old access.

Twilio and the 0ktapus Phishing Spree

Over the summer, a group of researchers dubbed 0ktapus went on a massive phishing bender, compromising nearly 10,000 accounts within more than 130 organisations. The majority of the victim institutions were US-based, but there were dozens in other countries as well.

Ransomware Still Hitting the Most Vulnerable Targets

In recent years, countries around the world and the cyber security industry have increasingly focused on countering ransomware attacks. While there has been some progress on deterrence, ransomware gangs were still on a rampage in 2022 and continued to target vulnerable and vital social institutions, including health care providers and schools. The Russian-speaking group Vice Society, for example, has long specialised in targeting both categories, and it focused its attacks on the education sector this year.

The Lapsus$ Rampage Continues

The digital extortion gang Lapsus$ was on an intense hacking spree at the beginning of 2022, stealing source code and other sensitive information from companies like Nvidia, Samsung, Ubisoft, and Microsoft and then leaking samples as part of apparent extortion attempts. Lapsus$ has a sinister talent for phishing, and in March, it compromised a contractor with access to the ubiquitous authentication service Okta.

LastPass

The beleaguered password manager giant LastPass, which has repeatedly dealt with data breaches and security incidents over the years, said at the end of December that a breach of its cloud storage in August led to a further incident in which hackers targeted a LastPass employee to compromise credentials and cloud storage keys.

Vanuatu

At the beginning of November, Vanuatu, an island nation in the Pacific, was hit by a cyber attack that took down virtually all of the government's digital networks. Agencies had to move to conducting their work on paper because emergency systems, medical records, vehicle registrations, driver's license databases, and tax systems were all down.

Honourable Mention: Twitter-Related Bedlam

Twitter has been in chaos mode for months following Elon Musk's acquisition of the company earlier this year. Amidst the tumult, reports surfaced in July and then again in November of a trove of 5.4 million Twitter users' data that has been circulating on criminal forums since at least July, if not earlier. The data was stolen by exploiting a vulnerability in a Twitter application programming interface, or API.

https://www.wired.com/story/worst-hacks-2022/

• Geopolitical Tensions Expected to Further Impact Cyber Security in 2023

Geopolitics will continue to have an impact on cyber security and the security posture of organisations long into 2023.

The impact of global conflicts on cyber security was thrust into the spotlight when Russia made moves to invade Ukraine in February 2022. Ukraine’s Western allies were quick to recognise that with this came the threat of Russian-backed cyber-attacks against critical national infrastructure (CNI), especially in retaliation to hefty sanctions. While this may not have materialised in the way many expected, geopolitics is still front of mind for many cyber security experts looking to 2023.

Russia has always been among a handful of states recognised for their cyber prowess and being the source of many cyber criminal gangs. As previously mentioned, we have failed to see a significant cyber-attack, at least one comparable to the Colonial Pipeline incident, in 2022. However the cyber security services provider, e2e-assure, warned: “We have underestimated Russia’s cyber capability. There is a wide view that Russian cyber activity leading up to and during their invasion of Ukraine indicated that they aren’t the cyber power we once thought. Patterns and evidence will emerge in 2023 that shows this wasn’t the case, instead Russia was directing its cyber efforts elsewhere, with non-military goals (financial and political).”

NordVPN, the virtual private network (VPN) provider, warns that the cyber-war is only just starting: “With China’s leader securing his third term and Russia’s war in Ukraine, many experts predict an increase in state-sponsored cyber-attacks. China may increase cyber-attacks on Taiwan, Hong Kong, and other countries opposing the regime. Meanwhile, Russia is predicted to sponsor attacks on countries supporting Ukraine.”

We are used to seeing cyber-attacks that encrypt data and ask for ransom, but it is likely in this era of nation-state sponsored attacks we could experience attacks for the sake of disruption.

https://www.infosecurity-magazine.com/news/geopolitical-tensions-impact/

• Fraudsters’ Working Patterns Have Changed in Recent Years

Less sophisticated fraud — in which doctored identity documents are readily spotted — has jumped 37% in 2022, according to the identify verfication provider Onfido. Fraudsters can scale these attacks on an organisation’s systems around the clock.

It is estimated that the current global financial cost of fraud is $5.38 trillion (£4.37 trillion), which is 6.4% of the world’s GDP. With most fraud now happening online (80% of reported fraud is cyber-enabled), Onfido’s Identity Fraud Report uncovers patterns of fraudster behaviour, attack techniques, and emerging tactics.

Over the last four years, fraudsters’ working patterns have dramatically changed. In 2019, attacks mirrored a typical working week, peaking Monday to Friday and dropping off during the weekends. Yet over the last three years, fraudulent activity started to shift so that levels of fraud span every day of the week.

In 2022, fraud levels were consistent across 24 hours, seven days a week. With technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline. This hyperconnectivity means there are no more ‘business hours’ for fraudsters and sophisticated fraud rings — they will scam and defraud 24/7.

“As criminals look to take advantage of digitisation processes, they’re able to commit financial crimes with increasing efficiency and sophistication, to the extent that financial crime and cyber crime are now invariably linked,” said Interpol. “A significant amount of financial fraud takes place through digital technologies, and the pandemic has only hastened the emergence of digital money laundering tools and other cyber-enabled financial crimes.”

https://www.helpnetsecurity.com/2022/12/29/less-sophisticated-fraud/

• Hacktivism is Back and Messier Than Ever

Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.

During its brutal war in Ukraine, Russian troops have burnt cities to the ground, raped and tortured civilians, and committed scores of potential war crimes. On November 23, lawmakers across Europe overwhelmingly labelled Russia a “state sponsor” of terrorism and called for ties with the country to be reduced further. The response to the declaration was instant. The European Parliament’s website was knocked offline by a DDoS attack.

The unsophisticated attack—which involves flooding a website with traffic to make it inaccessible—disrupted the Parliament’s website offline for several hours. Pro-Russian hacktivist group Killnet claimed responsibility for the attack. The hacktivist group has targeted hundreds of organisations around the world this year, having some limited small-scale successes knocking websites offline for short periods of time. It’s been one player in a bigger hacktivism surge.

Following years of sporadic hacktivist activity, 2022 has seen the re-emergence of hacktivism on a large scale. Russia’s full-scale invasion of Ukraine spawned scores of hacktivist groups on both sides of the conflict, while in Iran and Israel, so-called hacktivist groups are launching increasingly destructive attacks. This new wave of hacktivism, which varies between groups and countries, comes with new tactics and approaches and, increasingly, is blurring lines between hacktivism and government-sponsored attacks.

https://www.wired.com/story/hacktivism-russia-ukraine-ddos/

Threats

Ransomware, Extortion and Destructive Attacks

• Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne

• Jersey school locked out of systems as hackers demand "ransom" | Bailiwick Express Jersey

• Vice Society Ransomware Attackers Adopt Robust Encryption Methods (thehackernews.com)

• Global counter-ransomware task force to become active in January - CyberScoop

• Fool Me Thrice? How to Avoid Double and Triple Ransomware Extortion (darkreading.com)

• Rackspace criticized for PR response to ransomware attack (expressnews.com)

• After ransomware hits Colombian energy firm, Moody’s says low patch rate suggests inadequacies in cyber practices | SC Media (scmagazine.com)

• Ransomware, DDoS see major upsurge led by upstart hacker group (techrepublic.com)

• 6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)

• Your business should compensate for modern ransomware capabilities right now | VentureBeat

• Vice Society Adds Custom-branded Payload PolyVice to its Arsenal | Cyware Alerts - Hacker News

• Hackers stole data from multiple electric utilities in recent ransomware attack | CNN Politics

• Ransomware attack at Louisiana hospital impacts 270,000 patients (bleepingcomputer.com)

• The mounting death toll of hospital cyber attacks - POLITICO

• Royal ransomware claims attack on Intrado telecom provider (bleepingcomputer.com)

• Healthcare Providers and Hospitals Under Ransomware's Siege (darkreading.com)

• 2023 Predictions: Expect More Supply Chain Attacks, Ransomware-as-a-Service Kits in 2023 - MSSP Alert

• Guardian Australia staff sent home after cyber attack takes out systems (theage.com.au)

• Queensland University hit by cyber attack | PerthNow

• Dumfries Arnold Clark garages hit by company-wide cyber attack - Daily Record

• Ransom Deadline Given By LockBit In Port Of Lisbon Attack (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Reported phishing attacks have quintupled - Help Net Security

• 6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Linkedin Is Full Of Job Scams – Be Careful Out There (informationsecuritybuzz.com)

Malware

• GuLoader implements new evasion techniques - Security Affairs

• PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware (thehackernews.com)

• 2022 sees over 5000 times new Windows malware vs macOS, over 60 times vs Linux - Neowin

• APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (thehackernews.com)

• New information-stealing malware is being spread by fake pirate sites | TechSpot

Mobile

• Hackers steal $8 million from users running trojanized BitKeep apps (bleepingcomputer.com)

• EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer | SecurityWeek.Com

Denial of Service/DoS/DDOS

• Cyber criminals create new methods to evade legacy DDoS defences - Help Net Security

Internet of Things – IoT

• Anker admits Eufy camera security issues | TechRadar

• Smart Home Cyber security Hubs: Protecting Endpoints in Your Smarthome (compuquip.com)

• Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)

Data Breaches/Leaks

• BetMGM discloses security breach impacting 1.5 Million customers - Security Affairs

• Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)

• LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all… – Naked Security (sophos.com)

• Massive EDiscovery Provider Shut Down Over 'Unauthorized Access' - Above the LawAbove the Law

• Data of 400 Million Twitter users up for sale - Security Affairs

• Ten significant data breaches from 2022 (smartermsp.com)

• It’s all in the (lack of) details: 2022’s badly handled data breaches | TechCrunch

• Military device with biometric database of 2K people sold on eBay for $68 | Ars Technica

Organised Crime & Criminal Actors

• 'Cyber crime has surpassed drug trafficking' - Rediff.com India News

• Labour attacks delays to online safety bill as it highlights Christmas scams | Cyber crime | The Guardian

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX collapse shows crypto is 'too dangerous' not to regulate, Bank of England deputy governor says | Business News | Sky News

• How ‘brazen’ multibillion-dollar crypto fraud fell to pieces | Business | The Times

• BTC.com lost $3 million worth of cryptocurrency in cyber attack (bleepingcomputer.com)

• Hackers steal $8 million from users running trojanized BitKeep apps (bleepingcomputer.com)

• Bitcoin Mining Pool Btc.com Suffers $3 Million Cyber attack – Mining Bitcoin News

• Crypto wallet BitKeep lost over $9M over a cyber attack - Security Affairs

• Case for blockchain in financial services dented by failures | Financial Times (ft.com)

• Digital Assets Of $9.9 Million Stolen In BitKeep Cyber Attack (informationsecuritybuzz.com)

• Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Linkedin Is Full Of Job Scams – Be Careful Out There (informationsecuritybuzz.com)

• Scam complaints from Revolut users more than double since 2020 (telegraph.co.uk)

• Labour attacks delays to online safety bill as it highlights Christmas scams | Cyber crime | The Guardian

• Fraudsters’ working patterns have changed in recent years - Help Net Security

• Experts warn of attacks exploiting WordPress gift card plugin - Security Affairs

• North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com

• Ukraine shuts down fraudulent call center claiming 18,000 victims (bleepingcomputer.com)

Insurance

• Zurich chief warned that cyber attacks will become uninsurable - Security Affairs

Supply Chain and Third Parties

• 2023 Predictions: Expect More Supply Chain Attacks, Ransomware-as-a-Service Kits in 2023 - MSSP Alert

Software Supply Chain

• Why Attackers Target GitHub, and How You Can Secure It (darkreading.com)

• Improving Software Supply Chain Cyber security (trendmicro.com)

Cloud/SaaS

• Google: With Cloud Comes APIs & Security Headaches (darkreading.com)

Identity and Access Management

• Enterprises waste money on identity tools they don't use - Help Net Security

• Steps To Planning And Implementation Of PAM Solutions (informationsecuritybuzz.com)

Encryption

• US passes the Quantum Computing Cybersecurity Preparedness Act – and why not? – Naked Security (sophos.com)

API

• Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)

• Google: With Cloud Comes APIs & Security Headaches (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Extracting Encrypted Credentials From Common Tools (darkreading.com)

Biometrics

• Military device with biometric database of 2K people sold on eBay for $68 | Ars Technica

Social Media

• TikTok User Data Has Been Compromised (giantfreakinrobot.com)

• Elon Musk ‘orders Twitter to remove suicide prevention feature’ | Twitter | The Guardian

• Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)

• TikTok parent company ByteDance revealed the use of TikTok data to track journalists - Security Affairs

• Meta settles Cambridge Analytica scandal case for $725m - BBC News

• TikTok bans haven't really banned much of anything - The Washington Post

• Twitter restores suicide prevention feature | Twitter | The Guardian

• Data of 400 Million Twitter users up for sale - Security Affairs

• Hacker claims to be selling Twitter data of 400 million users (bleepingcomputer.com)

• Piers Morgan’s Twitter account abuses queen and Ed Sheeran in apparent hack | Piers Morgan | The Guardian

• US House boots TikTok from government phones • The Register

Malvertising

• Hackers abuse Google Ads to spread malware in legit software (bleepingcomputer.com)

• Cyber criminals using search engine ads to direct users to sites with malware, FBI warns | SC Media (scmagazine.com)

Privacy

• The Threat of Predictive Policing to Data Privacy and Personal Liberty (darkreading.com)

Regulations, Fines and Legislation

• FTX collapse shows crypto is 'too dangerous' not to regulate, Bank of England deputy governor says | Business News | Sky News

• US passes the Quantum Computing Cybersecurity Preparedness Act – and why not? – Naked Security (sophos.com)

Governance, Risk and Compliance

• IBM and 70 Global Banks Co-Create New Cyber security, Risk Framework (accelerationeconomy.com)

• Economic uncertainty compels IT leaders to rethink their strategy - Help Net Security

• 3 important changes in how data will be used and treated - Help Net Security

• 2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)

Secure Disposal

• For Sale on eBay: A Military Database of Fingerprints and Iris Scans - The New York Times (nytimes.com)

Careers, Working in Cyber and Information Security

• How to Get Your First Job in InfoSec (freecodecamp.org)

• IT Jobs: How To Become An Information Security Analyst (informationsecuritybuzz.com)

• ‘There's a career in cyber security for everyone,’ Microsoft Security CVP says | Fortune

Law Enforcement Action and Take Downs

• Ukraine shuts down fraudulent call centre claiming 18,000 victims (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)

• Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian

• The Threat of Predictive Policing to Data Privacy and Personal Liberty (darkreading.com)

• Meta settles Cambridge Analytica scandal case for $725m - BBC News

• 78% of Employers Are Using Remote Work Tools to Spy on You (entrepreneur.com)

• Germany: Police surveillance software a legal headache – DW – 12/22/2022

Artificial Intelligence

• Code-generating AI can introduce security vulnerabilities, study finds | TechCrunch

• AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• 2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)

• Ukraine marks a turning point for cyberwarfare – POLITICO

• Russia’s Cyberwar Foreshadowed Deadly Attacks on Civilians | WIRED

• Hacktivism Is Back and Messier Than Ever | WIRED

• Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU

• Ukrainian Hackers Gather Data on Russian Soldiers, Minister Says - Bloomberg

• North Korean hackers targeted nearly 1,000 South Korean foreign policy experts

• German double agent ‘passed Ukraine intelligence to Russia’ (telegraph.co.uk)

Nation State Actors

Nation State Actors – Russia

• Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU

• Russian mobile calls, internet seen deteriorating after Nokia, Ericsson leave – EURACTIV.com

Nation State Actors – China

• US House boots TikTok from government phones • The Register

• Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian

• Chinese-backed company instructs US law firm after UK blocked microchip factory takeover (telegraph.co.uk)

Nation State Actors – North Korea

• BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection (thehackernews.com)

• North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com

• North Korean hacking outfit impersonating venture capital firms | SC Media (scmagazine.com)

• North Korean hackers targeted nearly 1,000 South Korean foreign policy experts

Nation State Actors – Iran

• An Iranian group hacked Israeli CCTV cameras, defence was aware but didn’t block it - Security Affairs

Nation State Actors – Misc

• APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (thehackernews.com)

Vulnerability Management

• Log4Shell remains a big threat and a common cause for security breaches | CSO Online

• After ransomware hits Colombian energy firm, Moody’s says low patch rate suggests inadequacies in cyber practices | SC Media (scmagazine.com)

Vulnerabilities

• Patch now: Serious Linux kernel security hole uncovered | ZDNET

• Microsoft Patches Azure Cross-Tenant Data Access Flaw | SecurityWeek.Com

• Critical Linux Kernel flaw affects SMB servers with ksmbd enabled - Security Affairs

• Critical “10-out-of-10” Linux kernel SMB hole – should you worry? – Naked Security (sophos.com)

• Log4Shell remains a big threat and a common cause for security breaches | CSO Online

• Thousands of Citrix servers vulnerable to patched critical flaws (bleepingcomputer.com)

• Netgear warns users to patch recently fixed WiFi router bug (bleepingcomputer.com)

• CISA Warns of Active exploitation of JasperReports Vulnerabilities (thehackernews.com)

• Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers | SecurityWeek.Com

Tools and Controls

• Understanding current XDR elements and options | TechTarget

Other News

• Cyber crime Top 10 Rankings: China is No. 1 While US Records Highest Rate of Security Breaches - MSSP Alert

• AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews

• Review: 10 Biggest Hacks And Cyber Security Threats Of 2022 (informationsecuritybuzz.com)

• Modern technology and cyber recovery will intersect in the next generation of attacks - Help Net Security

• New information-stealing malware is being spread by fake pirate sites | TechSpot

•  Ten significant data breaches from 2022 (smartermsp.com)

• Trend Micro: Expect 2023 to Bring Uncertainty to Cyber Attackers and Defenders - MSSP Alert

• After the Uber Breach: 3 Questions All CISOs Should Ask Themselves (darkreading.com)

• Top 10 Cyber Security Predictions For 2023 Based On Expert Responses (informationsecuritybuzz.com)

• The Five Stories That Shaped Cyber security in 2022 | SecurityWeek.Com

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.