Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns

According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.

Sources: [Help Net Security ] [Dark Reading]

Ransomware Incidents Reported to UK Financial Regulator Doubled

The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.

Sources: [Digital Journal] [Digital Journal]

Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023

According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.

A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.

To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.

Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]

Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023

According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.

The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.

Sources: [Infosecurity Magazine] [Infosecurity Magazine]

AI Abuse and Misinformation Campaigns Threaten Financial Institutions

According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.

Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”

Source: [Help Net Security]

Security Teams are ‘Overconfident’ About Handling Next-Gen Threats

In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.

Source: [CSO Online]

AI Makes Phishing Attacks Accessible to Basic Users

One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.

Source: [The Economic Times]

Cyber Attacks Wreaking Physical Disruption on the Rise

According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.

Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.

Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.

Source: [Dark Reading]

73% Brace for Cyber Security Impact on Business in Next Two Years

A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.

Source: [Help Net Security]

To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset

2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.

Source: [IBTimes]

Cyber Security Imperative for Protecting Executives

The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.

Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.

Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.

Source: [Forbes]

The Increasing Role of Cyber Security Experts in Complex Legal Disputes

Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.

Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.

Source: [JDSupra]

Governance, Risk and Compliance

• Ransomware incidents reported to UK financial regulator have doubled - Digital Journal

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• Half of British SMEs Have Lost Data in Past Five Years - Infosecurity Magazine (infosecurity-magazine.com)

• The Big Question: Are SMEs now at the forefront of cyber risks? - Emerging Risks Media Ltd

• Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week

• Is the Human Factor Overlooked in Cyber Security? - Infosecurity Magazine (infosecurity-magazine.com)

• Security teams are ‘overconfident’ about handling next-gen threats | CSO Online

• Banks told to expand risk management to cover AI (finextra.com)

• Corporations With Cyber Governance Create 4X More Value (darkreading.com)

• Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ

• 73% brace for cyber security impact on business in the next year or two - Help Net Security

• Businesses overestimating their skills amid cyber security crisis, survey reveals (holyrood.com)

• Why your data isn’t as safe as you think and what it could cost you - IT Security Guru

• Unspoken Battle: Cyber Security Imperative For Protecting Executives (forbes.com)

• The Increasing Role Of Cyber Security Experts In Complex Legal Disputes | IMS Legal Strategies - JDSupra

• Businesses must prioritise prevention to lock out online threats (yahoo.com)

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• As Cyber Regulators Rush Toward New Rules, Shifting Foundations May Complicate Compliance | Wiley Rein LLP - JDSupra

• Lessons from the World's Costliest Corporate Cyber Attacks - Management Today

• Three trends set to drive cyber attacks in 2024 (networkingplus.co.uk)

• Why Cyber Security Is a Whole-of-Society Issue (darkreading.com)

• Instilling the Hacker Mindset Organisationwide (darkreading.com)

• How CISOs Can Make Cyber Security a Long-Term Priority for Boards (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Cyber security incidences surge in the UK financial services sector - Digital Journal

• Ransomware attacks rise by 46% in February 2024, finds NCC Group (securitybrief.co.nz)

• To Stay Ahead Of Ransomware Attacks, Businesses Need To Adopt An Offensive Security Mindset | IBTimes

• RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

• Lessons From the LockBit Takedown (darkreading.com)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption | Trend Micro (US)

• Trend Micro: LockBit ransomware gang's comeback is failing | TechTarget

• Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)

• Collaboration Needed to Fight Ransomware (darkreading.com)

Ransomware Victims

• Ransomware attacks ravaged municipal governments in March | TechTarget

• NHS Scotland confirms ransomware attackers leaked patients' data - Help Net Security

• Yacht retailer MarineMax discloses data breach after cyber attack (bleepingcomputer.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

• Ransomware gang leaks UK city council’s confidential files • The Register

• Omni Hotels confirms cyber attack behind ongoing IT outage (bleepingcomputer.com)

• World’s second-largest lens-maker blinded by cyber incident • The Register

Phishing & Email Based Attacks

• This new phishing attack targets iPhone and Android alike via RCS | TechRadar

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

• $1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)

• Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff – POLITICO

• Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)

• Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (thehackernews.com)

• Phishing Attacks Targeting Political Parties, Germany Warns (govinfosecurity.com)

• A phish by any other name should still not be clicked – Computerworld

• Google now blocks spoofed emails for better phishing protection (bleepingcomputer.com)

• New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (thehackernews.com)

• Microsoft Teams phishing attacks and how to prevent them | TechTarget

Artificial Intelligence

• Banks told to expand risk management to cover AI (finextra.com)

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• 22% of employees admit to breaching company rules with GenAI - Help Net Security

• The Danger Of Unmanaged AI In The Enterprise (forbes.com)

• 6 Prompts You Don't Want Employees Putting in Microsoft Copilot (bleepingcomputer.com)

• Microsoft Copilot Blocked on US Congress Devices Over Security Concerns | Cryptopolitan

• Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)

• Microsoft Announces New Safety System to Filter Malicious AI Output | Extremetech

• Microsoft GM on AI and elections: 'There will be fakes' • The Register

• Why AI forensics matters now - Help Net Security

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• More Than Half of Organisations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud (darkreading.com)

• The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)

• ‘Many-shot jailbreak’: lab reveals how AI safety features can be easily bypassed | Artificial intelligence (AI) | The Guardian

• Chinese hackers turn to AI to meddle in elections | CyberScoop

• Security and AI occupy SME thoughts | Microscope (computerweekly.com)

Malware

• Escalating malware tactics drive global cyber crime epidemic - Help Net Security

• Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)

• TheMoon Malware Rises Again with Malicious Botnet for Hire (darkreading.com)

• Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (thehackernews.com)

• Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (thehackernews.com)

• Botnets: The uninvited guests that just won’t leave | CSO Online

• Detecting Windows-based Malware Through Better Visibility (thehackernews.com)

• Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar

• Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (thehackernews.com)

• Europe subjected to Mispadu trojan attacks | SC Media (scmagazine.com)

• YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)

• The Biggest Takeaways from Recent Malware Attacks (bleepingcomputer.com)

• Thousands of Australian Businesses Targeted With RAT (darkreading.com)

• Cyber criminals are spreading malware through Facebook pages impersonating AI brands (therecord.media)

Mobile

• This new phishing attack targets iPhone and Android alike via RCS | TechRadar

• 2 wireless protocols expose mobile users to spying — the FCC wants to fix that - Nextgov/FCW

• This notorious Android banking trojan now lets hackers remotely control your phone — how to stay safe | Tom's Guide (tomsguide.com)

• Location tracking and the battle for digital privacy - Help Net Security

• How and why to enable Stolen Device Protection on your iPhone (idownloadblog.com)

• Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)

Denial of Service/DoS/DDOS

• New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (thehackernews.com)

Internet of Things – IoT

• Porsche Kills Two More Models Due to Cyber Security Regulations - autoevolution

• UK Encouraged to Prioritise Cyber Security with Electric Vehicle Charging Points - Electrical Times

Data Breaches/Leaks

• Researchers Report Sevenfold Increase in Data Theft Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Highly sensitive files mysteriously disappeared from EUROPOL headquarters (securityaffairs.com)

• Threat Actor Claims Classified Five Eyes Data Theft - Infosecurity Magazine (infosecurity-magazine.com)

• 17 Billion Personal Records Exposed in Data Breaches in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Almost 2.9M impacted by Harvard Pilgrim Health Care breach | SC Media (scmagazine.com)

• Hot Topic confirms multiple new cyber attacks — customer details and payment info exposed online | TechRadar

• Ivanti-linked breach of CISA potentially affected more than 100,000 individuals | CyberScoop

• Prudential Insurance says data of 36,000 exposed during February cyber attack (therecord.media)

• OWASP discloses a data breach (securityaffairs.com)

• Hotel Self Check-In Kiosks Exposed Room Access Codes - Security Week

• Nearly 1M medical records feared stolen from City of Hope • The Register

• SurveyLama data breach exposes info of 4.4 million users (bleepingcomputer.com)

• Cyber criminals steal data of around 700,000 Apotheka pharmacy customers | News | ERR

• PandaBuy data breach allegedly impacted +1.3M customers (securityaffairs.com)

• OWASP discloses breach due to a Wiki web server misconfig • The Register

• US cancer center data breach exposes info of 827,000 patients (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Escalating malware tactics drive global cyber crime epidemic - Help Net Security

• Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week

• Calls to Incident Response Helpline Double in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Rise of non-tech hackers: new era of cyber threats - VnExpress International

• India rescuing citizens forced into cyber fraud schemes in Cambodia | Reuters

• Cyber criminal adoption of browser fingerprinting - Help Net Security

• With just $700 and a Raspberry Pi — you too can become a cyber criminal | TechRadar

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX founder Sam Bankman-Fried sentenced to 25 years for crypto fraud (cnbc.com)

• $1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)

Insider Risk and Insider Threats

• Is the Human Factor Overlooked in Cyber Security? - Infosecurity Magazine (infosecurity-magazine.com)

• Human risk is the top cyber threat for IT teams - Help Net Security

• Instilling the Hacker Mindset Organisation wide (darkreading.com)

Insurance

• Can cyber insurance help secure business? | Mint (livemint.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

Supply Chain and Third Parties

• Thwarted supply-chain hack sets off alarm bells across DC - POLITICO

Cloud/SaaS

• How much does cloud-based identity expand your attack surface? - Help Net Security

• Who owns your data? SaaS contract security, privacy red flags | CSO Online

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

Identity and Access Management

• How much does cloud-based identity expand your attack surface? - Help Net Security

Linux and Open Source

• "We got lucky": What the XZ Utils backdoor says about the strength and insecurities of open source | ITPro

• New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking (thehackernews.com)

• Red Hat warns of backdoor in XZ tools used by most Linux distros (bleepingcomputer.com)

• A new XZ backdoor scanner will be able to safeguard any Linux binary from threats (msn.com)

• What we know about the xz Utils backdoor that almost infected the world | Ars Technica

• Malicious xz backdoor reveals fragility of open source • The Register

• Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)

• German state switches to LibreOffice, promises Windows move • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)

• American fast-fashion firm Hot Topic hit by credential stuffing attacks (securityaffairs.com)

Social Media

• Cyber criminals are spreading malware through Facebook pages impersonating AI brands (therecord.media)

• WhatsApp was down in Meta’s second big outage this year | TechCrunch

• YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar

• New Chrome feature aims to stop hackers from using stolen cookies (bleepingcomputer.com)

Training, Education and Awareness

• Human risk is the top cyber threat for IT teams - Help Net Security

• Instilling the Hacker Mindset Organisation wide (darkreading.com)

Regulations, Fines and Legislation

• Ransomware incidents reported to UK financial regulator have doubled - Digital Journal

• Financial cyber defence: gearing up for DORA (finextra.com)

• EU's reimagined NIS 2 cyber security vision to go live (electronicspecifier.com)

• Navigating Cyber Security and Data Privacy Regulations in the Insurance Industry | McGuireWoods LLP - JDSupra

• 6 business benefits of data protection and GDPR compliance | TechTarget

• Treasury accuses banks of 'insufficient data sharing' on fraud | American Banker

• A CISO's Guide to Materiality and Risk Determination (darkreading.com)

• NIS2 Requires Major Changes in EU SaaS Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

Models, Frameworks and Standards

• Using the NIST CSF for Strong Cyber Security Compliance | NAVEX - JDSupra

• NIST And CISA: 13 Must-Review Resources For SMBs (forbes.com)

• Are businesses prepared for the CSF 2.0 challenge? - Digital Journal

Backup and Recovery

• World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Data protection vs. data backup: How are they different? | TechTarget

Data Protection

• 3 Strategies to Future-Proof Data Privacy (darkreading.com)

• Navigating Cyber Security and Data Privacy Regulations in the Insurance Industry | McGuireWoods LLP - JDSupra

• 6 business benefits of data protection and GDPR compliance | TechTarget

• How to conduct a data privacy audit, step by step | TechTarget

• Data protection vs. data backup: How are they different? | TechTarget

Careers, Working in Cyber and Information Security

• The Complexity and Need to Manage Mental Well-Being in the Security Team - Security Week

• Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ

• Hardest Cyber Security Jobs to Fill in 2024 Techopedia

• Unlocking Cyber Security Success: The Importance of Certifications - ClearanceJobs

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• Are you okay? Understanding the world of a CISO | CSO Online

Misinformation, Disinformation and Propaganda

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• Microsoft GM on AI and elections: 'There will be fakes' • The Register

• How to Counter Disinformation Campaigns in Global Elections (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Wars prompt questions for facial recognition providers, and obscure the answers | Biometric Update

• UN Peace Operations Under Fire from State-Sponsored Hackers (darkreading.com)

Nation State Actors

China

• Chinese Spy Ops Attack 7 MSPs, Feds Allege | MSSP Alert

• UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal – POLITICO

• Pulling the Curtain Back on China’s Cyberespionage (informationweek.com)

• MPs challenge government claims China cyber attack was unsuccessful (ft.com)

• Chinese hackers turn to AI to meddle in elections | CyberScoop

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• OODA Loop - Government Agencies are in the Fight Against Chinese Human Targeting and Cyber Espionage. Will it be Enough?

• UK, Czech ministers among China’s hacking targets – POLITICO

• Security fears over supercomputer deal with Chinese firm Lenovo (thetimes.co.uk)

• Ministry of State Security releases bilingual report, urging Western forces to stop slandering and attacking China - China Military

Russia

• Ukraine gives award to foreign vigilantes for hacks on Russia - BBC News

• STA: Russian hackers take responsibility for cyber attack on Slovenia

• Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny | CNN Politics

• Russian network that 'paid European politicians' busted, authorities claim - BBC News

• Russia charges suspects behind theft of 160,000 credit cards (bleepingcomputer.com)

Iran

• Iran's Evolving Cyber Enabled Influence Operations to Support Hamas (darkreading.com)

• Satellite Cyber Security, Iran, and the Israel-Hamas War | Geopolitical Monitor

North Korea

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask | WIRED

Vulnerability Management

• Vulnerability database backlog due to increased volume, changes in 'support,' NIST says (therecord.media)

• CVE and NVD - A Weak and Fractured Source of Vulnerability Truth - Security Week

• Attack Surface Management vs. Vulnerability Management (thehackernews.com)

Vulnerabilities

• Are You Affected by the Backdoor in XZ Utils? (darkreading.com)

• Red Hat issues urgent alert for Fedora Linux users due to malicious code (betanews.com)

• Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)

• Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)

• Cisco addressed high-severity flaws in IOS and IOS XE software (securityaffairs.com)

• Ivanti commits to secure-by-design overhaul • The Register

• Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure (thehackernews.com)

• Apple GoFetch was caused by an obsession with speed • The Register

• Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! - Security Week

• Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (thehackernews.com)

• WiFi WPS vulnerability: disable it, or else | Cybernews

• Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems - Security Week

• Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)

• Splunk Patches Vulnerabilities in Enterprise Product - Security Week

• JetBrains fixes 26 'security problems,' offering no details • The Register

Tools and Controls

• RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• New XZ backdoor scanner detects implant in any Linux binary (bleepingcomputer.com)

• The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)

• How much does cloud-based identity expand your attack surface? - Help Net Security

• How Pentesting-as-a-Service can Reduce Overall Security Costs (bleepingcomputer.com)

• Building a cyber security risk assessment template - Security Boulevard

• Microsoft unveils safety and security tools for generative AI | InfoWorld

• The Biggest Mistake Security Teams Make When Buying Tools (darkreading.com)

• World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

• Can cyber insurance help secure business? | Mint (livemint.com)

• 71% Website Vulnerable: API Security Becomes Prime Target for Hackers - Security Boulevard

• Old Technology, New Tricks: Why DNS Is Still A Major Security Target (forbes.com)

• Cyber Risk Management: A Beginner's Guide - Security Boulevard

• Microsoft Entra Recommendations adds several more for better user security - Neowin

• A CISO's Guide to Materiality and Risk Determination (darkreading.com)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Attack Surface Management vs. Vulnerability Management (thehackernews.com)

• Why a Cloud Security Platform Approach is Critical | Trend Micro (US)

• The Importance Of Physical Cyber Security Testing (forbes.com)

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• Human risk is the top cyber threat for IT teams - Help Net Security

• Data protection vs. data backup: How are they different? | TechTarget

• What is Threat Management? - Security Boulevard

• SIEM Implementation: Strategies and Best Practices | MSSP Alert

• Is Windows Defender All the Antivirus Protection You Need? (makeuseof.com)

Other News

• Cyber Attacks Wreaking Physical Disruption on the Rise (darkreading.com)

• Cyber attacks on critical infrastructure show advanced tactics and new capabilities - Help Net Security

• Is your pension protected from cyber attacks? - CityAM

• Cyber Safety Review Board: Microsoft security culture 'inadequate' (geekwire.com)

• Microsoft slammed for lax infosec that led to Exchange crack • The Register

• Infosec professionals praise CSRB report on Microsoft breach | TechTarget

• 76% of consumers don't see themselves as cyber crime targets - Help Net Security

• Shielding the lifelines: Protecting energy and infrastructure from cyber threats (betanews.com)

• Cyber Security Statistics In 2024: Is Your Law Firm Protected? - Above the Law

• Sellafield nuclear waste dump faces prosecution over cyber security failures (bitdefender.com)

• Australia Doubles Down On Cyber Security After Attacks (darkreading.com)

• Furry Hackers Use Church's Money To Buy Inflatable Sea Lions (dailydot.com)

• Windows 10 Support Deadline: Your Guide to Extended Security Updates (ESU) (mspoweruser.com)

• Healthcare's cyber resilience under siege as attacks multiply - Help Net Security

• Rise of non-tech hackers: new era of cyber threats - VnExpress International

• Why Cultural Institutions Are Rich Targets for Cyber Attackers  (informationweek.com)

• 5 top OT threats and security challenges | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Companies Adopt Board-Level Cyber Security Committees

In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.

Source: [Decipher]

Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High

A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.

Sources: [Dark Reading] [SC Magazine] [Reinsurance News]

Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year

Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.

Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]

More Than 46 Million Potential Cyber Attacks Logged Every Day

New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.

Sources: [Evening Standard] [Proactive] [The Independent]

Fighting Cyber Attacks Requires Top-Down Approach

Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.

Source: [Chief Investment Officer]

Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023

The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.

Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [Security Magazine] [MSSP Alert] [TechRadar]

98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending

Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.

Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]

48% of Organisations Predict Cyber Attack Recovery Could Take Weeks

A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Security Magazine]

Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour

The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.

We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.

Source: [Dark Reading]

How Cyber Security Has Evolved in The Past 20 Years

Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.

The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.

Source: [Forbes]

Rising Global Tensions Could Portend Destructive Hacks

Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.

Source: [Info Risk Today]

Governance, Risk and Compliance

• Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• How to establish a great security awareness culture (att.com)

• More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)

• Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)

• SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

• Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)

• AI-related security fears drive 2024 IT spending - Help Net Security

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Threats

Ransomware, Extortion and Destructive Attacks

• SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)

• Ransomware attacks surge, highlighting need for detection, response tools: Allianz - Reinsurance News

• 2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report (darkreading.com)

• Ransomware is threatening more businesses than ever before | TechRadar

• Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)

• Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

• Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)

• Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Five things organisations don’t consider before a ransomware attack | TechRadar

• Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR

• Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)

• BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)

• Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg

• Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)

• Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News

• Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Should Ransom Payments Be Made Illegal | Intel471

• ThreatLabz state of ransomware report | ITPro | ITPro

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Ransomware Victims

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News

• Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week

• US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)

• Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)

• American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)

• Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)

• Volex dented by cyber attack costs but full-year results are on track | AIM:VLX (proactiveinvestors.co.uk)

• Cyber crims leak patient pics in low blow bid to win ransom • The Register

Phishing & Email Based Attacks

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• Over 200 million malicious emails were detected in Q3 2023 | Security Magazine

• Watch out - that QR code could just be a phishing scam | TechRadar

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Email security threats are more dangerous than ever - here's what you need to know | TechRadar

• What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert

• The US released popular phishing techniques | Inquirer Technology

• Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE

• Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru

Other Social Engineering; Smishing, Vishing, etc

• Social engineering: Hacking minds over bytes (att.com)

Artificial Intelligence

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• New Survey From Abnormal Security Reveals 98% Of Security Leaders Worry About the Risks of Generative AI | Business Wire

• AI-related security fears drive 2024 IT spending - Help Net Security

• Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly

• AI-Based Cyber Attacks Target HR Teams (thehrworld.co.uk)

• Governments, firms should spend more on AI safety, top researchers say | Reuters

• Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• AI risk must be treated as seriously as climate crisis, says Google DeepMind chief | Technology | The Guardian

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)

• Businesses ignorant to gen AI security threats suggests research (ship-technology.com)

• Inside the battle to contain – and capitalise on – artificial intelligence | World news | The Guardian

• AI to Create Demand for Digital Trust Professionals, ISACA Survey Find - Infosecurity Magazine (infosecurity-magazine.com)

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Britain’s Big AI Summit Is a Doom-Obsessed Mess | WIRED

• Oops! When tech innovations create new security threats | CSO Online

• UK officials use AI to decide on issues from benefits to marriage licences | Artificial intelligence (AI) | The Guardian

2FA/MFA

• Okta support system breach highlights need for strong MFA policies | CSO Online

Malware

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• Hackers are using an incredibly sneaky trick to hide malware | Digital Trends

• Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)

• Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)

• Dangerous new malware can crack encrypted USB drives | TechRadar

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• 'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

Mobile

• Android trojan spotted in the wild can record audio and phone calls | ZDNET

• Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)

• iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation (thehackernews.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• A huge amount of financial apps contain security flaws - and this is the best scoring industry | TechRadar

• Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News

• Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)

• Android adware apps on Google Play amass two million installs (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

• Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)

Internet of Things – IoT

• How an explosion of 'smart' devices is threatening US households -- and national security (nypost.com)

• UK government finalises IoT cyber security requirements - Lexology

Data Breaches/Leaks

• Okta says hackers breached its support system and viewed customer files | Ars Technica

• Okta support system breach highlights need for strong MFA policies | CSO Online

• 1Password suffers cyber security incident after latest Okta breach - Tech Monitor

• Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)

• Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)

• City of Philadelphia discloses data breach after five months (bleepingcomputer.com)

• 500k Irish National Police records exposed by third party • The Register

• The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)

Organised Crime & Criminal Actors

• More than 500 potential cyber attacks logged every second, BT says | The Independent

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insider Risk and Insider Threats

• Forget the outside hacker, the bigger threat is inside • The Register

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

Fraud, Scams & Financial Crime

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Online scammers target desperate loan seekers using online fraud | TechRadar

• Christmas scams to watch out for this festive season (nationalworld.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Deepfakes

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insurance

• Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)

• Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra

• Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)

Dark Web

• A Look at Key Dark Web Statistics (2023 Data Update) (techreport.com)

Supply Chain and Third Parties

• 500k Irish National Police records exposed by third party • The Register

Software Supply Chain

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

Cloud/SaaS

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)

• Passwords - not all they are cracked up to be | TechRadar

• 'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)

• 10 Bad Password Habits You Need to Break (howtogeek.com)

Social Media

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• Threat actor is selling access to Facebook and Instagram's Police Portal (securityaffairs.com)

Malvertising

• Malvertisers Using Google Ads to Target Users Searching for Popular Software (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

Regulations, Fines and Legislation

• Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• UK government finalises IoT cyber security requirements - Lexology

• Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199 | Baker Donelson - JDSupra

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Models, Frameworks and Standards

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• CMMC 2.0: What You Need to Know - ClearanceJobs

Backup and Recovery

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

Law Enforcement Action and Take Downs

• Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)

• Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• ‘I’m looking for fewer ways to be traceable, not more’ | Financial Times

• Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)

• ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)

Misinformation, Disinformation and Propaganda

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

• ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)

• International Criminal Court attack was targeted and sophisticated (securityaffairs.com)

• Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)

• It's Time to Establish the NATO of Cyber Security (darkreading.com)

• War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360

• International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

Geopolitical Threats/Activity

• Cyber attacks in the Israel-Hamas war (cloudflare.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

China

• MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)

• Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live

• Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)

Russia

• Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg

• Ukraine's IT army is a world first: here's why it is an important part of the war (theconversation.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International

• Pro-Russia group behind today’s mass cyber attack against Czech institutions - Prague, Czech Republic (expats.cz)

• Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)

• Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)

• Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert

• France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Inside Ukraine's Cyber Army (globelynews.com)

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Ex-NSA techie admits to selling state secrets to Russia • The Register

Iran

• Iran APT Targets the Mediterranean With Watering-Hole Attacks (darkreading.com)

North Korea

• US seizes sites that funnel money from North Korean IT workers for illicit activities | SC Media (scmagazine.com)

• Freelance Market Flooded With North Korean IT Actors (darkreading.com)

Vulnerability Management

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

Vulnerabilities

• Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)

• Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly

• Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)

• CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• Cisco hackers likely taking steps to avoid identification | Computer Weekly

• F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week

• Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)

• Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week

• The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Apple Ships Major iOS, macOS Security Updates - Security Week

• Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica

• ServiceNow quietly fixes 8-year-old data exposure flaw • The Register

Tools and Controls

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Cyber attack response plans need to be in place to avoid chaos - FreightWaves

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• What is Network Segmentation? Virtual & Physical Segmentation | UpGuard

• AI-related security fears drive 2024 IT spending - Help Net Security

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)

• Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

• Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)

• Cyber security concerns grow among physical security professionals | Security Magazine

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Other News

• MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online

• UK Parliament Opens Inquiry into Cyber-Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• Strategies to overcome cyber security misconceptions - Help Net Security

• UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online

• 5 important cyber security takeaways for law firms - Lawyers Weekly

• How Cyber Security Has Evolved In The Past 20 Years (forbes.com)

• HMRC annual report triggers cyber red alert | AccountingWEB

• Oops! When tech innovations create new security threats | CSO Online

• Spooky Cyber Statistics And Trends You Need To Know (forbes.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

• Proactively preventing your company from becoming the next cyber attack headline (betanews.com)

• Cyber security trends 2023 | Allianz Commercial

• Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon

• Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review

• OT cyber attacks proliferating despite growing cyber security spend - Help Net Security

• Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)

• What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)

• Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.

Sources: [PR Newswire] [TechRadar]

Cyber Security Investments Show Mature Business Mindset

Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.

Source: [Insider Media] [Compare the Cloud]

SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.

SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).

Source: (IT Security Guru)

Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure

Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.

In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.

Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]

Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen

Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.

Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Euronews] [The Times] [AI-CIO]

Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack

In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.

The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.

Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]

20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head

An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.

A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.

Sources: [Computer Weekly] [Tech Monitor] [Guardian]

Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors

According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the  organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.

Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Sources: [Security Affairs] [Claims Journal]

39% of Individuals Use the Same Password for Multiple Accounts

According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.

Source: [Security Magazine]

Why Fourth-Party Risk Management Is a Must-Have

Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.

Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.

Source: [Tech Target]

AI Adoption Surges but Security Awareness Lags Behind

A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.

Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.

Source: [Infosecurity Magazine]

UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach

Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six  weeks after their parent company discover the hack.

Source: [Reuters]

Why Boards Must Understand and Govern Cyber Security Risk

The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Forbes]

Governance, Risk and Compliance

• Cyber Insecurity: Report Finds Majority of Enterprises Expect an Imminent Cyber Attack (prnewswire.com)

• Cyber Crime Costs Soar to $8 Trillion, Spotlighting the Critical Need for Cyber security Experts (globenewswire.com)

• Many cyber bosses just aren't confident in their company's defences | TechRadar

• SMBs seek help as cyber threats reach an all-time high - Help Net Security

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• The real impact of the cyber security poverty line on small organisations - Help Net Security

• Cyber security investments show mature business mindset, says IT expert | Insider Media

• Is Cyber security Finally Becoming a Business Enabler? - Compare the Cloud

• The best time to deal with cyber attacks is before they happen (thetimes.co.uk)

• ‘A matter of when not if’: Why is it crucial for businesses to protect themselves from cyber attacks? | Euronews

• Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)

• Over 70% of firms hit by cyber attack in last 12 months (rte.ie)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• Getting ready for NIS2 with strong identity controls | ITPro

• Lloyd’s systemic risk scenario reveals potential cyber attack losses of $3.5tn (insuranceinsider.com)

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• 10 Ways Boards Are Setting Their Companies Up For Cyber security Failure (forbes.com)

• NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)

• AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)

• Cyber attacks to cost $23 trillion in 2027: US official | ABS-CBN News

• How Cyber security Provides the Green Light for Business Innovation (govinfosecurity.com)

• Essential cyber hygiene: Making cyber defence cost effective - Help Net Security

• New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS

• The Need for a Cyber security-Centric Business Culture (darkreading.com)

• The double-edged sword of heightened regulation for financial services - Help Net Security

• Report: Cyber attacks No. 1 cause of downtime and data loss | Security Magazine

• Will CISOs Become Personally Liable for Breach Response? (inforisktoday.com)

• Keeping control in complex regulatory environments - Help Net Security

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• 7 risk mitigation strategies to protect business operations | TechTarget

• How to go from collecting risk data to actually reducing risk? - Help Net Security

• SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra

• Regulations are still necessary to compel adoption of cyber security measures | ZDNET

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

• How do we measure cyber risk? | ITPro

• Ready For Cyber Readiness - Any Time Now (forbes.com)

• CISOs and board members are finding a common language - Help Net Security

• IT Disaster Recovery Best Practices: Preparing For The Worst (informationsecuritybuzz.com)

• When And How To Hire A vCISO For Your Company's Cyber security Program (forbes.com)

• 18 Factors And Metrics To Show The Value Of Cyber security Initiatives (forbes.com)

• Improve your cyber threat understanding with geopolitical context | CSO Online

• Cyber Insecurity, AI and the Rise of the CISO | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats? (thehackernews.com)

• Ransomware realities in 2023: one employee mistake can cost a company millions (securityaffairs.com)

• Ransomware Criminals Aiming at Third-Party Vendors in Hunt for ‘Big Game’ (claimsjournal.com)

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure (darkreading.com)

• Giant health insurer struck by ransomware didn't have antivirus protection (malwarebytes.com)

• CISA shares vulnerabilities, misconfigs used by ransomware gangs (bleepingcomputer.com)

• What Are the Legal Implications of Paying Ransomware Demands? | HackerNoon

• Healthcare Sector Warned About New Ransomware Group NoEscape - Infosecurity Magazine (infosecurity-magazine.com)

• New trend in ransomware: Anonymity (betanews.com)

• 63% of organisations restore data after a ransomware attack | Security Magazine

• Hacker Group GhostSec Unveils New Generation Ransomware Implant - Infosecurity Magazine (infosecurity-magazine.com)

• Black Basta ransomware is out and about, again. (thecyberwire.com)

• Ukrainian activists hack Trigona ransomware gang, wipe servers (bleepingcomputer.com)

• Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire

• Scammers are targeting plastic surgery clinics with extortion scams | TechRadar

• BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks (bleepingcomputer.com)

• Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)

Ransomware Victims

• Lockbit ransomware gang demanded an 80 million ransom to CDW (securityaffairs.com)

• Alphv gang stole 5TB of data from Morrison Community Hospital (securityaffairs.com)

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Kansas Supreme Court Probes Potential Ransomware Attack (govinfosecurity.com)

• KwikTrip all but says IT outage was caused by a cyber attack (bleepingcomputer.com)

• Some people whose personal data stolen in HWL Ebsworth hack not told for six months | Cyber crime | The Guardian

• Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV (databreaches.net)

Phishing & Email Based Attacks

• More than 95 per cent of phishing attacks target the banking and finance sectors (bizhub.vn)

• Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE

• VIPRE finds 233.9 million malicious emails detected in Q3 2023 (securitybrief.co.nz)

• Make sure that email from HR is legit - it could be another phishing scam | TechRadar

• Human resources emails remain top phishing targets - SiliconANGLE

• CISA, NSA, FBI publish phishing guidance | TechTarget

• Generative AI's impact on phishing attacks | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing: What’s in a Name? | CISA

• D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)

Artificial Intelligence

• AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)

• AI Adoption Surges But Security Awareness Lags Behind - Infosecurity Magazine (infosecurity-magazine.com)

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge (thehackernews.com)

• AI-generated cyber attacks pose new risk to key UK infrastructure, experts warn | The Independent

• North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar

• Research: GPT-4 Jailbreak Easily Defeats Safety Guardrails

• Generative AI is scaring CISOs – but adoption isn’t slowing down | CSO Online

• Generative AI's impact on phishing attacks | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online

• The impact of artificial intelligence on cyber offence and defence | The Strategist (aspistrategist.org.au)

2FA/MFA

• Google Authenticator synchronization raises MFA concerns | TechTarget

Malware

• Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE

• Valve upgrades Steam's security after several games are hacked and filled with malware | Rock Paper Shotgun

• DarkGate malware spreads through compromised Skype accounts (bleepingcomputer.com)

• BLOODALCHEMY provides backdoor to ASEAN secrets • The Register

• Discord still a hotbed of malware activity — Now APTs join the fun (bleepingcomputer.com)

• Researchers warn of increased malware delivery via fake browser updates - Help Net Security

• The forgotten malvertising campaign (malwarebytes.com)

• Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)

• Lazarus Group Targeting Defence Experts with Fake Interviews via Trojanized VNC Apps (thehackernews.com)

• Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

• Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)

• Beware - that Google Chrome update alert might actually just be malware | TechRadar

Mobile

• SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls (thehackernews.com)

• The top 9 mobile security threats and how you can avoid them | ZDNET

• Hackers exploit security flaw to target iOS 17 iPhones with 'notification attack' | Macworld

• Google Play Protect adds real-time scanning to fight Android malware (bleepingcomputer.com)

• Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS Attacks in 2024: Distributed DoS Explained | Splunk

Internet of Things – IoT

• Inadequate IoT protection can be a costly mistake - Help Net Security

• Israelis told to secure their home security cameras against hackers • Graham Cluley

• Logistics Matters - Alert: How hackers use printers to gain access

• Microsoft HoloLens for the military: Hacker attacks on VR headset may cause physical pain - NotebookCheck.net News

Data Breaches/Leaks

• UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters

• Casio discloses data breach impacting customers in 149 countries (bleepingcomputer.com)

• 530K people's info stolen from cloud PC gaming's Shadow • The Register

• Colonial Pipeline was hacked. No, wait, Accenture was hacked. No, wait….. untangling claims. (2) (databreaches.net)

• D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)

• Hackers stole a million people's DNA. But what will they do with it? | Tech News | Metro News

• 23AndMe Hacker Leaks New Tranche of Stolen Data (darkreading.com)

• Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)

• Lost and Stolen Devices: A Gateway to Data Breaches and Leaks - SecurityWeek

• Twitter glitch allows CIA informant channel to be hijacked - BBC News

• Care provider under fire over response to cyber attack (thetimes.co.uk)

• Some people whose personal data stolen in HWL Ebsworth hack not told for six months | Cyber crime | The Guardian

• ServiceNow leak: thousands of companies at risk | Cybernews

Organised Crime & Criminal Actors

• Cyber attacks -- where they come from and the tactics they use (betanews.com)

• Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online

• Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)

• Single Sign On and the Cyber crime Ecosystem (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• US authorities monitor China-linked Bitcoin miners amid national security concerns: Report (cointelegraph.com)

Insider Risk and Insider Threats

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• Employees leaving businesses open to cyber attack – QBE research - CIR Magazine

• Why disaffected employees are your greatest cyber security risk | Federal News Network

• Ex-Navy IT head gets 5 years for selling people’s data on darkweb (bleepingcomputer.com)

Insurance

• Lloyd’s systemic risk scenario reveals potential cyber attack losses of $3.5tn (insuranceinsider.com)

• How MOVEit Is Likely to Shift Cyber Insurance Calculus (darkreading.com)

• Cyber insurance represents ‘small proportion’ of potential economic losses from major attack | Insurance Times

• How Data Changes the Cyber Insurance Market Outlook (darkreading.com)

• What to Look for in Cyber Insurance Coverage | Proofpoint US

Supply Chain and Third Parties

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Why fourth-party risk management is a must-have | TechTarget

Identity and Access Management

• Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)

Encryption

• Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication (thehackernews.com)

Linux and Open Source

• Open To Attack: The Risks Of Open-Source Software Attacks (informationsecuritybuzz.com)

• Can open source be saved from the EU's Cyber Resilience Act? • The Register

• Report Finds Few Open Source Projects are Actively Maintained - Slashdot

Passwords, Credential Stuffing & Brute Force Attacks

• IT Admins Are Just as Guilty For Weak Password Use- IT Security Guru

• Over 40,000 admin portal accounts use 'admin' as a password (bleepingcomputer.com)

• 39% of individuals use the same password for multiple accounts | Security Magazine

• Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)

• Passkeys Are Cool, But They Aren't Enterprise-Ready (darkreading.com)

• A worrying amount of corporate IDs still aren't properly protected | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)

• Twitter glitch allows CIA informant channel to be hijacked - BBC News

Malvertising

• The forgotten malvertising campaign (malwarebytes.com)

• Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)

• Guide to detecting and disrupting fake ads | Netcraft

• Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

• Clever malvertising attack uses Punycode to look like KeePass's official website (malwarebytes.com)

Training, Education and Awareness

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

Regulations, Fines and Legislation

• UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters

• A Third of Organisations Not Ready to Comply with NIS2 - Infosecurity Magazine (infosecurity-magazine.com)

• One year left for companies to implement NIS2 cyber security directive (wbj.pl)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)

• Can open source be saved from the EU's Cyber Resilience Act? • The Register

• Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky (darkreading.com)

• SEC stepping up cyber security efforts | Inquirer Business

• The double-edged sword of heightened regulation for financial services - Help Net Security

• Top US Cyber Agency Pushing Toward First Hack Reporting Rule (bloomberglaw.com)

• Keeping control in complex regulatory environments - Help Net Security

• UN cyber crime treaty: A menace in the making – EURACTIV.com

• SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra

Models, Frameworks and Standards

• A Third of Organisations Not Ready to Comply with NIS2 - Infosecurity Magazine (infosecurity-magazine.com)

• One year left for companies to implement NIS2 cyber security directive (wbj.pl)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)

• NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)

Backup and Recovery

• Principles for ransomware-resistant cloud backups - NCSC.GOV.UK

• 63% of organisations restore data after a ransomware attack | Security Magazine

Data Protection

• Care provider under fire over response to cyber attack (thetimes.co.uk)

Careers, Working in Cyber and Information Security

• Over half of cyber security pros say they want to switch jobs (betanews.com)

• Compelling Reasons Why You Should Study Cyber Security - Minutehack

• Your guide to landing a job in cyber security (fastcompany.com)

• New Cyber security Salary Report Guides Hiring in an $8 Trillion Cyber Crime Landscape (prnewswire.com)

• One in five CISOs miss out on pay raise - Help Net Security

Law Enforcement Action and Take Downs

• Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)

Misinformation, Disinformation and Propaganda

• Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats

Misc Nation State/Cyber Warfare

• ‘Only a matter of time’ before cyber attacks are viewed as acts of war: Ex-NSA chief

• Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes issues five tips on thwarting nation state threats | Computer Weekly

• APT trends report Q3 2023 | Securelist

• Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure (thehackernews.com)

• TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• The evolution of deception tactics from traditional to cyber warfare - Help Net Security

• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)

• Government officials debate effectiveness of multilateral relations in cyber security | ZDNET

• Defence leaders recognise need to adapt to win in ‘information battlespace’ | BAE Systems

Geopolitical Threats/Activity

• How Cyber attacks Could Affect the Israel-Hamas War (govinfosecurity.com)

• Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Israelis told to secure their home security cameras against hackers • Graham Cluley

• Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)

• Pro-Israeli Hacktivist Group Predatory Sparrow Reappears (darkreading.com)

• AI-Powered Israeli 'Cyber Dome' Defence Operation Comes to Life (darkreading.com)

• Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)

• Mideast War Has Cyber Implications | Newsmax.com

• Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)

• Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems (darkreading.com)

China

• Mandia: China replaces Russia as top cyber threat | CyberScoop

• FBI boss slams ‘unprecedented’ Chinese cyberespionage and IP theft   | SC Media (scmagazine.com)

• Five Eyes Warn Of Chinese Cyber Espionage | Silicon UK

• Five Eyes warn of growing threat of IP 'theft' by China's hackers (techmonitor.ai)

• 20,000 Britons approached by Chinese agents on LinkedIn, says MI5 head | MI5 | The Guardian

• Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration (thehackernews.com)

• US authorities monitor China-linked Bitcoin miners amid national security concerns: Report (cointelegraph.com)

• BLOODALCHEMY provides backdoor to ASEAN secrets • The Register

• TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)

• Huawei wants to know why EU labelled it high security risk • The Register

• Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw (thehackernews.com)

Russia

• Mandia: China replaces Russia as top cyber threat | CyberScoop

• Russia-based Wizard Spider is Top Threat Group: Netskope Report | MSSP Alert

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• Russian Sandworm hackers breached 11 Ukrainian telcos since May (bleepingcomputer.com)

• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)

• Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)

• Russian Hackers Target Romanian Media - Valahia.News

• Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)

• Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats - Infosecurity Magazine (infosecurity-magazine.com)

Iran

• Iranian hackers lurked in Middle Eastern govt network for 8 months (bleepingcomputer.com)

• Hamas-linked app offers window into cyber infrastructure, possible links to Iran | CyberScoop

North Korea

• North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar

• Lazarus Group Targeting Defence Experts with Fake Interviews via Trojanized VNC Apps (thehackernews.com)

• North Korean hackers exploit critical TeamCity flaw to breach networks (bleepingcomputer.com)

• FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program - SecurityWeek

Vulnerability Management

• Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)

• Microsoft Needs to Get Serious About Its Windows 10 Upgrade Problem (pcmag.com)

Vulnerabilities

• Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 - SecurityWeek

• Cisco working on fix for critical IOS XE zero-day | TechTarget

• Oracle Patches 185 Vulnerabilities With October 2023 CPU - SecurityWeek

• Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms (thehackernews.com)

• You Need to Update WinRAR, Right Now (gizmodo.com)

• Juniper Networks Patches Over 30 Vulnerabilities in Junos OS - SecurityWeek

• Hackers exploit critical flaw in WordPress Royal Elementor plugin (bleepingcomputer.com)

• Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software (thehackernews.com)

• Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• ServiceNow leak: thousands of companies at risk | Cybernews

Tools and Controls

• Well-informed employees act as 1st line of defence against cyber threats

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)

• Essential cyber hygiene: Making cyber defence cost effective - Help Net Security

• Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)

• Improve your cyber threat understanding with geopolitical context | CSO Online

• Why Zero Trust Is the Cloud Security Imperative (darkreading.com)

• 3 Essential Steps to Strengthen SaaS Security (darkreading.com)

• Cyber expert calls for renewed focus on zero-trust and recovery as threat actors scale-up - SiliconANGLE

• How hackers use printers to gain access

• Google Authenticator synchronization raises MFA concerns | TechTarget

• Cyber insurance represents ‘small proportion’ of potential economic losses from major attack | Insurance Times

• Email Security Best Practices for Phishing Prevention (trendmicro.com)

• The impact of artificial intelligence on cyber offence and defence | The Strategist (aspistrategist.org.au)

• What to Look for in Cyber Insurance Coverage | Proofpoint US

• Reinforcing cyber security: The network's role to prevent, detect, and respond to attacks - Help Net Security

• How to go from collecting risk data to actually reducing risk? - Help Net Security

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

• How do we measure cyber risk? | ITPro

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• OSINT isn't immediate ground truth--it's the result of analysis. (thecyberwire.com)

• How Data Changes the Cyber Insurance Market Outlook (darkreading.com)

• What is Structured Threat Information eXpression (STIX)? (techtarget.com)

Reports Published in the Last Week

• Trustwave SpiderLabs Research: Cyber security in the Financial Services Sector

• APT trends report Q3 2023 | Securelist

• New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS

• ENISA THREAT LANDSCAPE REPORT 2023 REPORT IS OUT! (securityaffairs.com)

• Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire

• The CISO Report | Splunk

• VIPRE Security Group’s Q3 2023 Email Threat Report Reveals PDFs, Callback Phishing and Malware Via Google Drive Growing in Popularity Among Criminals - VIPRE

Other News

• SMBs Struggle to Keep Pace with Cyber Security Threats - IT Security Guru

• Many SMBs really don't know exactly what security tools they need | TechRadar

• Hackers Hit The IT Industry: 12 Companies Targeted In 2023 | CRN

• What the Hollywood Writers Strike Resolution Means for Cyber security (darkreading.com)

• Progress gets SEC subpoena over MOVEit breach – and more! • The Register

• 51% of Financial Services Firms Reporting Breaches are From US: Trustwave Threat Landscape Report | The Fintech Times

• Cyber attacks on healthcare organisations affect patient care - Help Net Security

• Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)

• Thinking about the phrase 'cyber security' | Microscope (computerweekly.com)

• Cyber risk report says shipping remains ‘easy target’, paying an average $3.2m In cyber attacks (shipmanagement idcinternational.com)

• Space industry group turns up volume on satellite vulnerabilities - SpaceNews

• 5 Tips for Improving Security in Public Sector (govinfosecurity.com)

• Marketers Must Make Cyber security A Priority Every Day (forbes.com)

• UK at risk of massive security breach from national HMRC IT meltdown | The Independent

• UK warns nuclear power plant operator of cyber security failings (therecord.media)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year

A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.

In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.

Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.

Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]

The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation

In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.

Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.

Source: [News Week] [Beta News]

Ransomware Infection Times Fall from 5 Days to 5 Hours

The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.

This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.

The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.

Sources: [Cision] [PC Mag] [Security Magazine]

80% of Security Leaders See AI as the Biggest Threat to Business

A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.

In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.

With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.

Sources: [Diginomica] [Infosecurity Magazine]

Is Your Board Cyber-Ready?

With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.

Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.

Sources: [Harvard.edu] [JDSupra]

Cyber Security Should Be a Business Priority for CEOs

A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.

Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.

Source: [HelpNet Security]

The Looming Threat of a Single Phishing Click to Your Business

A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.

Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CMS-lawnow]

40% of Organisations Leave Ransomware to IT

A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.

By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [MSSP Alert]

Auditors’ Growing Concern About Cyber Security

The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.

Source: [Accounting Today]

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.

Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.

Source: [Dark Reading]

Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone

The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.

It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.

Sources: [Bleeping Computer] [Infosecurity Magazine]

Organisations Grapple with Detection and Response Despite Rising Security Budgets

A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.

The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.

Source: [CSO Online]

Governance, Risk and Compliance

• Half of CISOs Now Report to CEO as Influence Grows - Infosecurity Magazine (infosecurity-magazine.com)

• Auditors more worried about cyber security than AI risks | Accounting Today

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• CEOs concerned about organisations’ ability to avert cyber attacks, despite understanding their impact: Report - The Hindu

• Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar

• Warning as more businesses fall victim to cyber attacks | Insurance Times

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)

• 90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)

• The world was already horrifying — technology is making it more so - The Hustle

• State of Cyber Awareness in the Boardroom (harvard.edu)

• What The Board Needs To Know: Cyber Attack Costs - WSJ

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Is Your Board Cyber-Ready? Leadership Steps to Support Corporate Cyber Security | Jackson Lewis P.C. - JDSupra

• Cyber security should be a business priority for CEOs - Help Net Security

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• The undeniable benefits of making cyber resiliency the new standard | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• Cyber insurance costs pressure business budgets - Help Net Security

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023

• New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)

• Should businesses follow Google’s footsteps in cyber security? | TechRadar

• Cyber security is booming but it comes at a human cost (betanews.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)

• 6 steps to getting the board on board with your cyber security program (welivesecurity.com)

Threats

Ransomware, Extortion and Destructive Attacks

• First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine

• Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber criminals can go from click to compromise in less than a day - Help Net Security

• Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)

• Almost 60% Of Businesses Are 'Very' To 'Extremely' Concerned About Ransomware Attacks - Hornetsecurity Annual Ransomware Survey (Prnewswire.Com)

• Ransomwared health insurer wasn't using anti-virus software • The Register

• Everest searching for corporate insiders amid rare pivot • The Register

• HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)

• How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)

Ransomware Victims

• MGM Suffers $100mn loss following cyber attack, hopes insurance cover will be sufficient (insuranceinsider.com)

• Cyber attack victim Estes making ‘steady progress’ - FreightWaves

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Ransomwared health insurer wasn't using anti-virus software • The Register

• BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)

• Ransomware group starts leaking data allegedly from NJ cardiology consultants group (databreaches.net)

Phishing & Email Based Attacks

• The looming threat of a single phishing click to your business (cms-lawnow.com)

• Hackers are using AI for phishing | Windows Central

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Phishing, the campaigns that are affecting Italy (securityaffairs.com)

BEC – Business Email Compromise

• What is business email compromise (BEC)? | ITPro

Other Social Engineering; Smishing, Vishing, etc

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Artificial Intelligence

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• 'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)

• Cyber security pros predict rise of malicious AI - Help Net Security

• Downing Street trying to agree statement about AI risks with world leaders | Artificial intelligence (AI) | The Guardian

• Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Hackers are using AI for phishing | Windows Central

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

• US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)

• Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)

• How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)

2FA/MFA

• Account Hacking Over Starlink Sparks Calls For Two-Factor Authentication (pcmag.com)

Malware

• Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)

• Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)

• How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)

• Endpoint malware attacks decline as campaigns spread wider - Help Net Security

Mobile

• Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)

• Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)

• 5 quick tips to strengthen your Android phone security today | ZDNET

Botnets

• Mirai DDoS malware botnet variant expands targets with 13 router exploits (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)

• Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert

Internet of Things – IoT

• Connected vehicles can be at risk of hacking, consumer awareness paramount: experts - Victoria Times Colonist

• Automotive cyber security: A decade of progress and challenges - Help Net Security

• Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

• Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week

• Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)

Data Breaches/Leaks

• 3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)

• US Smashes Annual Data Breach Record With Three Months Left - Infosecurity Magazine (infosecurity-magazine.com)

• 23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)

• Hackers compile database of people of Jewish descent using stolen 23andMe user data - Washington Times

• DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)

• Lyca Mobile says customer data was stolen during cyber attack | TechCrunch

• Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Air Europa customers urged to cancel cards following hack on payment system (therecord.media)

• Dymocks breach happened while changing providers | Information Age | ACS

• 88% of Hospitals And Other Health-Care Organisations Faced Cyber Attacks Last Year (databreaches.net)

• Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The cyber villains are getting bolder. Businesses need to up their game - Raconteur

• Minister:  ‘Cyber criminals are often in uncooperative jurisdictions – making international collaboration essential’ – PublicTechnology

• Protecting your business against the cyber criminal enterprise (techuk.org)

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

Insider Risk and Insider Threats

• Everest searching for corporate insiders amid rare pivot • The Register

• Time to safeguard the financial sector? Navigating employee turnover to defend against cyber attacks - Digital Journal

• Former US soldier accused of trying to pass secrets to China • The Register

• The Mind of the Inside Attacker (informationweek.com)

• Understanding the human factor of digital safety | TechRadar

Fraud, Scams & Financial Crime

• Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media

• Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• UK users of illicit streaming services warned of risk of fraud or police visit | TV streaming | The Guardian

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• Never click on bank-draining words if message pops up, expert warns (ladbible.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Deepfakes

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

AML/CFT/Sanctions

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

Insurance

• Cyber insurance costs pressure business budgets - Help Net Security

• Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News

• Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)

Supply Chain and Third Parties

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• Cyber attack hits electronics firm Volex (cityam.com)

Software Supply Chain

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

Cloud/SaaS

• The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)

• Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology

• Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits (thehackernews.com)

• Securely Moving Financial Services to the Cloud (darkreading.com)

Identity and Access Management

• Why identity infrastructure is the new cyber attack surface (siliconrepublic.com)

Encryption

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

API

• You can't avoid APIs, so you need to secure them (betanews.com)

Open Source and Linux

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

• US Government Issues Open-Source Security Guidance for Critical Infras - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA publishes top 10 most common security misconfigurations • The Register

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

Social Media

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)

• What should you do if your Facebook is hacked? (pocket-lint.com)

Parental Controls and Child Safety

• New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise (thehackernews.com)

Regulations, Fines and Legislation

• SEC Adopts New and Burdensome Cyber Cecurity Disclosure Rules | Kohrman Jackson & Krantz LLP - JDSupra

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

Models, Frameworks and Standards

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

Data Protection

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

Careers, Working in Cyber and Information Security

• Work-related stress “keeps cyber professionals up at night” | ITPro

• Fifth of UK Cyber Security Pros Work Excessive Hours - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security is booming but it comes at a human cost (betanews.com)

• eBook: Cyber security career hacks for newcomers - Help Net Security

• Turning military veterans into cyber security experts - Help Net Security

• CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week

• Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)

Law Enforcement Action and Take Downs

• European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State/Cyber Warfare

• Cyber Attacks Targeting Israel Are on the Rise After Hamas Attack | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

• Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)

• Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week

• Israel Cyber Attacks: What MSSPs Need to Know | MSSP Alert

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

• The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cyber crime. (thecyberwire.com)

• Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)

• The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

Russia

• Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)

• Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)

• Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba

• Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

China

• A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)

• Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)

• Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Former US soldier accused of trying to pass secrets to China • The Register

• Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants (thehackernews.com)

Iran

• Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)

North Korea

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• North Korea's State-Sponsored APTs Organise & Align (darkreading.com)

Vulnerability Management

• Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)

• Microsoft Patch Tuesday turns 20 • The Register

• Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert

Vulnerabilities

• Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws (securityaffairs.com)

• Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)

• Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week

• Google Chrome 118 is a massive security update - gHacks Tech News

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)

• WhatsApp exploits commanding multi-million prices (computing.co.uk)

• High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)

• Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week

• Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)

• Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica

• New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)

• libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)

• D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• Apple releases iOS 16.7.1 to plug critical security holes | Macworld

• The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• 35 Squid proxy bugs still unpatched after 2 years • The Register

• Fortinet Releases Security Updates for Multiple Products | CISA

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

Tools and Controls

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

• 16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)

• A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)

• You can't avoid APIs, so you need to secure them (betanews.com)

• What is External Attack Surface Management (EASM)? | UpGuard

• Why You Should Phish In Your Own (informationsecuritybuzz.com)

• Why zero trust delivers even more resilience than you think - Help Net Security

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

• Unmasking the limitations of yearly penetration tests - Help Net Security

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Keep on keeping your organisation informed to stay cyber secure (techuk.org)

• Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)

Reports Published in the Last Week

• Global Incident Response Threat Report (vmware.com)

Other News

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Large law firms experiencing two 'cyber incidents' a month - Legal Futures

• Small businesses growing target for cyber criminals (planetradio.co.uk)

• The world was already horrifying — technology is making it more so - The Hustle

• Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)

• Subsea cable business seeks to plug its security holes (lightreading.com)

• Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)

• Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)

• Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star

• Proactive not reactive: adjusting the approach to cyber crime in education

• Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)

• As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security

• Social care and cyber-crime - Social care (blog.gov.uk)

• Electric Power System Cyber Security Vulnerabilities (trendmicro.com)

• Cable Giant Volex Targeted in Cyber Attack - Security Week

• Securing the Food Pipeline from Cyber Attacks (newswise.com)

• US construction giant reports cyber security incident • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.