Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 01 December 2023

Black Arrow Cyber Threat Intelligence Briefing 01 December 2023:

-Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack

-Approach Cyber Security Awareness Training by Engaging People at All Levels

-Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks

-Ransomware Attacks Surge 81% in October as New Threat Actors Emerge

-Hacked Microsoft Word Documents Being Used to Trick Windows Users

-Mitigating Deepfake Threats in The Corporate World

-Black Basta Ransomware Made Over $100 Million From Extortion Alone

-Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation

-Booking.com Customers Scammed in Novel Social Engineering Campaign

-Stop Panic Buying Your Security Products and Start Prioritising

-A Fifth of UK SMBs Unable to Spot Scams

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Strategic Cyber Stories of the Last Week

Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack

An estimated 80 to 200 law firms across the UK were impacted by a cyber attack on a third party firm in their supply chain. The attack was on managed service supplier CTS, who provide services to hundreds of law firms across the UK, especially those with conveyancing departments, and many property sales were impacted nationwide as a result of the attack.

This is against a sharp increase in the number of law firms being singled out by cyber threat actors; only recently, magic circle firm Allen & Overy confirmed themselves as a victim of ransomware.

Sources: [SC Media] [Lawyer Monthly] [Scottish Legal News] [Law Gazette] [Dark Reading]

Approach Cyber Security Awareness Training by Engaging People at All Levels

In the cyber security landscape, human-related factors like social engineering, compromised credentials, and errors are the top causes of breaches. Increased investment in threat detection doesn't guarantee foolproof security. Organisations need a proactive strategy focusing on human risks, a security mindset in employees, and a security culture. According to IBM’s latest data security report, high levels of security training can significantly reduce the impact, cost, and frequency of data breaches.

However, most employee training programmes fail due to staff resistance and lack of management support. The key is convincing leadership of its value. To achieve a successful and impactful security awareness programme, it is important that security teams understand their audiences (leaders, managers, and employees), address their requirements, and effectively communicate the benefits of security training.

Source: [CPO Magazine]

Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks

A recent report found that despite 95% of Chief Information Security Officers (CISOs) receiving budgetary and other support from their organisation after a cyber attack, this largely fails to prevent future incidents, with over half admitting they have experienced multiple “major cyber security incidents” in the last five years.

The report revealed that after an attack 46% of CISOs were given a bigger tech budget, 42% revised their security strategy, 41% adopted new frameworks, and 38% created new roles. However, incidents come with hidden consequences such as revenue loss, rising insurance premiums and declining reputation. CISOs need to have support from the board and executives from the start so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.

Sources: [Business Wire] [Silicon UK]

Ransomware Attacks Surge 81% in October as New Threat Actors Emerge

The NCC Group revealed that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. Ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022. As artificial intelligence, phishing kits and ransomware-as-a-service has improved, so too has the number of threat actors; those who were previously stunted by their technical know-how are now able to gain access to sophisticated attacks.

Source: [Security Brief]

Hacked Microsoft Word Documents Being Used to Trick Windows Users

Active campaigns carried out by cyber criminals are again using macros within Word documents to deploy malware, in spite of Microsoft’s efforts to stop these types of attacks. Most of the time the actor delivers the Word document via phishing emails, with the aim of convincing the user to click and run the macro. Once run, the malware has then achieved its goal of establishing itself on the victims’ machine and executing its malicious payload.

Source: [TechRadar]

Mitigating Deepfake Threats in The Corporate World

Deepfakes are synthetic media that are created or manipulated with the desired outcome of convincing the recipient of their legitimacy; and it’s entering the corporate world. Deepfake technology has already been used to impersonate Presidents and financial experts, however there has been an uprise in the number of these attacks. This has left the corporate world questioning existing operational procedures such as callbacks and how they will need to adjust to encompass the changing landscape.

Some of the ways a corporation can mitigate this, is to promote awareness within the workplace, adjust operational procedures to reflect the current landscape, and utilise advanced detection tools.

Source: [MSSP Alert]

Black Basta Ransomware Made Over $100 Million From Extortion Alone

The cyber crime operator “Black Basta” has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022. In total, 329 victims worldwide were targeted and research has estimated that at least 35% paid a ransom, with multiple payments over $1 million. Black Basta uses double extortion techniques, where data is both ransomed and exfiltrated. This way, victims are forced to pay to get their data back and not have it published online; the latter itself can lead to regulatory fines.

Source: [Bleeping Computer]

Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation

In the evolving cyber security landscape, organisations are increasingly investing in detection and prevention measures. However, there's a growing trend of neglecting post-attack recovery. While advanced security tools and technologies are crucial, recent ransomware incidents have shown that recovery is equally vital. Organisations have faced substantial downtime and financial losses due to attacks. Cyber resilience, the ability to bounce back quickly after an attack, is crucial, especially with the rise of remote work.

Budgets often prioritise prevention, leaving organisations ill-prepared for recovery. In 2023, a significant number of companies paid ransoms to regain data. To achieve true cyber resilience, a rebalance in approach is essential, focusing on preparation, response, and recovery alongside detection and prevention, ensuring rapid recovery and safeguarding of valuable assets.

Source: [TechRadar]

Booking.com Customers Scammed in Novel Social Engineering Campaign

According to new research by SecureWorks, Booking.com customers are being targeted by a novel social engineering campaign that is “paying serious dividends” for cyber criminals. Researchers believe the campaign has gone on for at least a year and it begins by deploying the Vidar infostealer to gain access partner hotels’ Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2,000 in two cyber crime forums.

Source: [Infosecurity Magazine]

Stop Panic Buying Your Security Products and Start Prioritising

In the cyber security landscape, impulse buying can lead to costly mistakes. Breaches are now more expensive than ever, underscoring the need to assess cyber security investments. Fear-driven tactics and the quest for a "silver bullet" solution can push organisations, especially smaller ones, into impulsive investments. These decisions may introduce even more risk by failing to integrate with existing systems, or buying systems but failing to configure them properly or utilising them to the fullest extent, leading to a false sense of security. The consequences can be severe, with breaches now costing organisations millions. To navigate this landscape, organisations must assess the real value of cyber security investments. Calculating risk by evaluating likelihood and impact can guide us in making informed decisions. Instead of impulse buying, assign a monetary value to cyber risks for strategic budget decisions in these economic times, ensuring investments align with security and business goals.

Source: [Help Net Security]

A Fifth of UK SMBs Unable to Spot Scams

New data from UK Finance reveals that 17% of UK small and medium-sized businesses (SMBs) struggle to identify online fraud and scam indicators. This is particularly alarming given the rise in authorised push payment (APP) scams in the UK, where fraudsters impersonate trusted entities to deceive victims into transferring money to controlled accounts. In the first half of 2023 alone, criminals stole a reported £42.6 million through such scams, with total losses including consumer impacts reaching £239 million. SMBs are increasingly targeted due to typically fewer anti-fraud and other countermeasures and controls, compared to larger and better protected larger firms. It is important for SMBs to be vigilant and verify payment details directly with suppliers to help avoid these types of scams.

Source: [Infosecurity Magazine]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 27 October 2023

Black Arrow Cyber Threat Intelligence Briefing 27 October 2023:

-More Companies Adopt Board-Level Cyber Security Committees

-Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High

-Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year

-More Than 46 Million Potential Cyber Attacks Logged Every Day

-Fighting Cyber Attacks Requires Top-Down Approach

-Email Security Threats are More Dangerous This Year as Over 200 Million Malicious Emails Detected in Q3 2023

-98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending

-48% of Organisations Predict Cyber Attack Recovery Could Take Weeks

-Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour

-How Cyber Security Has Evolved in The Past 20 Years

-Rising Global Tensions Could Portend Destructive Hacks

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Companies Adopt Board-Level Cyber Security Committees

In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.

Source: [Decipher]

Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High

A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.

Sources: [Dark Reading] [SC Magazine] [Reinsurance News]

Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year

Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.

Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]

More Than 46 Million Potential Cyber Attacks Logged Every Day

New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.

Sources: [Evening Standard] [Proactive] [The Independent]

Fighting Cyber Attacks Requires Top-Down Approach

Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.

Source: [Chief Investment Officer]

Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023

The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.

Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [Security Magazine] [MSSP Alert] [TechRadar]

98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending

Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.

Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]

48% of Organisations Predict Cyber Attack Recovery Could Take Weeks

A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Security Magazine]

Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour

The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.

We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.

Source: [Dark Reading]

How Cyber Security Has Evolved in The Past 20 Years

Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.

The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.

Source: [Forbes]

Rising Global Tensions Could Portend Destructive Hacks

Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.

Source: [Info Risk Today]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

Geopolitical Threats/Activity

China

Russia

Iran

North Korea


Vulnerability Management

Vulnerabilities



Other News


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More