Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 16 February 2024
Black Arrow Cyber Threat Intelligence Briefing 16 February 2024:
-Active Phishing Campaigns Targeting Office 365, Another Forcing Remote Management Software Downloads
-Cyber Security is Your Defensive Strategy, Cyber Resilience is Your Business
-Leveraging Threat Intelligence for Regulatory compliance
-The Risks of Quishing and How Enterprises Can Stay Secure
-Phishing Attacks Increased 106% Year Over Year as 91% of Organisations Impacted by AI-enhanced Phishing Attacks
-Microsoft and OpenAI Warn State-backed Threat Actors are Using AI En Masse to Wage Cyber Attacks
-Cyber Risk Management: Bring Security to the Boardroom
-Trustees Open to Cyber Risks by Not Responding to NCSC Reporting Changes
-Nation State Actors Intensify Focus on NATO Member States
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Active Phishing Campaigns Targeting Office 365, Another Forcing Remote Management Software Downloads
Proofpoint have released an alert relating to an active hacking operation in which cyber criminals are employing phishing traps and shared Office 365 documents to steal credentials. Hackers have been threading together credential phishing and account takeover (ATO) tactics to gain access to enterprise resources, with multiple organisations already hit. One of the identified methods in use involves attackers inserting links that direct users to click to view a document. This subsequently links them to a phishing page controlled by the attacker.
In another currently active phishing campaign, threat actors are targeting potential victims via email and SMS, with personalised content to match victim roles within their organisation. But instead of phishing for information directly, they are convincing victims to download remote monitoring and management software. Victims were directed to newly registered websites mimicking various financial institutions and asked to download a “live chat application”, which turned out to be an old version of AnyDesk. Once downloaded, the software would then allow full access to victim’s machine and network resources.
Sources: [Verdict] [Help Net Security]
Cyber Security is Your Defensive Strategy, Cyber Resilience is Your Business
A cyber attack is a matter of when, not if, and as such businesses must prepare for such an event happening to them. Whilst cyber security aims to defend the organisation, cyber resilience is about ensuring that your digital operations, which are the heart of your organisation, can withstand and quickly recover from any cyber attack, technical malfunction, or even deliberate tampering. If we think back to Covid, a lot of organisations suddenly had to adapt, to ensure that they could function as close to normal as possible. How many have tested their organisation’s ability to continue work since, or prepared for a loss of access to critical systems for an extended period of time? It’s the cyber resilient organisations that know they’ve made the right investments to significantly reduce the risk of their operations grinding to a halt.
Source: [Security Brief]
Leveraging Threat Intelligence for Regulatory Compliance
The collective improvement of cyber security is a high international priority and a wealth of EU legislation, such as NIS2 and the Digital Operational Resilience Act (DORA) is in the pipeline, to oblige organisations to understand and manage their cyber risks appropriately. As part of these regulations, threat intelligence is often a feature that can be leveraged to improve cyber resilience.
Threat intelligence can be collected from a variety of sources such as governmental advisories, dark web monitoring, private sector feeds, intelligence-sharing communities and open source information. The key for organisations is to be able to digest this, and apply it accordingly to their specific organisation, to improve their cyber resilience efforts.
Black Arrow provides weekly threat intelligence free of charge through our online blog and weekly subscription summary email. To sign up, visit https://www.blackarrowcyber.com/subscribe
Source: [BetaNews]
The Risks of Quishing and How Enterprises Can Stay Secure
QR codes have surged in popularity in the past two years, mainly due to their convenient and touchless features that streamline daily transactions, making it easy for users to scan and access information quickly. However, this surge in popularity has also caught the attention of cyber criminals, who exploit QR codes to perpetrate phishing attacks, known as "quishing." Attackers use tactics, such as disguising malicious QR codes in seemingly legitimate contexts; these pose substantial risks, leading to compromised personal and corporate data, financial loss, and reputational damage. Organisations must prioritise understanding and fortifying defences against quishing, as these attacks pose significant risks to both individuals and organisations. By educating employees on discerning phishing attempts, enforcing device security measures, and leveraging specialised solutions, organisations can bolster their resilience against QR code-based cyber threats and safeguard their digital assets effectively.
Source: [Zimperium]
Phishing Attacks Increased 106% Year Over Year as 91% of Organisations Impacted by AI-enhanced Phishing Attacks
A recent report found that phishing attempts increased 106% year on year, with malware detections up 40%. In a separate report on phishing, it was found that 91% of organisation were impacted by AI-enhanced phishing attacks. Such numbers reinforce the reason for organisations to implement effective phishing training, and this should include training regarding AI-enhanced phishing emails.
Sources: [The Fintech Times] [Security Magazine]
Microsoft and OpenAI Warn State-backed Threat Actors are Using AI En Masse to Wage Cyber Attacks
Microsoft has released a report detailing how prominent state-linked actors are using generative AI to enhance their attack methods. Russian, North Korean, Iranian, and Chinese-backed threat actors are attempting to use generative AI to inform, enhance, and refine their attacks, according to the report. It’s clear that AI is a double-edged sword, and organisations must implement processes to reduce their risk and increase their resilience to it.
Source: [ITPro]
Cyber Risk Management: Bring Security to the Boardroom
Organisations are facing the dual challenge of managing business risk and aligning with ever-expanding cyber security goals; as such, the need for a robust cyber risk management strategy is more critical than ever. This calls for organisations to effectively communicate their security posture to the board with relevant metrics.
Engaging the board requires a strategic approach, emphasising clear communication and contextual visibility. Board members are already increasingly recognising the impact of poor security on an organisation’s reputation, budget, and overall well-being; it is essential to translate security concerns into tangible metrics that resonate with the board. Real-time metrics, alignment with business goals, and educating the board on cyber security nuances can help build the foundation for such a strategy.
Source: [Trend Micro]
Trustees Open to Cyber Risks by Not Responding to NCSC Reporting Changes
Recent changes in the National Cyber Security Centre's (NCSC) threat reporting framework have prompted a call to action for pension scheme advisors.
Cyber security has fast become one of the biggest threats to pension schemes. Data breeches, scamming, ransomware, fraud: these have all become the stuff of trustee nightmares. And the sophistication of those threats is evolving rapidly, so it is important that schemes stay as far ahead of them as possible with comprehensive and proactive defence measures. It’s also imperative to check-in regularly with advisors that their measures are robust, and ensure that reports are undertaken frequently to demonstrate progression of mitigation of all vulnerabilities. A onetime spot check is simply not enough in this environment.
Source: [The HR Director]
Nation State Actors Intensify Focus on NATO Member States
The head of threat research and analysis at Google Cloud has highlighted that nation state actors consider cyber warfare as another tool in their box, noting the current ongoing cyber warfare between Russia and Ukraine. Separate reports have found that the cyber war has extended to NATO member states, with initial access brokers (individuals who sell credentials to organisations) increasingly targeting entities within NATO member states.
Sources: [Help Net Security] [World Economic Forum ] [Inforisktoday] [Help Net Security]
Governance, Risk and Compliance
Leveraging threat intelligence for regulatory compliance (betanews.com)
It's Time to Rethink Third-Party Risk Assessment (darkreading.com)
Cyber Risk Management: Bring Security to the Boardroom (trendmicro.com)
A changing world requires CISOs to rethink cyber preparedness | CSO Online
Cyber Security teams recognized as key enablers of business goals - Help Net Security
26 Cyber Security Stats Every User Should Be Aware Of in 2024 (securityaffairs.com)
Fortifying Businesses Against Modern Information Threats (forbes.com)
Executives must face down state-sponsored hacking groups targeting firmware | Computer Weekly
Cyber Security is your defensive strategy, cyber resilience is your business (securitybrief.co.nz)
Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
New macOS Backdoor Linked to Prominent Ransomware Groups - SecurityWeek
Ransomware tactics evolve, become scrappier - Help Net Security
Rhysida Ransomware Cracked, Free Decryption Tool Released (thehackernews.com)
Dual Ransomware Attacks: A Quicker Route to Extortion - Security Boulevard
Ransomware Victims
Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union (darkreading.com)
Cyber Attack hits Swedish cloud provider Advania, healthcare services impacted | Cybernews
PR industry affected as media monitoring firm Onclusive hit by cyber attack | PR Week
German battery maker Varta says five plants hit by cyber attack - CNA (channelnewsasia.com)
The Southern Water cyber attack highlights the wave of threats faced by utilities companies | ITPro
Phishing & Email Based Attacks
91.1% of Organisations Impacted by AI-Enhanced Phishing Attacks, Acronis Reports | The Fintech Times
Corporate users getting tricked into downloading AnyDesk - Help Net Security
Phishing attacks increased 106% year over year | Security Magazine
Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge - Help Net Security
Remote Monitoring & Management software used in phishing attacks | Malwarebytes
How are attackers using QR codes in phishing emails and lure documents? (talosintelligence.com)
Threat actors in phishing campaign targeted at Office 365 (verdict.co.uk)
2023 Year in Review: Phishing Attacks and Trends (vadesecure.com)
London police block 43 crypto phishing web domains (cointelegraph.com)
This new Android feature could help save you from phishing and malware – here's how | TechRadar
Other Social Engineering
4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)
QR code attacks target organizations in ways they least expect - Help Net Security
The Risks of Quishing and How Enterprises Can Stay Secure - Zimperium
Artificial Intelligence
Deepfake CFO Video Calls Result in $25MM in Damages (trendmicro.com)
91.1% of Organisations Impacted by AI-Enhanced Phishing Attacks, Acronis Reports | The Fintech Times
Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)
55% of Generative AI Inputs Include Sensitive Data: Menlo Security - Security Boulevard
We're at a Pivotal Moment for AI and Cyber Security (darkreading.com)
Deepfake Democracy: AI Technology Complicates Election Security (darkreading.com)
Cyber criminals get productivity boost with AI - Help Net Security
Stolen Face ID scans used to break into bank accounts • The Register
AI outsourcing: A strategic guide to managing third-party risks - Help Net Security
The Coming End of Biometrics Hastens AI-Driven Security - Security Boulevard
Rental scams could soar as AI spreads, warns industry... (lettingagenttoday.co.uk)
Cyber Security Threats: How To Fight AI With AI (forbes.com)
The rise of AI threats and cyber security: predictions for 2024 | World Economic Forum (weforum.org)
2FA/MFA
MFA isn't always keeping businesses safe from cyber attack | TechRadar
4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)
Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA | Ars Technica
Malware
RustDoor malware targets macOS users by posing as a Visual Studio Update - gHacks Tech News
Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea (thehackernews.com)
VexTrio network of hijacked websites used to spread malware • The Register
Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks (darkreading.com)
Suspected Warzone RAT hackers arrested | SC Media (scmagazine.com)
From Cracked to Hacked: Malware Spread via YouTube Videos (cybereason.com)
Bumblebee malware attacks are back after 4-month break (bleepingcomputer.com)
Hackers used new Windows Defender zero-day to drop DarkMe malware (bleepingcomputer.com)
Glupteba Botnet Adds UEFI Bootkit to Cyber Attack Toolbox (darkreading.com)
Understanding the tactics of stealthy hunter-killer malware - Help Net Security
Miscreants turn to ad tech to measure malware metrics • The Register
New Qbot malware variant uses fake Adobe installer popup for evasion (bleepingcomputer.com)
This new Android feature could help save you from phishing and malware – here's how | TechRadar
Mobile
Stolen Face ID scans used to break into bank accounts • The Register
Google Chrome Warning Suddenly Issued For All Android Users (forbes.com)
Russian banks beat App Store Review using fake apps (appleinsider.com)
Meta brushes off risk of account theft via number recycling • The Register
This new Android feature could help save you from phishing and malware – here's how | TechRadar
Denial of Service/DoS/DDOS
Cyber Security sectors adjust as DDoS attacks reach new heights - Help Net Security
How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack | Google Cloud Blog
Telecoms was the most targeted sector for DDoS attacks in 2023
DDoS Hacktivism is Back With a Geopolitical Vengeance - SecurityWeek
Internet of Things – IoT
Data Breaches/Leaks
Bank of America warns customers of data breach after vendor hack (bleepingcomputer.com)
Caravan club admits members' personal data possibly accessed • The Register
DOD notifying people who may be impacted by a year-old data breach | DefenseScoop
The Southern Water cyber attack highlights the wave of threats faced by utilities companies | ITPro
200,000 Facebook Marketplace user records leaked on hacking forum (bleepingcomputer.com)
Prudential says hackers gained access to its computer systems | The Star
Verizon Breach – Malicious Insider or Innocuous Click? - IT Security Guru
DNA testing: What happens if your genetic data is hacked? - BBC Future
BMW security error left valuable private company data exposed online | TechRadar
Organised Crime & Criminal Actors
5 Things Movies Always Get Wrong About Computer Hackers (slashgear.com)
9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data (securityaffairs.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Verizon Breach – Malicious Insider or Innocuous Click? - IT Security Guru
Insider threat greatest mid-market cyber security concern - CIR Magazine
Supply Chain and Third Parties
Bank of America warns customers of data breach after vendor hack (bleepingcomputer.com)
It's Time to Rethink Third-Party Risk Assessment (darkreading.com)
Jet engine dealer to major airlines discloses cyber snafu • The Register
AI outsourcing: A strategic guide to managing third-party risks - Help Net Security
6 best practices for third-party risk management | CSO Online
Software security debt piles up for organisations even as critical flaws drop | CSO Online
Cloud/SaaS
Threat actors in phishing campaign targeted at Office 365 (verdict.co.uk)
Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA | Ars Technica
Benefits and challenges of managed cloud security services | TechTarget
Encryption
Social Media
Meta brushes off risk of account theft via number recycling • The Register
200,000 Facebook Marketplace user records leaked on hacking forum (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Security experts: Investigatory powers plans will delay security updates | Computer Weekly
FCC orders telecom carriers to report PII data breaches within 30 days (bleepingcomputer.com)
Models, Frameworks and Standards
Benefits And Cautions Of Aligning With Cyber Security Frameworks (forbes.com)
Key strategies for ISO 27001 compliance adoption - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
UK cyber skills gap risk to businesses and national security | TechRadar
Higher education offers limited benefit to many infosec pros | SC Media (scmagazine.com)
We can’t risk losing staff to alert fatigue - Help Net Security
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Why we fall for fake news and how can we change that? - Help Net Security
France uncovers a vast Russian disinformation campaign in Europe (economist.com)
Deepfake Democracy: AI Technology Complicates Election Security (darkreading.com)
Kremlin dismisses Europe's warnings about 'Russian propaganda' | Reuters
Cyber threats cast shadow over 2024 elections - Help Net Security
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)
Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years - SecurityWeek
Rise in cyberwarfare tactics fueled by geopolitical tensions - Help Net Security
Threat actors intensify focus on NATO member states - Help Net Security
Nation State Actors
China
Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)
US Official Warns of China’s Growing Offensive Cyber Power – The Diplomat
China Targets US Hacking Ops in Media Offensive - Infosecurity Magazine (infosecurity-magazine.com)
Threat actors intensify focus on NATO member states - Help Net Security
Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years - SecurityWeek
Top US Venture Firms Funded Blacklisted Chinese Companies, House Committee Says | Mint
Russia
Microsoft and OpenAI thwart AI use by state-affiliated hackers (geekwire.com)
Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)
Russia Continues to Focus on Cyber Operations and Espionage (inforisktoday.com)
Russian banks beat App Store Review using fake apps (appleinsider.com)
France uncovers a vast Russian disinformation campaign in Europe (economist.com)
Kremlin dismisses Europe's warnings about 'Russian propaganda' | Reuters
The methods of Russian interference in Scottish politics (ukdefencejournal.org.uk)
Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor (thehackernews.com)
Iran
How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)
Iranian cyber attacks targeting US and Israeli entities | TechTarget
North Korea
How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)
Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea (thehackernews.com)
North Korea turns to designing gambling websites for cash • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Security experts: Investigatory powers plans will delay security updates | Computer Weekly
Three critical application security flaws scanners can’t detect (bleepingcomputer.com)
Vulnerabilities
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs (bleepingcomputer.com)
Zoom stomps critical privilege escalation bug, 6 other flaws • The Register
Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices (thehackernews.com)
Hackers used new Windows Defender zero-day to drop DarkMe malware (bleepingcomputer.com)
ESET Patches High-Severity Privilege Escalation Vulnerability - SecurityWeek
CISA: Roundcube email server bug now exploited in attacks (bleepingcomputer.com)
Urgent patches available for QNAP vulnerabilities, one 0-day • The Register
Tools and Controls
Leveraging threat intelligence for regulatory compliance (betanews.com)
Remote Monitoring & Management software used in phishing attacks | Malwarebytes
It's Time to Rethink Third-Party Risk Assessment (darkreading.com)
MFA isn't always keeping businesses safe from cyber attack | TechRadar
Understand the pros and cons of enterprise password managers | TechTarget
4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)
This botched migration shows why you need to deal with legacy tech | ZDNET
Benefits and challenges of managed cloud security services | TechTarget
5 Steps to Improve Your Security Posture in Microsoft Teams (bleepingcomputer.com)
No Security Scrutiny for Half of Major Code Changes: AppSec Survey - SecurityWeek
10 Security Metrics Categories CISOs Should Present to the Board (darkreading.com)
Three critical application security flaws scanners can’t detect (bleepingcomputer.com)
What is Threat Detection and Incident Response? - Security Boulevard
Reports Published in the Last Week
Other News
This botched migration shows why you need to deal with legacy tech | ZDNET
What is Threat Detection and Incident Response? - Security Boulevard
How Non-Profits and NGOs Deal with Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Here's how we get young people to rally for cyber security | World Economic Forum (weforum.org)
Types of Cyber security Threats and Vulnerabilities - Security Boulevard
Hacking the flow: The consequences of compromised water systems - Help Net Security
Dutch insurers still requiring nudes from cancer patients • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling·
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 26 January 2024
Black Arrow Cyber Threat Intelligence Briefing 26 January 2024:
-Russian Hackers' Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call
-94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures
-Cyber Risks Needs to be Prioritised as a Key Business Risk Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda
-81% of Security Professionals Say Phishing Is Top Threat
-Ransomware Attacks Cause Significant Psychological Harm
-Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password
-NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime
-Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk
-Historic Data Leak Reveals 26 billion Records: Check What is Exposed
-Boardroom Cyber Expertise Comes Under Scrutiny
-“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules
-Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%
Black Arrow Cyber Threat Briefing 26 January 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Russian Hackers’ Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call
Just recently, it was publicly disclosed that Microsoft and Hewlett Packard Enterprise (HPE) had their corporate mailboxes breached by threat actors. In the Microsoft breach, a hacking group had used a password spray attack to compromise a non-production test account, and leverage that to access corporate accounts. In the HPE breach, corporate access was gained through unauthorised access to SharePoint files. Both attacks highlight the need for identity threat detection: the ability to identify malicious activity from trusted identities before more sophisticated damage is caused. Cyber incidents are a matter of when, not if, and it is important to have detection capabilities, even for trusted accounts.
Sources: [Help Net Security] [Security Boulevard]
94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures
A recent study found that while 94% of CISOs are concerned with third-party cyber security threats, including 17% who view it as a top priority, only 3% have implemented a third -party cyber risk management solution and 33% have noted plans to implement this year. Small and medium sized businesses may not have the resources of a larger organisation yet will have a similar level of third-party risk. This makes the need for an effective solution even more important, and in some cases this may include outsourcing to cyber experts.
Sources: [Dark Reading]
Cyber Risks Needs to be Prioritised as a Key Business Risk, Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda
The UK Government has proposed a new Code of Practice on cyber security governance, aimed at directors and senior business leaders. The draft document emphasises the need to prioritise cyber security on par with financial and legal risks. It outlines several key areas for focus, including risk management, cyber strategy, fostering a cyber security culture among employees, incident planning and response, and establishing clear governance structures. With digital technologies playing a crucial role in business resilience, the code calls for greater involvement of executive and non-executive directors in technology governance strategies. The UK Minister for AI and Intellectual Property has highlighted that cyber attacks are as damaging to organisations as financial and legal pitfalls. It is crucial that directors take a firm grip of their organisation’s cyber security regimes to protect their customers, workforce, business operations and the wider economy. This initiative reinforces the importance of a holistic approach to cyber security, including robust incident response plans and regular practice to enhance cyber resilience. It’s a timely reminder that cyber threats are as detrimental to organisations as financial and legal challenges, and this code aims to empower leaders to navigate these threats effectively.
Sources: [Computer Weekly] [Electronics Specifier] [GOV UK] [TechRadar] [Infosecurity Magazine]
81% of Security Professionals Say Phishing Is Top Threat
A recent study found 81% of organisations anticipated phishing as their top security risk over the coming months. In a separate report, it was found that 94% of organisations globally had experienced an email security incident in the past 12 months, with a 10% rise in phishing. It is not just emails where phishing attacks are occurring: in another report, the second half of 2023 saw a 198% increase in browser based phishing attacks. It is clear that phishing is a threat to organisations, and it is important to be prepared.
Sources: [ITPro] [Beta News] [Security Magazine]
Ransomware Attacks Cause Significant Psychological Harm
One area of ransomware that often gets overlooked, is the psychological impact. A recent report by the Royal United Services Institute found that some attacks had caused so much impact that organisations hired post-traumatic stress disorder support teams. A significant number of respondents experienced sleep deprivation, resulting in them developing extreme fatigue and falling asleep at work. Various levels of stress were experienced by security workers, with one interviewee citing the stress of a ransomware attack as a potential cause for a heart attack that required surgery. This highlights that, as with the wider subject of cyber and information security, consideration needs to be given to more than just IT and IT controls: it shows the need for a holistic approach to include people, operations and technology.
Sources: [The Record Media] [TechRadar]
Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password
A recent report has revealed that two million compromised cloud credentials used ‘123456’ as a password. This alarming trend underscores the ongoing issue of weak passwords, which are easily exploited by hackers. Despite the availability of advanced password creation and storage tools, a significant number of individuals and organisations continue to use weak passwords. Furthermore, the report found that 88% of organisations still rely on passwords as their primary authentication method. Despite the focus on password security, nearly every organisation has had risk management lapses. The report highlights the urgent need for stronger password policies and the adoption of more secure authentication methods. Equally, the attacks highlight that simply moving to the cloud does not solve security challenges, and poor cyber hygiene in the cloud will lead to problems.
Sources: [ITPro] [Business Wire] [Security Magazine]
NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime
An article published by the UK’s National Cyber Security Centre (NCSC) states that AI is already being used to increase the efficacy of cyber attacks, and that AI will continue to significantly increase the odds of a successful attack. AI models will build capability as they are informed by data describing previous successful attacks. The NCSC noted that “It is likely that highly capable unfriendly nation states have repositories of malware that are large enough to effectively train an AI model for this purpose”. The message from the NCSC is clear: AI will propel cyber incidents and organisation must take this into consideration as part of their wider cyber risk management strategy.
Sources: [The Register] [PC Mag] [The Messenger ] [Silicon UK]
Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk
Cyber attacks soared again last year, and attackers are increasingly taking advantage of software vulnerabilities to breach organisations. This is due to the continuous discovery of new vulnerabilities, and with that, a constant challenge for firms to apply patches. A report found many organisations lack an effective vulnerability management programme and are leaving themselves open to attacks; and in some cases they are left vulnerable for years.
One key hindrance found by the report is the sheer volume of vulnerabilities identified and patched by vendors, leaving organisations with the perpetual challenge of timely patching. This complication is made worse for small and medium sized businesses where they have less resources. The report found that legacy systems are a large risk for many organisations; in fact, older Windows server OS versions - 2012 and earlier – were found to be 77% more likely to experience attack attempts than newer versions. Many firms are still not taking this danger seriously enough and as a result, blind spots and critical vulnerabilities are worsening, creating more opportunities for attackers.
Sources: [ITPro] [Help Net Security] [ITPro]
Historic Data Leak Reveals 26 billion Records: Check What is Exposed
In what has been described as the ‘mother of all breaches’, 26 billion records have been exposed. These aren’t all new, as a lot of the records are from numerous breaches, however they are all in one location, compiled and index for use. With the emergence of this, there is will likely be a surge in attacks and if you haven’t changed your credentials, or are reusing these same credentials, you may find yourself a victim. To check if your email has been compromised in a breach, you can check on the website www.HaveIBeenPwned.com
Source: [Security Affairs]
Boardroom Cyber Expertise Comes Under Scrutiny
Cyber security concerns continue to be a critical issue for organisations, driven by factors such as data protection, compliance, risk management, and business continuity. However, a recent report reveals a concerning trend where only 5% of Chief Information Security Officers (CISOs) report directly to the CEO, down from 11% in 2021. This gap between cyber security leadership and board-level involvement is a challenge. A report emphasises that many board members lack the technical expertise to understand cyber security, while CISOs often communicate in technical jargon, making it difficult for boards to grasp the significance of security issues. To bridge this gap, it's crucial to educate board members on the real-world risks and costs associated with cyber incidents. Sharing simple metrics like the global average cost of a data breach, which is $4.45 million, can help them understand the financial impact. Moreover, CISOs should learn to convey cyber security matters in business terms and quantify the organisation's cyber risk exposure. By providing boards with information to understand and engaging in informed discussions, they can enhance their cyber security strategy and ensure that these vital issues are prioritised appropriately.
Source: [Security Intelligence]
“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules
The landscape of cyber security is evolving rapidly, with two significant EU regulations: the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), set to take effect in the coming months. NIS2 expands cyber security standards to include critical services like transportation, water services, and health services, while DORA focuses on the financial services sector and aims to ensure resilience against cyber threats.
These regulations necessitate strong cyber security testing, incident reporting processes, and comprehensive assessments of third-party providers' security. Compliance with these regulations will introduce complexity and costs, requiring organisations to prepare comprehensively for the evolving cyber security landscape, including the implications of artificial intelligence. Transparency and understanding are key, as boards must fully comprehend data processing and technology usage within their organisations, ushering in a new era of cyber security governance.
Source: [The Currency]
Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%
In 2023, there was a significant surge in ransomware attacks globally. The number of attack attempts more than doubled, increasing by 104%. A report shows that there were 1,900 total ransomware attacks within just four countries: the US, UK, Germany, and France. The use of double extortion techniques, where hackers not only encrypt the data but also steal confidential data beforehand and threaten to release it if their demands are not fulfilled, are becoming increasingly common, with now triple and quadruple extortion techniques also being increasingly deployed. It was also found that data exfiltration was present in approximately 91% of all publicly recorded ransomware attacks in 2023. These figures underscore the growing threat of ransomware and the need for robust cyber security measures.
Sources: [Security Boulevard] [Security Affairs] [Security Brief] [Business Wire]
Governance, Risk and Compliance
Treat cyber risk like financial or legal issue, says UK government | Computer Weekly
Business leaders urged to toughen up cyber attack protections - GOV.UK (www.gov.uk)
Organisations face devastating financial consequences from cyber attacks (betanews.com)
Cyber Security Attack Attempts More Than Doubled, Increasing 104% in 2023 | Business Wire
The growing role of CISOs in cyber security governance - APDR (asiapacificdefencereporter.com)
Boardroom cyber expertise comes under scrutiny (securityintelligence.com)
Resilience: The New Priority for Your Security Model (inforisktoday.com)
10 must-have security tips for digital nomads | Computerworld
CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)
Why cyber attacks mustn’t be kept secret - Help Net Security
Business continuity vs. disaster recovery vs. incident response | TechTarget
Why resilience leaders must prepare for polycrises - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks break records in 2023: the number of victims rose by 128% (securityaffairs.com)
UK Intelligence Fears AI Will Fuel Ransomware, Exacerbate Cyber Crime (pcmag.com)
Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News
UK gov tells SMBs to get better at protecting themselves from cyber attacks | TechRadar
Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)
Kasseika ransomware uses antivirus driver to kill other antiviruses (bleepingcomputer.com)
Organisations invest more in data protection but recover less - Help Net Security
Evolving BianLian ransomware attack strategies detailed | SC Media (scmagazine.com)
Hackers target TeamViewer to try and get access to your company's network | TechRadar
Ransomware Victims
Major US, UK Water Companies Hit by Ransomware - SecurityWeek
Sweden’s Riksbank Turns to Police as Cyber Attack Hits IT Firm - BNN Bloomberg
Owner of The North Face, Supreme, Vans, Reports Breach Affecting 35M Users (pcmag.com)
Primary Health & Wellness Center, LLC’s public notice of ransomware incident (databreaches.net)
LockBit gang claims the attack on the sandwich chain Subway (securityaffairs.com)
loanDepot says ransomware gang stole data of 16.6 million people (bleepingcomputer.com)
Aviation Leasing Giant AerCap Hit by Ransomware Attack - SecurityWeek
Global fintech firm EquiLend offline after recent cyber attack (bleepingcomputer.com)
Ransomware Group Offers Hacked Serbian Electricity Provider's Data For Download (rferl.org)
Cyber attack in Merseyside as 'immediate steps taken' (msn.com)
Phishing & Email Based Attacks
81 percent of security pros say phishing is the top threat (betanews.com)
Browser Phishing Threats Grew 198% Last Year - Infosecurity Magazine (infosecurity-magazine.com)
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)
Organisations need to switch gears in their approach to email security - Help Net Security
HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek
Russian hackers breached Microsoft, HPE corporate maliboxes - Help Net Security
Don’t Take The Bait: How To Prevent A Phishing Attack | Kohrman Jackson & Krantz LLP - JDSupra
Trezor reveals 66,000 users could face phishing attack (coinjournal.net)
PHP-less phishing kits that can run on any website | Netcraft
New KnowBe4 Report Shows Major Spike in Public Sector Attacks in 2023 | Business Wire
Artificial Intelligence
AI Will ‘Almost Certainly’ Turbocharge Cyber attacks, UK Warns - The Messenger
The near-term impact of AI on the cyber threat - NCSC.GOV.UK
NCSC: AI to boost nation-states’ malware potency • The Register
Battling Misinformation During Election Season (darkreading.com)
Unmasking Deceptive Behaviour: Risks and Challenges in Large Language Models (azoai.com)
AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)
Researchers Map AI Threat Landscape, Risks (darkreading.com)
The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard
Malware
NCSC: AI to boost nation-states’ malware potency • The Register
MacOS devices are being targeted by pirated apps that want to hijack your machine | TechRadar
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)
'Inhospitality' malspam campaign targets hotel industry | SC Media (scmagazine.com)
Blackwood APT delivers malware by hijacking legitimate software update requests - Help Net Security
SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks (thehackernews.com)
Mobile
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)
iPhone, Android Ambient Light Sensors Allow Stealthy Spying (darkreading.com)
New method to safeguard against mobile account takeovers - Help Net Security
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)
SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)
Zero-Click Bluetooth Attack: A Growing Threat for Unpatched Android Phones - gHacks Tech News
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Historic data leak reveals 26 billion records: check what's exposed (securityaffairs.com)
Data of 15 million Trello users scraped and offered for sale - Help Net Security
Personal details of 6,000 people leaked in Greater Manchester council data breach (msn.com)
BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)
Healthtech firm's cyber attack victim list keeps growing - Digital Journal
VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million - SecurityWeek
Class Actions Filed Over Builders Mutual, Progressive’s Own Data Breaches (claimsjournal.com)
loanDepot cyber attack causes data breach for 16.6 million people (bleepingcomputer.com)
Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)
The growing threat of data breaches in the age of AI and data privacy | TechRadar
23andMe data breach: Hackers stole raw genotype data, health reports (bleepingcomputer.com)
Organised Crime & Criminal Actors
Grooming, radicalization and cyber attacks: INTERPOL warns of ‘Metacrime’
Bulletproof Hosting: A Critical Cyber Criminal Service | Intel471
'VexTrio' TDS: The Biggest Cyber Crime Operation on the Web? (darkreading.com)
Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)
Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US regulator admits cyber security lapse before rogue Bitcoin post - BBC News
Trezor reveals 66,000 users could face phishing attack (coinjournal.net)
Insider Risk and Insider Threats
Majority of companies not prepared for insider threats (betanews.com)
Fighting insider threats is tricky but essential work - Help Net Security
Insurance
Supply Chain and Third Parties
From vulnerability to vigilance: strategies for ensuring supply chain security (techuk.org)
Supply chain security: Responding to emerging cyber threats (techuk.org)
CISOs' role in identifying tech components and managing supply chains - Help Net Security
Rethinking supply chain resilience as cyber attacks get more disruptive (techuk.org)
Cloud/SaaS
On premises vs. cloud pros and cons, key differences | TechTarget
The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard
Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)
Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)
88% of organisations use passwords as primary authentication method | Security Magazine
The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro
Social Media
Meta won't remove fake Instagram profiles that are clearly catfishing (bleepingcomputer.com)
Watch out for "I can't believe he is gone" Facebook phishing posts (bleepingcomputer.com)
SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)
Malvertising
Google Updates Chrome's Incognito Warning to Admit It Tracks Users in ‘Private’ Mode | WIRED
Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED
Regulations, Fines and Legislation
Without clear guidance, SEC’s new rule on incident reporting may be detrimental - Help Net Security
SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)
US regulator admits cyber security lapse before rogue Bitcoin post - BBC News
Countdown for businesses to comply with leaked EU AI Act draft begins | Biometric Update
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)
Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek
Secret Service to revive the Cyber Investigations Advisory Board | CyberScoop
Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek
The small print leaving UK plc exposed to ‘nuclear level’ cyber attacks (telegraph.co.uk)
Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times
Russia
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack (thehackernews.com)
Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard
Microsoft Says Russians Hacked It to Find Information About Themselves (businessinsider.com)
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs (thehackernews.com)
HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek
Russian hackers shift to new malware tactics, Google says (siliconrepublic.com)
Massive cyber attack targets Ukrainian online bank (kyivindependent.com)
Learning From Ukraine's Pioneering Approaches to Cyber Security (darkreading.com)
Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times
Ukraine’s Largest Gas and Oil Company Under Cyber Attack (kyivpost.com)
Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News
Hundreds of Russian sites breached by Ukrainian hackers | SC Media (scmagazine.com)
Apple Pays $13 Million Russian Fine, Goes Directly Into Federal Budget (businessinsider.com)
Iran
North Korea
Vulnerability Management
45% of critical CVEs left unpatched in 2023 - Help Net Security
Patch management: Why firms ignore vulnerabilities at their own risk | ITPro
What Is Vulnerability Management? Definition, Process Steps, Benefits and More - Security Boulevard
Security vendors are accused of bending CVE assignment rules • The Register
German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)
The effect of omission bias on vulnerability management - Help Net Security
52% of Serious Vulnerabilities We Find are Related to Windows 10 (thehackernews.com)
Vulnerabilities
Cisco warns of critical RCE flaw in communications software (bleepingcomputer.com)
CISA emergency directive: Mitigate Ivanti zero-days immediately (bleepingcomputer.com)
Third Ivanti Vulnerability Exploited in the Wild, CISA Reports (darkreading.com)
Ivanti: VPN appliances vulnerable if pushing configs after mitigation (bleepingcomputer.com)
Chrome 121 ships with security updates and new AI tools - gHacks Tech News
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)
Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)
Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure - SecurityWeek
Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek
Critical Vulnerabilities Found in Open Source AI/ML Platforms - SecurityWeek
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell (securityaffairs.com)
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)
High-Severity Vulnerability Patched in Splunk Enterprise - SecurityWeek
Millions at Risk As 'Parrot' Web Server Compromises Take Flight (darkreading.com)
Security vendors are accused of bending CVE assignment rules • The Register
Mozilla Releases Security Updates for Thunderbird and Firefox | CISA
5379 GitLab servers vulnerable to zero-click account takeover attacks (securityaffairs.com)
Hackers target WordPress database plugin active on 1 million sites (bleepingcomputer.com)
Tools and Controls
Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard
Resilience: The New Priority for Your Security Model (inforisktoday.com)
With so much data at hand, should cyber defences be more effective? | TechRadar
How to Shine in Your Next Cyber Security Audit - Security Boulevard
AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)
Business continuity vs. disaster recovery vs. incident response | TechTarget
Why resilience leaders must prepare for polycrises - Help Net Security
Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)
German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)
The 9 best incident response metrics and how to use them | TechTarget
The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard
We Must Consider Software Developers a Key Part of the Cyber Security Workforce | CISA
Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)
Emerging trends and strategies in digital forensics - Help Net Security
Cyber Security Risk Management: Frameworks, Plans, & Best Practices - Security Boulevard
Reports Published in the Last Week
Other News
With so much data at hand, should cyber defences be more effective? | TechRadar
Threat actors are exploiting web applications - Security Boulevard
Public Sector Cyber Attacks Rise By 40% in 2023 - IT Security Guru
Cyber Security Challenges at the World Economic Forum (govtech.com)
The Threat Landscape Is Always Changing: What to Expect in 2024 | Proofpoint US
What is Lateral Movement in Cyber Security? - Security Boulevard
Cyber Security and Trends in 2024 Based on WEF 2024 Outcomes | HackerNoon
US suffered cyber attacks from 168 threat actors in 2023 | Security Magazine
US continues to be leading cyber threat target | SC Media (scmagazine.com)
Rise in cyber crime attacks against Industrial IoT sparks alarm (securitybrief.co.nz)
Offshore wind farms are vulnerable to cyber attacks, study shows (techxplore.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.