Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Ransomware Victims Surge by 47% as Small Businesses Targeted

Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.

Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.

Source [Infosecurity Magazine]

MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards

The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.

The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens. 

Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]

SMEs Overestimate Their Cyber Security Preparedness

According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.

The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Helpnet Security] [Security Magazine]

China’s Hacking Power Bigger Than Rest of World Combined

In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.

This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.

Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]

Cyber Insurance Claims for Ransomware Reach Record High

A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.

The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA)  released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.

Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]

Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives

Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).

C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.

This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.

Sources: [MSSP Alert] [Tech Radar]

Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats

Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.

One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.

Source: [Synack]

Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company

A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.

The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?

Sources [PC Mag]

Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them

With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.

The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.

Sources: [Computer Weekly] [CSO Online]

Half of Executives Expect Supply Chain Challenges

With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.

One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.  

Sources [PRnewswire] [SiliconANGLE]

How Social Engineering Takes Advantage of Your Kindness

Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.

Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.

Source: [Engadget]

Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually

A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.

Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.  

Source: [Information Security Buzz]

Governance, Risk and Compliance

• Cyber security still remains the greatest concern for many executives | TechRadar

• Cyber attacks are constant and test even the best | Newsroom

• Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)

• SMEs overestimate their cyber security preparedness - Help Net Security

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert

• Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)

• How to Get Your Board on Board With Cyber security (darkreading.com)

• Security concerns and outages elevate observability from IT niche to business essential - Help Net Security

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)

• Over a Third of UK Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• Poor digital experience a blocker for cyber resilience | Computer Weekly

• What is Governance, Risk and Compliance (GRC)? | TechTarget Definition

• How to prevent and prepare for a cyber catastrophe (securityintelligence.com)

• The rise of CISO stress: Recognising and reconciling the threat of litigation for CISOs (securitybrief.co.nz)

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

• The realities of modern cyber security: CrowdStrike CSO weighs in on how businesses must adapt - SiliconANGLE

• Why more security doesn’t mean more effective compliance - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com

• New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines - Infosecurity Magazine (infosecurity-magazine.com)

• Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)

• ‘Top’ ransomware gangs favour smaller businesses | Computer Weekly

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Ransomware group's evolving tactics pose growing threat - Nextgov/FCW

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian

• NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)

• Scattered Spider, Alphv, and the MGM hack, explained - The Hustle

• Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)

• What is Extortionware? How is it Different from Ransomware? (techtarget.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

• Cyber insurance claims for ransomware reach record high (betanews.com)

• Ransomware gang targeting defence firms, FBI warns - Defence One

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)

• FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)

• Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week

• Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)

• Ransomware vs. resources: A higher education dilemma - eCampus News

Ransomware Victims

• Two Vegas casinos fell victim to cyber attacks, shattering the image of impenetrable casino security | AP News

• Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k

• Clorox expects August’s cyber security attack to have a ‘material’ impact on first-quarter results - MarketWatch

• Clorox products in short supply after cyber attack disrupts operations | CNN Business

• Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)

• UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)

• Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)

• Major trucking software provider confirms ransomware incident (therecord.media)

• Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)

Phishing & Email Based Attacks

• Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• HR phishing: self-evaluation questionnaire | Kaspersky official blog

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

BEC – Business Email Compromise

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

Other Social Engineering; Smishing, Vishing, etc

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• How social engineering takes advantage of your kindness (engadget.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

Artificial Intelligence

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

• NSA Report: Deepfakes Threaten National Security | MSSP Alert

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• WormGPT: AI tool designed to help cyber criminals will let hackers develop attacks on large scale, experts warn | Science & Tech News | Sky News

• Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)

• Companies still don’t know how to handle generative AI risks - Help Net Security

• 85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)

• McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)

• Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)

• Poland investigates OpenAI over privacy concerns | Reuters

2FA/MFA

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

Malware

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)

• Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)

• Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

• ‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

Mobile

• Dangerous permissions detected in top Android health apps (securityaffairs.com)

• Android security updates: Everything you need to know | Android Central

• Google releases an update for compatible Pixel devices; Android 14 no, September security patch yes - PhoneArena

• Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

Botnets

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

Internet of Things – IoT

• DDoS 2.0: IoT Sparks New DDoS Alert (thehackernews.com)

• IoT threats in 2023 | Securelist

• Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)

• No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)

Data Breaches/Leaks

• Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• Police data breach: 20,000 data points 'at risk' (computing.co.uk)

• CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)

• Pizza Hut Australia hack: data breach exposes customer information and order details | Australia

• Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)

• T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK

• Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• TransUnion says dump of customer data came from third party • The Register

• US govt IT worker accused of leaking top secrets • The Register

Organised Crime & Criminal Actors

• Europol lifts the lid on cyber crime tactics (malwarebytes.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• India's biggest tech centres named as cyber crime hotspots • The Register

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

Insider Risk and Insider Threats

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• HR’s role in cyber security and insider threat mitigation - Hindustan Times

• Insider risks are getting increasingly costly | CSO Online

• Can Users Be Trusted to Skirt Hackers’ Lures? | MSSP Alert

Fraud, Scams & Financial Crime

• Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• cyber criminals: Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• Another $40m Dispersed to Western Union Fraud Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

• Illegal Betting Ring Used Satellite Tech to Get Scoop on Results - Infosecurity Magazine (infosecurity-magazine.com)

• Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)

• Court sentences pair for India-based robocall scam • The Register

• Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK

• Singapore to detail fraud liability split for bank & victim • The Register

Deepfakes

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

Insurance

• Cyber insurance claims for ransomware reach record high (betanews.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

Dark Web

• Brits Are in the Dark About the Dark Web - IT Security Guru

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Supply Chain and Third Parties

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)

• High-stakes digital heists: Enterprise software supply chains become new battleground for cyber criminals - SiliconANGLE

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• How cyber attacks on Taiwan are hurting global business - Raconteur

Software Supply Chain

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

Cloud/SaaS

• Cloud to Blame for Almost all Security Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

• Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• The Rise of the Malicious App (thehackernews.com)

Hybrid/Remote Working

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• Spies working from home despite fears they could be hacked by foreign states (telegraph.co.uk)

Shadow IT

• Shadow IT: Security policies may be a problem - Help Net Security

Identity and Access Management

• CISA Releases New Identity and Access Management Guidance - Security Week

Encryption

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)

Open Source

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)

• Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)

Social Media

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

Malvertising

• Probe reveals secret Israeli spyware that infects via ads • The Register

Training, Education and Awareness

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

Parental Controls and Child Safety

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

Regulations, Fines and Legislation

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

Models, Frameworks and Standards

• How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

Data Protection

• UK-US Confirm Agreement for Personal Data Transfers - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Digital Deficit: 93% of UK Employers Identify An IT Skills Gap Within The UK Job Market - IT Security Guru

• Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• IT pros told to accept burnout as normal part of their job - Help Net Security

• Wanted: another 3mn cyber professionals | Financial Times (ft.com)

Law Enforcement Action and Take Downs

• How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)

• Court sentences pair for India-based robocall scam • The Register

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Researchers used Wi-Fi signals to see through walls. Game-changing breakthrough? Or privacy nightmare waiting to happen? | TechRadar

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

Misinformation, Disinformation and Propaganda

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• International Criminal Court hacked amid Russia probe • The Register

• Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

• Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)

• Russian allegedly smuggled US weapons electronics to Moscow • The Register

China

• Chinese Cyber Power Bigger Than the Rest of the World Combined - Infosecurity Magazine (infosecurity-magazine.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• FBI chief says China has bigger hacking program than the competition combined | Reuters

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

• Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

• Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)

• How cyber attacks on Taiwan are hurting global business - Raconteur

• Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities | Recorded Future

• DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)

Iran

• Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)

• Iranian state-backed hackers target global satellite, defence, and pharma companies (databreaches.net)

• Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)

North Korea

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)

Misc Nation State/Cyber Warfare

• New Research Finds Cyber attacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% | Business Wire

• Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• OODA Loop - Is Future Escalation in Cyber Conflict a Foregone Conclusion?

Vulnerability Management

• KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned  | CISA

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

• How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)

Vulnerabilities

• Fortinet Releases Security Updates for Multiple Products | CISA

• Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security

• iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac

• Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability (thehackernews.com)

• If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar

• GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)

• Microsoft releases firmware update for all Surface devices | TechSpot

Tools and Controls

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)

• Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Shadow IT: Security policies may be a problem - Help Net Security

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

• How Choosing Authentication Is a Business-Critical Decision (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• What is DNS over HTTPS (DoH)? (techtarget.com)

Reports Published in the Last Week

• QBE Mid-sized Business Risk Report | QBE US

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

Other News

• Why automakers are worried your car is the next target for cyber attacks - CityAM

• Consumers are being bombarded with billions of threats every year | TechRadar

• Bad torts: Law firms feel the heat from rising cyber threats (synack.com)

• 8 new threats to Mac security in 2023 - TechFruit

• SME Cyber Security – Time for a New Approach? - IT Security Guru

• Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)

• Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online

• Home Office sets up cyber security for Emergency Services Network | UKAuthority

• Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)

• Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)

• Cyber on the battlefield is about more than IT - Nextgov/FCW

• From national threats to click-happy employees: Decoding the multifaceted cyber security landscape - SiliconANGLE

• Hidden dangers loom for subsea cables, the invisible infrastructure of the internet - Help Net Security

• Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week

• Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week

• Singapore's retail banks take steps to enhance cyber security (finextra.com)

• Cyber pros warn Congress that government shutdown will create open season for cyber attacks - Washington Times

• Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)

• Strong compliance management is crucial for fintech-bank partnerships - Help Net Security

• Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)

• Five easy wins in cyber security | Financial Times (ft.com)

• Dairy industry teams with cyber security group to beef up defences | Food Dive

• Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)

• GCHQ chief takes job in private security company | The Independent

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month

March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.

Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.

The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.

https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/

• Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces

Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.

The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:

• Keeping up with threat intelligence (70%)

• Allocating cyber security resources and budget (47%)

• Visibility into all assets connected to the network (44%)

• Compliance and regulation (39%)

• Convergence of IT and OT (32%)

The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.

https://www.msspalert.com/cybersecurity-news/organizations-overwhelmed-with-cybersecurity-alerts-threats-and-attack-surfaces-armis-study-shows/

• One in Three Businesses Faced Cyber Attacks Last Year

Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.

Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.

https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html

• Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged

Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.

The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.

https://www.darkreading.com/vulnerabilities-threats/why-your-anti-fraud-identity-cybersecurity-efforts-should-be-merged

• Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security

With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.

Cobalt’s recent report found:

• Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.

• Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.

• Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.

https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/

• Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes

Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.

Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.

https://www.hivesystems.io/blog/are-your-passwords-in-the-green

• 83% of Organisations Paid Up in Ransomware Attacks

A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.

Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.

https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/

• Security is a Revenue Booster, Not a Cost Centre

Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.

For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.

In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.

https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center

• Ex-CEO Gets Prison Sentence for Bad Security

A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.

Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.

The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.

https://nakedsecurity.sophos.com/2023/04/18/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence-for-bad-data-security/

• Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers

There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.

https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/

• KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend

KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.

The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.

Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.

https://www.itsecurityguru.org/2023/04/19/knowbe4-q1-phishing-report-reveals-it-and-online-services-emails-drive-dangerous-attack-trend/

• Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack

Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.

While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.

https://www.theguardian.com/business/2023/apr/20/capita-admits-customer-data-may-have-been-breached-during-cyber-attack

• Outdated Cyber Security Practices Leave Door Open for Criminals

A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.

https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/

• Quantifying Cyber Risk Vital for Business Survival

Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.

https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/

• Recycled Network Devices Exposing Corporate Secrets

Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.

Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.

In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.

The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.

https://www.infosecurity-magazine.com/news/recycled-network-exposing/

Threats

Ransomware, Extortion and Destructive Attacks

• 83% of organisations paid up in ransomware attacks  | VentureBeat

• March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

• Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)

• RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• UK Education Sector Suffered Most from Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs

• Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek

• LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)

• Abuse victims' data stolen in ransomware attack (rte.ie)

• Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch

• Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs

• Black Basta claims it's selling off stolen Capita data • The Register

• An Analysis of the BabLock Ransomware (trendmicro.com)

• Ransomware reinfection and its impact on businesses - Help Net Security

• Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)

• Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)

• Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)

• Medusa ransomware crew boasts of Microsoft code leak • The Register

• New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• New Qbot campaign delivers malware by hijacking business emails | CSO Online

• KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend - IT Security Guru

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET

• UK government employees receive average of 2,246 malicious emails per year - IT Security Guru

BEC – Business Email Compromise

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• US charges three men with six million dollar business email compromise plot | Tripwire

2FA/MFA

• How to Prevent 2 Common Attacks on MFA (darkreading.com)

Malware

• Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)

• New Chameleon banking trojan is stealing account info — what you need to know | Tom's Guide (tomsguide.com)

• US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)

• New QBot campaign delivered hijacking business correspondenceSecurity Affairs

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• MacStealer - newly-discovered malware steals passwords and exfiltrates data from infected Macs • Graham Cluley

• 'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)

• What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)

Mobile

• Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

Botnets

• 'Zaraza' Bot Targets Google Chrome to Extract Login Credentials (darkreading.com)

Internet of Things – IoT

• Military helicopter crash blamed on missing software patch • The Register

• Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

• Five Eye nations release new guidance on smart city cyber security | CSO Online

Data Breaches/Leaks

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)

• Volvo retailer leaks sensitive files - Security Affairs

• Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek

• Cyber attack on Insurance Information Bureau of India; data at risk - The Economic Times (indiatimes.com)

• Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek

Organised Crime & Criminal Actors

• Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• Standardized data collection methods can help fight cyber crime | TechTarget

• Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

Insider Risk and Insider Threats

• Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Top risks and best practices for securely offboarding employees | CSO Online

• Critical Infrastructure Firms Concerned Over Insider Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How to Strengthen your Insider Threat Security - IT Security Guru

Fraud, Scams & Financial Crime

• Pre-pandemic techniques are fueling record fraud rates - Help Net Security

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• Trial and error in Kuwait | CyberScoop

• US extradites Nigerian charged in $6m email fraud scam • The Register

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• Three charged over banking fraud for hire website | Computer Weekly

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

• Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur

• FTC orders payments firm to pay $650k over tech support scam • The Register

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Fraudsters impersonating genuine providers cost £177.6m in 2022, UK Finance data suggests | Business News | Sky News

• Scammers using social media to dupe people into becoming money mules - Help Net Security

AML/CFT/Sanctions

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)

• Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek

• Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online

Dark Web

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

Supply Chain and Third Parties

• Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)

• 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant

• Capita admits customer, supplier or colleague data may have been accessed by hackers | Business News | Sky News

• Lazarus APT group employed Linux Malware in recent attacks-Security Affairs

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

Software Supply Chain

• CISA Introduces Secure-by-design and Secure-by-default Development Principles – Security Week

Cloud/SaaS

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• Is there really a march from the public cloud back on-prem? | TechCrunch

• Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs

Attack Surface Management

• Recycled Core Routers Expose Sensitive Corporate Network Info (darkreading.com)

Shadow IT

• The staying power of shadow IT, and how to combat risks related to it - Help Net Security

Identity and Access Management

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)

• The biggest data security blind spot: Authorization - Help Net Security

Encryption

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

API

• Triple-digit Increase in API and App Attacks on Tech and Retail - Infosecurity Magazine (infosecurity-magazine.com)

• There's Been a 400% Increase in Unique API Attackers - The New Stack

Open Source

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Security beyond software: The open source hardware security evolution - Help Net Security

• Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com

Passwords, Credential Stuffing & Brute Force Attacks

• How Long It Would Take A Hacker To Brute Force Your Password In 2023, Ranked | Digg

Social Media

• LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Scammers using social media to dupe people into becoming money mules - Help Net Security

Regulations, Fines and Legislation

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Brit cops rapped over app that recorded 200k phone calls • The Register

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Governance, Risk and Compliance

• Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)

• Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• 'One in three firms faced cyber attacks last year' (aol.co.uk)

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

• Quantifying cyber risk vital for business survival - Help Net Security

• Wargaming an effective data breach playbook - Help Net Security

• Outdated cyber security practices leave door open for criminals - Help Net Security

• CISOs struggling to protect sensitive data records - Help Net Security

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Gartner Top Strategic Cyber security Trends 2023

• 3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)

• Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-CIO must pay £81k over Total Shambles Bank migration • The Register

• Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security

• Top risks and best practices for securely offboarding employees | CSO Online

• How companies are struggling to build and run effective cyber security programs - Help Net Security

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)

Secure Disposal

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

Backup and Recovery

• CISOs struggling to protect sensitive data records - Help Net Security

Data Protection

• Government reprimanded for serious breaches of data protection law - Jersey Evening Post

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Brit cops rapped over app that recorded 200k phone calls • The Register

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Careers, Working in Cyber and Information Security

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

Law Enforcement Action and Take Downs

• Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes (bitdefender.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• US extradites Nigerian charged in $6m email fraud scam • The Register

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

• Three charged over banking fraud for hire website | Computer Weekly

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Privacy, Surveillance and Mass Monitoring

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• What the Recent Collapse of SVB Means for Privacy (darkreading.com)

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

Artificial Intelligence

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register

• AI-created malware sends shockwaves through cybersecurity world | Fox News

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)

• ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Misinformation, Disinformation and Propaganda

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers targeting UK more frequently (thetimes.co.uk)

• UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure | CSO Online

• Russian hackers want to ‘disrupt or destroy’ UK infrastructure, minister warns | Hacking | The Guardian

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)

• Meet the hacker armies on Ukraine's cyber front line - BBC News

• Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)

• Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• How cyber support to Ukraine can build its democratic future | CyberScoop

• Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)

• Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)

• Britain sounds alarm on spyware, mercenary hacking market | Reuters

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

• The UK will need more than words in this cyber war | Financial Times (ft.com)

• Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)

Nation State Actors

• BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)

• 3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)

• UK security chief’s alert over threat from China (thetimes.co.uk)

• Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites (thehackernews.com)

• APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)

• China starts ‘surgical’ retaliation against foreign companies after US-led tech blockade | Financial Times

• Iranian-Russian cooperation on hack attacks may challenge Israeli cyber supremacy | The Times of Israel

• US charges 44 members of alleged Chinese troll army • The Register

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets - Microsoft Security Blog

• MuddyWater Uses SimpleHelp to Target Critical Infrastructure Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)

• Iranian Nation-State Actor "Mint Sandstorm" Weaponizes N-day Flaws - Infosecurity Magazine (infosecurity-magazine.com)

• Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)

• Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Vulnerability Management

• Military helicopter crash blamed on missing software patch • The Register

• Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

Vulnerabilities

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• CISA: Patch Bug Exploited by Chinese E-commerce App - Infosecurity Magazine (infosecurity-magazine.com)

• Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)

• Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)

• Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs

• VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek

• Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products (thehackernews.com)

• Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)

Tools and Controls

• CISA Asks Manufacturers to Prioritize Cybersecurity in Product Design - Infosecurity Magazine (infosecurity-magazine.com)

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• 7 countries unite to push for secure-by-design development | CSO Online

• Wargaming an effective data breach playbook - Help Net Security

• Where There's No Code, There's No SDLC (darkreading.com)

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)

• Microsoft opens up Defender with file hash, URL search • The Register

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

• How to build a cybersecurity deception program | TechTarget

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

• Threat Posed by 'Irresponsible' Use of Commercial Hacking Tools Increasing, NCSC Warns - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs struggling to protect sensitive data records - Help Net Security

• Generative AI in SecOps and how to prepare | TechTarget

• AI defenders ready to foil AI-armed attackers • The Register

• Newer Authentication Tech a Priority for 2023 (darkreading.com)

Other News

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop

• Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)

• How to defend against TCP port 445 and other SMB exploits | TechTarget

• Criminal Records Service still disrupted 4 weeks after hack - BBC News

• Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)

• Cyberspace Solarium Commission says space systems should be considered critical infrastructure | CyberScoop

• UK Strengthens Cyber security Audits for Government Agencies - Infosecurity Magazine (infosecurity-magazine.com)

• EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com

 Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of Former Employees Say Their Passwords Still Work

An alarming number of organisations are not properly offboarding employees when they leave, especially in regard to passwords. In a new survey of 1,000 workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.

According to the survey one in three respondents said they had been using the passwords for upwards of two years, which is a distressingly long time for organisations not to be aware of who is accessing those accounts and services.

When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. A concerning 10% of respondents said they were trying to disrupt company activities.

https://www.darkreading.com/edge-threat-monitor/almost-half-of-former-employees-say-their-passwords-still-work

• Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

A recent cyber security report analysed over 60 million security exposures, or weaknesses that could give an attacker access to systems. The report found that only 2% enabled attackers access to critical assets, while 75% of exposures along attack paths lead to “dead ends”. Further, the report shows that average organisations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organisations and exploits accounting for over 70% of all identified security exposures.

The report found that most security alerts were benign and did not lead to critical assets. By applying efficient risk based patch management and reducing unnecessary access to critical assets, organisations can mitigate a significant amount of risk. This isn’t a simple task however, for an organisation to be able to employ efficient risk based patch management it must have a sufficient level of cyber maturity and internal vulnerability scanning accompanied by a dynamic threat intelligence component.

https://www.infosecurity-magazine.com/news/eliminating-2-exposures-protect-90/

• Printers Pose Persistent Yet Overlooked Threat

A rash of printer-related vulnerabilities in 2023 have punctuated security expert warnings that printers continue to be a significant vulnerability within companies — especially as remote workers require printing resources or access to corporate printers. So far in 2023, Lexmark advised that a publicly available remote exploit had already targeted a code execution flaw in its printers, HP warned of a vulnerable firmware version on some of its enterprise printers, and Microsoft fixed three remote code execution vulnerabilities in its printer drivers.

Printers remain a likely soft spot in most companies’ attack surface area, particularly because they are not always part of a company’s asset management process and are often left out of security assessments and risk registers. Many organisations don’t know where their printers are, their security status, configuration, monitoring or logging activity. Research has shown that 67% of companies are worried about the risk home printers may pose and only 26% of information technology and cyber security professionals are confident in their organisation’s printing infrastructure security.

https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat

• Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

Employees and cyber criminals cause similar numbers of data leakages. Kaspersky’s 2022 IT Security Economics survey found cyber-attacks caused 23% of data leakages, while employees caused a similar proportion, at 22%. The rise in employees causing leakages may be linked with more remote working since the pandemic, with new staff laptops, tablets, and virtual private networks (VPNs) featuring among the extra endpoints and systems needing security. Although innocent mistakes or ignoring cyber-security policy were behind most leakages, security managers reported 36% of employee-triggered leakages were deliberate acts of sabotage or espionage. The high number of cyber-incidents stemming from employee action shows all organisations need thorough cyber-security awareness training to teach all staff how to avoid common security mistakes.

https://www.independent.co.uk/news/business/business-reporter/employees-cyber-criminals-cyber-incidents-b2314225.html

• Over 90% of Organisations Find Threat Hunting a Challenge

Executing essential cyber security operations tasks during the threat hunting process is an increasingly challenging proposition to the vast majority of organisations, with 93% of those polled for a Sophos report saying they find basic security operations a chore.

In the report, “The state of cybersecurity 2023: The business impact of adversaries on defenders”, Sophos said these findings were likely the result of the ongoing cyber security skills shortage, which is creating a domino effect in security operations: a lack of skilled personnel makes investigating alerts take longer, which reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.

Organisations that suffer the most are those with revenues of less than $10m (£8m), which are more likely to lack the necessary skillsets, followed by organisations with revenues of more than $5bn, where organisational and system complexity likely play a more prominent role.

https://www.computerweekly.com/news/365534612/Over-90-of-organisations-find-threat-hunting-a-challenge

• 75% of Organisations Have Suffered a Cyber Security Breach

Most organisations need stronger security controls to stop cyber security breaches and cyber attacks, according to “The Data Dilemma: Cloud Adoption and Risk Report” from security service edge (SSE) company Skyhigh Security. Key takeaways from the report include:

• 97% of organisations indicated they are experiencing private cloud problems.

• 75% have experienced a cyber security breach, threat and/or theft of data.

• 75% said shadow IT “impairs their ability to keep data secure.”

• 60% allow employees to download sensitive data to their personal devices.

• 52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.

• 37% said they do not trust the public cloud to secure their sensitive data.

https://www.msspalert.com/cybersecurity-research/skyhigh-security-report-75-of-organizations-have-suffered-a-cybersecurity-breach/

• Leak Shows Evolving Russian Cyber War Capabilities

The leak of thousands of pages of secret documentation related to the development of Moscow’s cyber and information operations capabilities paint a picture of a government obsessed with social control and committed to scaling their capacity for non-kinetic interference.

The leaked documents detail methods and training simulations intended to prepare an operator workforce for offensive operations against critical infrastructure targets. Tools revealed by these recent leaks suggest a desire and an ability to extensively map foreign vulnerabilities and make the job of Russia’s cyber conflict operators as accessible and scalable as possible.

This leak reinforces the significant concern regarding the threat posed by Russian cyber forces to firms across the globe.

https://www.csoonline.com/article/3692821/ntc-vulkan-leak-shows-evolving-russian-cyberwar-capabilities.html#tk.rss_news

• Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

Belgian headquartered HR and payroll giant SD Worx has suffered a cyber attack causing them to shut down all IT systems for their UK and Ireland services. While the login portals for other European countries are working correctly, the company's UK customer portal was not accessible. As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for their client's employees.

According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.

https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/

• When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

If that happens it might be time for your management to clear their desks. The prospect of financial penalties and reputational damage is very real. You need to know your obligations — for instance, reporting the breach to applicable authorities and regulators within strict timeframes — understand the breach, and prioritise. Then you communicate and remedy. If you haven’t planned well, it’s going to be tough.

You need to understand the data breach. Who is affected — is it staff or customer data? What exactly have the cyber criminals accessed? Consider the type of information: salary details and passport copies, or customer payment information.

If personal data has been lost or compromised, you will likely have an obligation under data protection regulations to report the breach to your applicable data protection authority within 72 hours, and if you are a regulated business there will likely be similar requirements to report to your regulator within a similar timeframe. Knowing your obligations — ideally before any hack takes place — will guide how well you respond.

https://www.thetimes.co.uk/article/who-should-i-inform-after-a-data-hack-dcrzvgp2x

• Insider Threat and Ransomware: A Growing Issue

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cyber criminals. Cyber criminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage. Organisations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.

Even if you have good technical controls, the low-hanging fruit is capitalising on the human element and gaining entrance through a person within your organisation. Insider threats come in all shapes and sizes and roles, including employees, executives, former employees, board members, contractors, and service providers. Insider threats, by their very nature, pose a unique challenge for organisations.

https://informationsecuritybuzz.com/insider-threat-and-ransomware-a-growing-issue/

• How LockBit Changed Cyber Security Forever

LockBit are one of the most prolific ransomware gangs globally, accounting for almost half of ransomware attacks in 2022. They not only maintain a high profile, but they’ve also turned ransom monetisation upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. LockBit made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million. This has since been expanded and now offers bounties for creative ways to enhance ransomware operations.

https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/

• Hybrid Work Environments Are Stressing CISOs

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to a new report.

Among the report’s most critical findings is the revelation that browsing-based threats ranked as CISOs’ number one concern, regardless of whether their organisation was operating primarily in an in-office, hybrid, or remote setting.

And as for the risks posed by hybrid and remote workers specifically, insecure browsing also topped the list of CISOs’ concerns.

https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/

• Protect Your Data with a USB Condom

USB isn't just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data. Equally, an employee plugging their personal phone into a corporate USB port may present a danger to the corporate network through the phone. A USB condom is a small dongle that adds a layer of protection between your device and the charging point you're attaching it to by blocking the data being transferred through the port. If you must use a charger, cable, or charging port that isn't under your control, it makes sense to use a USB condom.

https://www.zdnet.com/article/protect-your-data-with-a-usb-condom/

• Strategising Cyber Security: Why a Risk-based Approach is Key

By 2027, cyber crime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cyber security is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organisations.

Modern and effective cyber security management entails more than managing technology risk; it encompasses managing business risk. Organisations must recognise cyber security as a strategic imperative integrated into their overall risk management framework — and this starts at the board level.  In some cases, board members may find it beneficial to seek help in assessing appropriate levels of control.

https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/

Threats

Ransomware, Extortion and Destructive Attacks

• Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (thehackernews.com)

• Microsoft patches vulnerability used in Nokoyawa ransomware attacks | CSO Online

• How LockBit Changed Cyber security Forever (securityintelligence.com)

• Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise (thehackernews.com)

• Insider Threat And Ransomware: A Growing Issue (informationsecuritybuzz.com)

• Rorschach ransomware deployed by misusing a security tool - Help Net Security

• Medusa ransomware claims attack on Open University of Cyprus (bleepingcomputer.com)

• Cyble — New Cylance Ransomware with Power-Packed CommandLine Options

• Taiwanese PC Company MSI Falls Victim to Ransomware Attack (thehackernews.com)

• KFC, Pizza Hut owner discloses data breach after ransomware attack (bleepingcomputer.com)

• 7 Things Your Ransomware Response Playbook Is Likely Missing (darkreading.com)

• Cyber crime group exploits Windows zero-day in ransomware attacks-Security Affairs

• Windows zero-day vulnerability exploited in ransomware attacks (bleepingcomputer.com)

• Ransomware gangs increasingly deploy zero-days to maximize attacks | CyberScoop

• Latitude Financial Refuses to Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)

• Superyacht-Maker Hit by Easter Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

Phishing & Email Based Attacks

• Microsoft: Phishing attack targets accountants as Tax Day approaches (bleepingcomputer.com)

• Researchers Uncover Thriving Phishing Kit Market on Telegram Channels (thehackernews.com)

• Phishing Campaign Targeting YouTube Content Creators, Malware Hitting Charging Stations - MSSP Alert

BEC – Business Email Compromise

• 'BEC 3.0' Is Here with Tax-Season QuickBooks Cyber attacks (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Simple psychology is the most dangerous form of cyber attack (thetimes.co.uk)

2FA/MFA

• Comparing enabled and enforced MFA in Microsoft 365 | TechTarget

• Rilide browser extension steals MFA codes - Help Net Security

Malware

• New Mirai Variant Employs Uncommon Tactics to Distribute Malware (darkreading.com)

• Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques (thehackernews.com)

• BlackGuard Stealer Extends its Capabilities in New Variant - MSSP Alert

• Check Point Software Technologies: Qbot Top Malware in March 2023 - MSSP Alert

• Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages (thehackernews.com)

• DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia - Microsoft Security Blog

• Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads (darkreading.com)

• Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks (bleepingcomputer.com)

• Researchers Uncover 7000 Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft, Fortra Gains Legal Rights Against Cobalt Strike Abuse (informationsecuritybuzz.com)

• Emotet Climbs March 2023's Most Wanted Malware List With OneNote Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users (darkreading.com)

• WhatsApp boosts defence against account takeover via malware (bleepingcomputer.com)

Mobile

• Protect your data with a USB condom | ZDNET

• FBI warns about dangers of public USB charging ports | Popular Science (popsci.com)

• Researchers Uncover Thriving Phishing Kit Market on Telegram Channels (thehackernews.com)

• Android phones vulnerable to remote hacking — update right now | Tom's Guide (tomsguide.com)

• Burglars tunnel through Apple Store’s neighbour, allegedly steal $500K in iPhones | Ars Technica

• 5G connections set to rise past 5.9 billion by 2027 - Help Net Security

• Cyber criminals To Add Android Malware On Google Play Up To $20,000 (informationsecuritybuzz.com)

• Cyber criminals Turn to Android Loaders on Dark Web to Evade Google Play Security (thehackernews.com)

• Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit (thehackernews.com)

• WhatsApp boosts defence against account takeover via malware (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Flood NPM with Bogus Packages Causing a DoS Attack (thehackernews.com)

• DDoS attacks shifting to VPS infrastructure for increased power (bleepingcomputer.com)

• DDoS threat report for 2023 Q1 (cloudflare.com)

• DDoS alert traffic reaches record-breaking level of 436 petabits in one day - Help Net Security

• DDoS attacks rise as pro-Russia groups attack Finland, Israel (techrepublic.com)

Internet of Things – IoT

• Printers Pose Persistent Yet Overlooked Threat (darkreading.com)

• There’s a new form of keyless car theft that works in under 2 minutes | Ars Technica

• Special Report: Tesla workers shared sensitive images recorded by customer cars | Reuters

• Default static key in ThingsBoard IoT platform can give attackers admin access | CSO Online

• 5G connections set to rise past 5.9 billion by 2027 - Help Net Security

• New Ultrasonic Acoustic Attack Targeting Microphones and Voice Assistants Gives Remote Access to Most Smart Devices - The Debrief

• Zigbee PRO 2023 introduces new security mechanisms, feature enhancements - Help Net Security

• Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek

Data Breaches/Leaks

• Samsung employees unwittingly leaked company secret data by using ChatGPT-Security Affairs

• Cloud accounting firm in a pickle after researchers find admin login data | TechRadar

• Service NSW breach exposes personal data affecting thousands of customers | 7NEWS

• Leaked n documents provide rare window into depth of US intelligence on allies and foes | CNN Politics

• Military Intel Leak Investigated By US Officials (informationsecuritybuzz.com)

• Hyundai data breach exposes owner details in France and Italy (bleepingcomputer.com)

• Over 20,000 Iowa Medicaid Members Affected By Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Criminal businesses adopt corporate behaviour as they grow - Help Net Security

• Seized Genesis malware market's infostealers infected 1.5 million computers | CSO Online

• Breached shutdown sparks migration to ARES data leak forums (bleepingcomputer.com)

• FBI: Crooks posing as PRC agents prey on Chinese in the US • The Register

• 5 Types of Cyber Crime Groups (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Sentiment DeFi Hacker Makes Amends by Returning 90% of Funds (beincrypto.com)

• Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages (thehackernews.com)

• EU-Funded Report Calls for Crypto ID Checks, Police Training to Combat Darknet Markets (coindesk.com)

Insider Risk and Insider Threats

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

• Cyber criminals use simple trick to obtain personal data - Help Net Security

• Nearly Half of Workers Pilfer Former Employers’ Passwords to Access Accounts, Study Says - MSSP Alert

• Insider Threat And Ransomware: A Growing Issue (informationsecuritybuzz.com)

• Building a human firewall to block cyber attacks | McKinsey

• How to Combat Insider Threats-Security Affairs

Fraud, Scams & Financial Crime

• FBI warns of companies exploiting sextortion victims for profit (bleepingcomputer.com)

• Cambodia deports 19 Japanese cyber crime scam suspects | News | Al Jazeera

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

• When Banking Laws Don't Protect Consumers From Cybertheft (darkreading.com)

• AI clones child’s voice in fake kidnapping scam | The Independent

• Five arrested after 33,000 victims lose $98M to online investment fraud (bleepingcomputer.com)

• Stolen Card Numbers Plummet 94% Globally - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• 3CX confirms North Korean hackers behind supply chain attack (bleepingcomputer.com)

• Capita: IT outsourcer reels from being locked out of its own IT (thetimes.co.uk)

Cloud/SaaS

• Western Digital struggles to fix massive My Cloud outage, offers workaround (bleepingcomputer.com)

• Nation-state actors are taking advantage of weak passwords to go after cloud customers, Google says | CyberScoop

• Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse - SecurityWeek

• How and Why to Put Multicloud to Work (darkreading.com)

• Iranian APT group launches destructive attacks in hybrid Azure AD environments | CSO Online

• Cloud accounting firm in a pickle after researchers find admin login data | TechRadar

• Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments - SecurityWeek

Hybrid/Remote Working

• 4 ways to secure your remote work setup | ZDNET

• Hybrid work environments are stressing CISOs - Help Net Security

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

Attack Surface Management

• How to Secure Web Applications in a Growing Digital Attack Surface (bleepingcomputer.com)

• The new weakest link in the cyber security chain - Help Net Security

Shadow IT

• How to use a CASB to manage shadow IT | TechTarget

Identity and Access Management

• Identity Management Day: 3 Things MSSPs Need to Know - MSSP Alert

• Centralized vs. decentralized identity management explained | TechTarget

• The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late (thehackernews.com)

Encryption

• The UK government has sparked an encryption row over powers it might never use | Financial Times (ft.com)

• Why the US Needs Quantum-Safe Cryptography Deployed Now (darkreading.com)

API

• How to fix the top 5 API vulnerabilities | TechTarget

• Google launches dependency API and curated package repository with security metadata | CSO Online

• Why Shadow APIs are More Dangerous than You Think (thehackernews.com)

Open Source

• Researchers Uncover 7000 Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Almost Half of Former Employees Say Their Passwords Still Work (darkreading.com)

• LastPass Breach Reveals Important Lessons (darkreading.com)

• Why it's time to move towards a passwordless future - Help Net Security

• AI can crack most password in less than a minute | TechRadar

• How an AI tool could crack your passwords in seconds | ZDNET

• Meet PassGAN, the supposedly “terrifying” AI password cracker that’s mostly hype | Ars Technica

Social Media

• Tech layoffs raise new alarms about how platforms protect users | CNN Business

Malvertising

• Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads (darkreading.com)

Training, Education and Awareness

• How to transform cyber security learning and make content more engaging - Help Net Security

Regulations, Fines and Legislation

• Lagging regulations frustrate protecting data from cyber attacks (themandarin.com.au)

• The UK government has sparked an encryption row over powers it might never use | Financial Times (ft.com)

• Battle could be brewing over new FCC data breach reporting rules | CSO Online

• When Banking Laws Don't Protect Consumers From Cyber Theft (darkreading.com)

Governance, Risk and Compliance

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

• Skyhigh Security Report: 75% of Organizations Have Suffered a Cyber security Breach - MSSP Alert

• Strategising cyber security: Why a risk-based approach is key | World Economic Forum (weforum.org)

• Who should I inform after a data hack? (thetimes.co.uk)

• Two-Fifths of IT Pros Told to Keep Breaches Quiet - Infosecurity Magazine (infosecurity-magazine.com)

• Outcome-based cyber security paves way for organizational goals - Help Net Security

• Why reporting an incident only makes the cyber security community stronger | CSO Online

• 6 common challenges facing cyber security teams and how to overcome them | TechCrunch

• Top 10 Cyber security Trends for 2023: From Zero Trust to Cyber Insurance (thehackernews.com)

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• Threat hunting programs can save organizations from costly security breaches - Help Net Security

• LastPass Breach Reveals Important Lessons (darkreading.com)

• Gartner: Human-Centric Design Is Top Cyber Security Trend for 2023 (darkreading.com)

Law Enforcement Action and Take Downs

• Seized Genesis malware market's infostealers infected 1.5 million computers | CSO Online

• Spanish cops arrest teenage 'Robin Hood hacker' • The Register

• Australia Is Scouring the Earth for Cyber criminals — the US Should Too (darkreading.com)

• Cambodia deports 19 Japanese cyber crime scam suspects | News | Al Jazeera

• Dutch Police mails RaidForums members to warn they’re being watched (bleepingcomputer.com)

• Five arrested after 33,000 victims lose $98M to online investment fraud (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Tesla Sued Over Workers' Alleged Access to Car Video Imagery - SecurityWeek

• Consumers take data control into their own hands amid rising privacy concerns - Help Net Security

Artificial Intelligence

• 5 ChatGPT security risks in the enterprise | TechTarget

• Samsung employees unwittingly leaked company secret data by using ChatGPT - Security Affairs

• Cyber crime: be careful what you tell your chatbot helper… | Chatbots | The Guardian

• US cyber chiefs warn of threats from China and AI • The Register

• When you're talking to a chatbot, who's listening? | CNN Business

• Bad Actors Will Use Large Language Models — but Defenders Can, Too (darkreading.com)

• Fight AI With AI (darkreading.com)

• American investors shouldn’t be ‘arming the enemy’ by helping China create its own version of OpenAI, warns top VC Keith Rabois (yahoo.com)

• GPT-4 tried to escape into the internet today and it ‘almost worked’ | by Cezary Gesikowski | Mar, 2023 | Bootcamp (uxdesign.cc)

• It sounds like science fiction but it’s not: AI can financially destroy your business | Gene Marks | The Guardian

• AI can crack most password in less than a minute | TechRadar

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

• AI clones child’s voice in fake kidnapping scam | The Independent

• European privacy watchdog creates ChatGPT task force | Reuters

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers linked to widespread attacks targeting NATO and EU (bleepingcomputer.com)

• NTC Vulkan leak shows evolving Russian cyberwar capabilities | CSO Online

• What we know about Russian hackers — and how to stop them — after a year of cyberwar in Ukraine | CyberScoop

• The Discord servers at the center of a massive US intelligence leak | CyberScoop

• Cisco trashed offices and destroyed spares as it quit Russia • The Register

• Another zero-click Apple spyware biz shows up in town again • The Register

• Ukrainian hackers spend $25,000 of pro-Russian blogger's money on sex toys (bitdefender.com)

• DDoS attacks rise as pro-Russia groups attack Finland, Israel (techrepublic.com)

• Russian Hacker Group Zarya Hit Canadian Pipeline—Leaked Docs (gizmodo.com)

• Experts warn of new spyware threat targeting journalists and political figures | Hacking | The Guardian

• Russia's Joker DPR Claims Access to Ukraine Troop Movement Data (darkreading.com)

• Spyware Offered to Cyber attackers via PyPI Python Repository (darkreading.com)

• Russian hackers ‘target security cameras inside Ukraine coffee shops’ | Ukraine | The Guardian

• Russian attacks on Ukrainian infrastructure cause internet outages, cutting off a valuable wartime tool | CyberScoop

• Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit (thehackernews.com)

Nation State Actors

• Russia-linked APT29 is behind recent attacks targeting NATO and EU-Security Affairs

• North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack (thehackernews.com)

• Nation-state actors are taking advantage of weak passwords to go after cloud customers, Google says | CyberScoop

• Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise (thehackernews.com)

• US cyber chiefs warn of threats from China and AI • The Register

• Ukrainian hackers spend $25,000 of pro-Russian blogger's money on sex toys (bitdefender.com)

• American investors shouldn’t be ‘arming the enemy’ by helping China create its own version of OpenAI, warns top VC Keith Rabois (yahoo.com)

• Google is on a crusade against cyber security threats from North Korea | TechRadar

• Russian Hacker Group Zarya Hit Canadian Pipeline—Leaked Docs (gizmodo.com)

• Iranian APT group launches destructive attacks in hybrid Azure AD environments | CSO Online

• Leaked US. assessment includes warning about Russian hackers accessing sensitive infrastructure (nbcnews.com)

• FBI: Crooks posing as PRC agents prey on Chinese in the US • The Register

• Lazarus Group's DeathNote Campaign Reveals Shift in Targets - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Eliminating 2% of Exposures Could Protect 90% of Critical Assets - Infosecurity Magazine (infosecurity-magazine.com)

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• Ransomware gangs increasingly deploy zero-days to maximize attacks | CyberScoop

• Google Launches New Cyber security Initiatives to Strengthen Vulnerability Management (thehackernews.com)

Vulnerabilities

• Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (thehackernews.com)

• Windows admins warned to patch critical MSMQ QueueJumper bug (bleepingcomputer.com)

• Nokoyawa ransomware attacks with Windows zero-day | Securelist

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• Apple issues emergency patches for spyware-style 0-day exploits – update now! – Naked Security (sophos.com)

• 1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs (darkreading.com)

• Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance - SecurityWeek

• Cisco Patches Code and Command Execution Vulnerabilities in Several Products - SecurityWeek

• CISA orders agencies to patch Backup Exec bugs used by ransomware gang (bleepingcomputer.com)

• CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• Data-leak flaw in Qualcomm, HiSilicon-based Wi-Fi AP chips • The Register

• Twitter 'Shadow Ban' Bug Gets Official CVE (darkreading.com)

• Exploit available for critical bug in VM2 JavaScript sandbox library (bleepingcomputer.com)

• Microsoft finally gets around to fixing half-decade-old Firefox CPU bug | TechRadar

• SAP releases security updates for two critical-severity flaws (bleepingcomputer.com)

• Adobe Plugs Gaping Security Holes in Reader, Acrobat - SecurityWeek

• Limit Login Attempts Plugin Patches Severe Unauthenticated Stored XSS Vulnerability – WP Tavern

• Fortinet Patches Critical Vulnerability in Data Analytics Solution - SecurityWeek

• How Microsoft’s Shared Key authorization can be abused and how to fix it | CSO Online

• Microsoft shares fix for Outlook issue blocking access to emails (bleepingcomputer.com)

• Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek

Tools and Controls

• Threat hunting programs can save organizations from costly security breaches - Help Net Security

• Stopping criminals from abusing security tools - Microsoft On the Issues

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• LastPass Breach Reveals Important Lessons (darkreading.com)

• The Pope's Security Gets a Boost With Vatican's MDM Move (darkreading.com)

• Bad Actors Will Use Large Language Models — but Defenders Can, Too (darkreading.com)

• Fight AI With AI (darkreading.com)

• Cyber crime: be careful what you tell your chatbot helper… | Chatbots | The Guardian

• Detailed Analysis Of The Best Password Managers In 2023 (informationsecuritybuzz.com)

• How CIEM Can Improve Identity, Permissions Management for Multicloud Deployments (darkreading.com)

• SD-WAN vs. VPN: How do they compare? | TechTarget

• Centralized vs. decentralized identity management explained | TechTarget

• The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late (thehackernews.com)

• What is an Intrusion Prevention System (IPS)? (techtarget.com)

• Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments - SecurityWeek

• How to Secure Web Applications in a Growing Digital Attack Surface (bleepingcomputer.com)

• 4 strategies to help reduce the risk of DNS tunnelling | CSO Online

Reports Published in the Last Week

• DDoS threat report for 2023 Q1 (cloudflare.com)

Other News

• MSI Confirms Cyber Attack, Issues Firmware Download Guidance - SecurityWeek

• Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign - Microsoft Security Blog

• 1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs (darkreading.com)

• Western Digital restores service; attack details remain unclear | TechTarget

• 5 tips for tackling technical debt | CIO

• The Internet Reform Trilemma (darkreading.com)

• Rapid7 Has Good News for UK Security Posture - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Business Email Compromise Attacks Can Take Just Hours

Microsoft’s security intelligence team found that Business Email Compromise (BEC) attacks are moving rapidly, with some taking mere minutes. Microsoft found the whole process, from signing in using compromised credentials to registering typo squatting domains and hijacking an email thread, took threat actors only a couple of hours. Such a rapid attack leaves minimal time for organisations to identify and take preventative action. This is worrying when considering the cost of BEC is predicted to more than tens of billions.

https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attacks-can-take-just-hours/

Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks

In a report of over 800 million breached passwords, vendor Specops identified some worrying results. Some of the key findings from the report include 88% of passwords used in successful attacks consisting of 12 characters or less and the most common base terms used in passwords involving ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’. The report found that 83% of the compromised passwords satisfied both the length and complexity requirements of cyber security compliance standards such as NIST, GDPR, HIPAA and Cyber Essentials.

https://www.itsecurityguru.org/2023/03/08/research-reveals-password-still-the-most-common-term-used-by-hackers-to-breach-enterprise-networks/

Just 10% of Firms Can Resolve Cloud Threats in an Hour

Two-thirds (39%) of global organisations reported a surge in breaches over the past year, with IT complexity increasing and detection and response capabilities worsening, according to Palo Alto Networks. It found that as enterprises move more of their data and workloads to the cloud, they’re finding it increasingly difficult to discover and remediate incidents quickly. Over two-fifths (42%) reported an increase in mean time to remediate, while 90% said they are unable to detect, contain and resolve cyber-threats within an hour. Nearly a third (30%) reported a major increase in intrusion attempts and unplanned downtime. Part of the challenge appears to be the complexity of their cloud security environments – partly caused by tool bloat.

https://www.infosecurity-magazine.com/news/10-firms-resolve-cloud-threats-hour/

MSPs in the Crosshairs of Ransomware Gangs

Many attacks have heightened attention around third-party risk and the security obligations of MSPs in meeting multiple customers’ IT needs. Attacks such as the ones on RackSpace and LastPass show that some ransomware actors are now intentionally targeting MSPs to access sensitive customer data. It is now believed that some advanced persistent threat (APT) groups could be stepping up their attacks on MSP’s in order to gain sensitive customer data.

https://www.msspalert.com/cybersecurity-research/msps-in-the-crosshairs-of-ransomware-gangs/

Stolen Credentials Increasingly Empower the Cyber Crime Underground

Threat Intelligence provider Flashpoint found that last year threat actors exposed or stole 22.62 billion credentials and personal records, which often make their way to underground forums and cyber criminal markets. This follows a significant increase in market activity; just last year Flashpoint recorded 190 new illicit markets emerge and the continual rise in attacks focused on stealing credentials only further empowers cyber crime underground.

https://www.csoonline.com/article/3690409/stolen-credentials-increasingly-empower-the-cybercrime-underground.html#tk.rss_news

It’s Time to Assess the Potential Dangers of an Increasingly Connected World

As global conflicts continue, cyber has become the fifth front of warfare. The world is approaching 50 billion connected devices, controlling everything from our traffic lights to our nuclear arsenal and we have already seen large-scale cyber attacks. Adding to this, a multitude of infrastructure runs on services ran by a handful of companies; Palo Alto Networks, Cisco and Fortinet control more than 50% of the market for security appliances. As such, an attack on one of these companies could cause a huge ripple effect on their customers.

https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-

Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards

According to the International Monetary Fund (IMF) 64% of banks and supervisory authorities do not mandate testing and exercising cyber security and 54% lack dedicated a cyber incident reporting regime. This increases the risk of experiencing a cyber attack. Regularly testing and exercising security will aid any organisation in its cyber resilience.

https://www.imf.org/en/Blogs/Articles/2023/03/02/mounting-cyber-threats-mean-financial-firms-urgently-need-better-safeguards

Insider Threat: Developers Leaked 10m Credentials Including Passwords in 2022

Security provider GitGuardian found that the rate at which developers leaked critical software secrets jumped by 0.5 to reach 5.5 out of every 1,000 commits to GitHub repositories; overall, this amounted to at least 10 million instances of secrets leaking to a public repository. Generic passwords accounted for the majority of leaked secrets (56%) and more than a third (38%) of leaks involved API keys, random number generator seeds and other sensitive strings. These leaks can have worrying consequences for organisations.

https://www.darkreading.com/application-security/inside-threat-developers-leaked-10m-credentials-passwords-2022

Cyber Threat Detections Surges 55% In 2022

Security Provider Trend Micro has said that it stopped 146 billion cyber threats in 2022, a 55% increase on the previous year and evidence of the increase of attacks ramping up. Trend Micro also found a 242% increase in the number of blocked malicious files and an 86% increase in backdoor malware detections with the latter showing an increase in attackers gaining initial access. Furthermore, the number of critical vulnerabilities in 2022 doubled compared to the previous year. Trend Micro noted that this is all likely due to an ever expanding attack surface of organisations.

https://www.infosecurity-magazine.com/news/cyberthreat-detections-surge-55/

European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks

The European Central Bank (ECB) will ask all major lenders in the Eurozone to detail by next year, how they would respond to and recover from a successful cyber attack. The ECB is in the process of designing a scenario involving a theoretical breach of the financial system’s cyber defences, which will be sent to all of the 111 banks it assesses to see how they would react. The stress test stems from the increasing amount of cyber attacks. If cyber has shown us anything, it’s that anyone can be a target and performing a stress test would help any organisation prepare for the worst.

https://www.ft.com/content/f03d68a4-fdb9-4312-bda3-3157d369a4a6

Employees Are Feeding Sensitive Business Data to ChatGPT

1 in 20 employees have put sensitive corporate data into popular AI tool ChatGPT, raising concerns that this could result in massive leaks of proprietary information. In some cases, this has involved employees cutting and pasting strategic documents and asking ChatGPT to make a PowerPoint.

https://www.darkreading.com/risk/employees-feeding-sensitive-business-data-chatgpt-raising-security-fears

Is Ransomware Declining? Not So Fast Experts Say

Security provider CrowdStrike have explained that the perceived decline in ransomware reflects the abilities of threat actors to adapt, splinter and regroup against defensive measures. CrowdStrike expand on this, stating that whilst ransom payments dipped slightly in 2022, there was an uprise in data extortion and ransomware as a service (RaaS).

https://www.techtarget.com/searchsecurity/news/365532201/Is-ransomware-declining-Not-so-fast-experts-say

Preventing Corporate Data Breaches Starts with Remembering that Leaks have Real Victims

The impact a data breach can have on an individual is devastating and ultimately there’s not much an individual can do themselves if the organisation that holds their data isn’t taking the right steps. To best protect themselves and their clients’ data, organisations should look to have appropriate defence in depth controls, including effective asset management, an open security culture, close monitoring of access, utilising strong authentication and maintaining an awareness of the ever changing threat landscape.

https://www.helpnetsecurity.com/2023/03/07/preventing-corporate-data-breaches/

Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up

In a recent report Proofpoint found that globally 76% of organisations experienced ransomware attempts, with 64% eventually infected. Amongst those that had a cyber insurance policy, 82% of insurers stepped up to pay the ransom either in full or partially. The report found that with the rise in number and sophistication of attacks it is more important than ever for proper security training and awareness in organisations.

https://www.zdnet.com/article/faced-with-likelihood-of-ransomware-attacks-businesses-still-choosing-to-pay-up/

Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled

A report by the Information and Communications Technology Council (ICTC) found that 1 in 6 cyber security jobs are unfulfilled and this is only expected to grow in the coming years. The ICTC stated that “This is not just about education or government funding, but about companies willing to provide hands-on training and experience to the next generation of cyber security experts”.

https://www.theglobeandmail.com/business/careers/article-experts-see-growing-need-for-cybersecurity-workers-as-one-in-six-jobs/

Threats

Ransomware, Extortion and Destructive Attacks

• Faced with likelihood of ransomware attacks, businesses still choosing to pay up | ZDNET

• MSPs in the Crosshairs of Ransomware Gangs - MSSP Alert

• Is ransomware declining? Not so fast, experts say | TechTarget

• FBI and CISA warn of increasing Royal ransomware attack risks (bleepingcomputer.com)

• City of Oakland Faces Major Data Leak - Infosecurity Magazine (infosecurity-magazine.com)

• Indigo Books Refuses LockBit Ransomware Demand (darkreading.com)

• Anatomy of a Ransomware Attack

• Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)

• Ransom House ransomware attack hit Hospital Clinic de Barcelona- - Security Affairs

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems (darkreading.com)

• Ransomware review: March 2023 (malwarebytes.com)

• Ransomware gang posts video of data stolen from Minneapolis schools (bleepingcomputer.com)

• IceFire ransomware now encrypts both Linux and Windows systems (bleepingcomputer.com)

• Examining Ransomware Payments From a Data-Science Lens (trendmicro.com)

• DND: Black & McDonald reported ransomware attack | CTV News

• Cyble — BlackSnake Ransomware Emerges from Chaos Ransomware's Shadow

Phishing & Email Based Attacks

• AI is taking phishing attacks to a whole new level of sophistication - Help Net Security

• Catches of the Month: Phishing Scams for March 2023 - IT Governance UK Blog

• Emotet starts post-break phishing campaign • The Register

BEC – Business Email Compromise

• Microsoft: Business email compromise attacks can take just hours (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

• Vishing attacks increasing, but AI's role still unclear | TechTarget

• Defeating the Deepfake Danger - SecurityWeek

• Does Your Help Desk Know Who's Calling? (thehackernews.com)

2FA/MFA

• NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• DrayTek VPN routers hacked with new malware to steal data, evade detection (bleepingcomputer.com)

• Malicious PyPI package signals direction of cyber crime • The Register

• How to prevent Microsoft OneNote files from infecting Windows with malware (bleepingcomputer.com)

• Snake Keylogger Malware Removal Guide (makeuseof.com)

• Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica

• New malware infects business routers for data theft, surveillance (bleepingcomputer.com)

• Old Windows ‘Mock Folders’ UAC bypass used to drop malware (bleepingcomputer.com)

• Emotet malware attacks return after three-month break (bleepingcomputer.com)

• AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)

• New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)

• Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)

• Custom Chinese Malware Found on SonicWall Appliance - SecurityWeek

• Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• FBI and international cops catch a NetWire RAT • The Register

Mobile

• Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps (thehackernews.com)

• Officials Targeted with Romance Scams and Android Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• Google One expands security features to all plans with dark web report, VPN access - Help Net Security

Denial of Service/DoS/DDOS

• Akamai mitigated a record-breaking DDoS that peaked 900Gbps- Security Affairs

Internet of Things – IoT

• TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Hikvision cameras ‘that pose security threat’ used on King’s Sandringham estate (thetimes.co.uk)

Data Breaches/Leaks

• Preventing corporate data breaches starts with remembering that leaks have real victims - Help Net Security

• The LastPass Hack Somehow Gets Worse | WIRED

• LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach (thehackernews.com)

• Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs

• Popular fintech apps expose valuable, exploitable secrets - Help Net Security

• PayPal Sued Over Data Breach that Impacted 35,000 users (hackread.com)

• Acer Data Breach? Hacker Claims to Sell 160GB Trove of Stolen Data (hackread.com)

• Brazilian Conglomerate Suffers 3TB Data Breach: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Data breach exposed millions of Verizon customers' account info (androidpolice.com)

• Congress’ Social Security Numbers Leaked in DC Health Link Hack (gizmodo.com)

• Data protection vendor Acronis admits to data leak • The Register

• AT&T confirms 9m wireless accounts exposed by third part • The Register

Organised Crime & Criminal Actors

• At Least 30% of "Cyber-Criminals" Are Women: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber crime site shows off with a free leak of 2 million stolen card numbers - The Record from Recorded Future News

• BidenCash leaks 2.1M stolen credit/debit cards- Security Affairs

• Malicious PyPI package signals direction of cyber crime • The Register

• Where are the women in cyber security? • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)

Insider Risk and Insider Threats

• 6 Ways To Go Beyond Awareness And Foster A Real Culture Of Cyber security (forbes.com)

Fraud, Scams & Financial Crime

• Scams Security Pros Almost Fell For (darkreading.com)

• FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)

• Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers using voice-cloning A.I. to mimic relatives | Fortune

• Alleged security breach leaves millions of dollars missing from Flutterwave accounts | TechCrunch

• UK Government Plans Skills Boost for Public Sector Fraud Fight - Infosecurity Magazine (infosecurity-magazine.com)

• Officials Targeted with Romance Scams and Android Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• New Rise In ChatGPT Scams Reported By Fraudsters (informationsecuritybuzz.com)

Deepfakes

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

• Defeating the Deepfake Danger - SecurityWeek

Insurance

• Talking Cyber Insurance With Munich Re - SecurityWeek

Dark Web

• Cyber crime site shows off with a free leak of 2 million stolen card numbers - The Record from Recorded Future News

• Google One expands security features to all plans with dark web report, VPN access - Help Net Security

Supply Chain and Third Parties

• Snap CISO talks risky supply chain security business • The Register

• SolarWinds IR lead: supply-chain attacks 'getting bigger' • The Register

• AT&T confirms 9m wireless accounts exposed by third part • The Register

Software Supply Chain

• SBOMs become a security staple for the software supply chain • The Register

Cloud/SaaS

• Just 10% of Firms Can Resolve Cloud Threats in an Hour - Infosecurity Magazine (infosecurity-magazine.com)

• Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks (thehackernews.com)

• Hackers are quickly learning how to target cloud systems (axios.com)

• Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security - Infosecurity Magazine (infosecurity-magazine.com)

Attack Surface Management

• 5 Reasons You Should Care About Unmanaged Assets (darkreading.com)

Asset Management

• 5 Reasons You Should Care About Unmanaged Assets (darkreading.com)

Encryption

• New TPM 2.0 flaws could let hackers steal cryptographic keys (bleepingcomputer.com)

• New Steganography Breakthrough Enables “Perfectly Secure” Digital Communications (scitechdaily.com)

API

• API Security for UK companies - IT Security Guru

• Attackers exploit APIs faster than ever before - Help Net Security

Open Source

• IceFire ransomware now encrypts both Linux and Windows systems (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Research Reveals 'Password' Still the Most Common Term Used by Hackers to Breach Enterprise Networks - IT Security Guru

• Stolen credentials increasingly empower the cyber crime underground | CSO Online

• The LastPass Hack Somehow Gets Worse | WIRED

• Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs

• The Role of Verifiable Credentials In Preventing Account Compromise (darkreading.com)

• Securing ways to share workplace passwords • The Register

• Young government workers show poor password management habits - Help Net Security

Social Media

• NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• TikTok unveils new European data security regime | Reuters

Training, Education and Awareness

• 6 Ways To Go Beyond Awareness And Foster A Real Culture Of Cyber security (forbes.com)

Regulations, Fines and Legislation

• Biden Administration's Cyber security Strategy Takes Aim at Hackers (gizmodo.com)

• Government Claims New UK GDPR Will Save Firms Billions - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Inadequate patches and advisories increase cyber risk - Help Net Security

• Why do Businesses Need to Focus More on Cyber security (hackread.com)

• Flashpoint: Threat vectors converging, increasing damage | TechTarget

• How to achieve and shore up cyber resilience in a recession - Help Net Security

• The cyber security landscape in the era of economic instability – Help Net Security

Models, Frameworks and Standards

• Open letter demands OWASP overhaul, warns of mass project exodus | CSO Online

• PCI Compliance Requirements Guide (trendmicro.com)

• NIST Retooling Cyber security Framework to Reflect Changing Cyber scape – MSSP Alert

Data Protection

• Government Claims New UK GDPR Will Save Firms Billions – Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Experts see growing need for cyber security workers as one in six jobs go unfilled – The Globe and Mail

• How to Jump-Start Your Cyber security Career (darkreading.com)

Law Enforcement Action and Take Downs

• Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)

• FBI and international cops catch a NetWire RAT • The Register

Privacy, Surveillance and Mass Monitoring

• Secret Service and ICE break the law with fake phone towers • The Register

• Thought you'd opted out of online tracking? Think again • The Register

Artificial Intelligence

• AI is taking phishing attacks to a whole new level of sophistication - Help Net Security

• Employees Are Feeding Sensitive Business Data to ChatGPT (darkreading.com)

• You can poison AI datasets for just $60, a new study shows (fastcompany.com)

• Microsoft and MITRE developed a tool to prepare security teams for attacks on ML systems - Help Net Security

• Thousands scammed by AI voices mimicking loved ones in emergencies | Ars Technica

• Vishing attacks increasing, but AI's role still unclear | TechTarget

• AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)

• Criminals will use ChatGPT to unleash wave of fraud, warns Darktrace (telegraph.co.uk)

Misinformation, Disinformation and Propaganda

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• What can security teams learn from a year of cyber warfare? | Computer Weekly

• New Backdoor MQsTTang Attributed to Mustang Panda Group - Infosecurity Magazine (infosecurity-magazine.com)

• Pegasus spyware used to spy on a Polish mayor- Security Affairs

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• Sharp Panda targets government entities in Southeast Asia- Security Affairs

• Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert

• Chinese cyber spies target unpatched SonicWall gear • The Register

• What is Cyberwarfare? | Definition from TechTarget

Nation State Actors

• What can security teams learn from a year of cyber warfare? | Computer Weekly

• New Backdoor MQsTTang Attributed to Mustang Panda Group - Infosecurity Magazine (infosecurity-magazine.com)

• Russia Bans Messengers, Including WhatsApp, Telegram, And More (informationsecuritybuzz.com)

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• Chinese Hikvision cameras ‘that pose security threat’ used on King’s Sandringham estate (thetimes.co.uk)

• China-aligned APT is exploring new technology stacks for malicious tools - Help Net Security

• Sharp Panda targets government entities in Southeast Asia- Security Affairs

• Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (thehackernews.com)

• Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert

• Chinese firm got Covid contract despite trying to hack NHS data, minister says | Politics | The Guardian

• Chinese cyber spies target unpatched SonicWall gear • The Register

• TikTok unveils new European data security regime | Reuters

• Lazarus group infiltrated South Korean finance firm twice last year | CSO Online

• Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• New Chinese regulatory body expected to streamline data governance rules | CSO Online

Vulnerability Management

• Inadequate patches and advisories increase cyber risk - Help Net Security

• Build Cyber Resiliency With These Security Threat-Mitigation Considerations

• Zero Day Threat Protection for Your Network (trendmicro.com)

• 557 CVEs Added to CISA's Known Exploited Vulnerabilities Catalog in 2022 - SecurityWeek

• Machine Learning Improves Prediction of Exploited Vulnerabilities (darkreading.com)

• Security Patch Management Strengthens Ransomware Defense (trendmicro.com)

• VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022 | TechTarget

Vulnerabilities

• TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers discover 'kill switch' in Starlink terminals - Security - iTnews

• PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716) - Help Net Security

• CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems (thehackernews.com)

• Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing - SecurityWeek

• Fortinet warns of new critical unauthenticated RCE vulnerability (bleepingcomputer.com)

• Information Disclosure Vulnerability in Adobe Experience Manager affecting multiple companies… | by Fat Selimi | Feb, 2023 | InfoSec Write-ups (infosecwriteups.com)

• Chinese cyber spies target unpatched SonicWall gear • The Register

• Chrome 111 Patches 40 Vulnerabilities - SecurityWeek

• Bitwarden flaw can let hackers steal passwords using iframes (bleepingcomputer.com)

• Veeam warns to install patches to fix a bug in Backup & Replication- Security Affairs

• Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)

• Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks - SecurityWeek

• Jenkins Server Vulnerabilities Chained for Remote Code Execution  - SecurityWeek

Tools and Controls

• The LastPass Hack Somehow Gets Worse | WIRED

• 3 Ways Security Teams Can Use IP Data Context (darkreading.com)

• Two-Thirds of European Firms Have Started Zero Trust - Infosecurity Magazine (infosecurity-magazine.com)

• What is zero trust? A model for more effective security | CSO Online

• Too Many SOAR Vendors are Failing MSSPs - MSSP Alert

• Why enterprise SecOps strategies must include XDR and MDR | TechTarget

Other News

• Biden Administration's Cyber security Strategy Takes Aim at Hackers (gizmodo.com)

• Tracking device technology: A double-edged sword for CISOs | CSO Online

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

• What CISOs need to understand about document signing - Help Net Security

• Thousands of websites hacked as part of redirection campaign- Security Affairs

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Second Only To Climate Change As Biggest Global Risk

Cyber security has been ranked as the second largest threat to our way of life in a major new survey of 23,000 people, comprised of both experts and members of the public. Cyber came second only to climate change on the world stage, but was ranked as the number one risk in the Americas and second in Asia, Africa, and Europe. https://www.infosecurity-magazine.com/news/cyber-second-biggest-global-risk/

Businesses Unsure Which Tech Is Essential Against Ransomware

As ransomware attacks grow in number, a new report finds that many organisations are under the impression they have things in hand but most are unsure what protections they should have in place. The report, based on a survey of 455 business leaders and cyber security professionals, claims businesses are on top of employee training, risk assessments and cyber insurance. Where firms fall flat however is their “clear gap” in thinking, in what many respondents see as “essential tech” in the fight against ransomware – nearly half of respondents (49%) thought paying up was their best option. https://www.techradar.com/news/businesses-unsure-which-tech-is-essential-against-ransomware

Cyber Crime Awareness Heightened, Yet People Still Engage In Risky Online Behaviours

A survey of over 2,000 adults suggests that 76% of respondents recognise the severity of data breaches. This heightened awareness may be driven by constant news of major consumer, enterprise and infrastructural breaches over the last year alone. https://www.helpnetsecurity.com/2021/10/01/risky-online-behaviors/

Attacks Against Remote Desktop Protocol Endpoints Have Exploded This Year

A recent report warns of a huge increase in attacks on the Remote Desktop Protocol (RDP), an almost universal protocol used by nearly every business in operation today. The figures show attacks on RDP have jumped 103.9% since its T1 report in June and represents around 55 billion devices. The RDP protocol is leveraged by threat actors to deploy ransomware and has become a popular target due to both heavy use by IT service providers and common misconfigurations.  https://www.theregister.com/2021/09/30/eset_threat_report/

Ransomware Attacks Up 1,070% Year Over Year

The prevalence of ransomware is growing rapidly, according to the 2021 Ransomware Survey Report. The report shockingly found many of the ransom demands are paid, and comes as a result in the rise of “ransomware as-a-service”. The report found 94% of businesses are concerned about ransomware, with 49% stating they would simply pay the ransom outright. Respondents in Europe were more concerned than those in North America, and around 67% felt they had already been the target of ransomware.  https://www.msspalert.com/cybersecurity-research/fortinet-report-ransomware-attacks-up-1070-year-over-year/

Baby’s Death Alleged To Be Linked To Ransomware

A US hospital paralyzed by ransomware in 2019 will be defending itself in court this November over the death of a newborn. The baby was born amid the hospital’s eighth day of fending off the attack. Court filings show the hospital – Springhill Medical Center in Alabama – believes wireless tracking systems and heartbeat monitoring equipment were compromised by the ransomware, leading to the death.

https://threatpost.com/babys-death-linked-ransomware/175232/

Ransomware Shame: More Than Half Of Business Owners Conceal Cyber-Breach

Around a third (32%) of enterprises experienced a six-figure breach last year, but well over half (61%) admitted to concealing it. The findings come as a global survey of 1,400 decision makers in cyber is released. https://www.foxbusiness.com/technology/ransomware-cyber-breach-concealed

More Than 90% Of Q2 Malware Was Hidden In Encrypted Traffic

Around 91.5% of malware detections in Q1 2021 were concealed in HTTPS-encrypted connections. A ubiquitous protocol – used to secure traffic any time you open a web page – only 20% of organisations have mechanisms in place to scan the arriving HTTPS traffic. The terrifying result found that most firms are missing over nine-tenths of malware hitting their networks every day. https://www.darkreading.com/perimeter/more-than-90-of-q2-malware-was-hidden-in-encrypted-traffic

Cyber Attack Floors British Payroll Firm

A "sophisticated" cyber attack has forced a British payroll company to shut down its entire network, leaving some contractors without pay.  Giant Group confirmed on September 24 that it had taken its network, fully integrated IT infrastructure, phone, and email systems offline last Wednesday after detecting suspicious activity. https://www.infosecurity-magazine.com/news/cyberattack-floors-british-payroll/#.YVQiuXlCjOA.twitter

GriftHorse Malware Infected More Than 10 Million Android Phones From 70 Countries

A malicious trojan has been making its way through the Google Play Store since at least November of 2020. The app, purportedly harmless on the surface, hijacks payments on the victim device, resulting in a series of hidden charges and a nasty surprise at the end of the month. Researchers who discovered the malware estimate its impact to be over 10 million victims in 70 countries, and several hundreds of millions of Euros in losses. https://securityaffairs.co/wordpress/122730/malware/grifthorse-malware-campaign.html

50% Of Servers Have Weak Security Long After Patches Are Released

Over 50% of servers scanned still have weak security, a new study suggests, even after patches have been issued. Researchers found that servers were still vulnerable weeks and even months after critical updates, leaving many businesses wide open to attack. https://www.darkreading.com/vulnerabilities-threats/50-of-servers-have-weak-security-long-after-patches-are-released

Threats

Ransomware

• United Health Centres Reportedly Compromised By Ransomware Attack

• JVCKenwood Hit By Conti Ransomware Claiming Theft Of 1.5TB Data

• Ransomware Gangs Are Complaining That Other Crooks Are Stealing Their Ransoms

• Ransomware Gangs Are Starting More Drama On Cyber Crime Forums, Upending 'Honor Among Thieves' Conventions

• Conti Ransomware Expands Ability To Blow Up Backups

• United Health Centers Reportedly Compromised By Ransomware Attack

• REvil Customers Complain Ransomware Gang Uses Backdoors To Filch Ransoms

• The Biggest Problem With Ransomware Is Not Encryption, But Credentials

Phishing

• 75K Email Inboxes Hit in New Credential Phishing Campaign

• Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

• LinkedIn URLs are being hijacked For phishing

Other Social Engineering

• Scammers Capitalize on Release of New Bond Movie

Malware

• FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

• Thousands Of Online Gaming Accounts Hit In Major Cyber Attack

• Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers

• New Malware Steals Steam, Epic Games Store, And EA Origin Accounts

Vulnerabilities

• Google Emergency Update Fixes Two Chrome Zero Days

• Threat Actors Use Recently Discovered CVE-2021-26084 Atlassian Confluence

• Apple AirTag Zero-Day Weaponizes Trackers

• New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

• Thousands of University Wi-Fi Networks Expose Log-In Credentials

• Exploit Released For VMware Vulnerability After CISA Warning

• Apple Pay Users ‘Vulnerable To Security Hack’

• Outsourced Software Poses Greater Risks to Enterprise Application Security

• Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

• Apple Responds To Security Researcher Who Found Multiple iOS 15 Zero-Day Flaws

• Windows 10 Emergency Update Resolves KB5005565 App Freezes, Crashes

• Cyber Security Vulnerability Could Affect Millions Of Hikvision Cameras

Data Breaches/Leaks

• Mental Healthcare Providers Report Data Breaches

• Anonymous: We've Leaked Disk Images Stolen From Far-Right-Friendly Web Host Epik

• 3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale

• Emails, Chat Logs, More Leaked Online From Far-Right Militia Linked To US Capitol Riot

Cryptocurrency/Cryptojacking

• Ethereum Dev Admits Helping North Korea Mine Crypto-Bucks, Faces 20 Years Jail

• China Says All Crypto Currency-Related Transactions Are Illegal And Must Be Banned

Insider Threats

• 10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage

Dark Web

• Computer Scientist Jailed Over Dark Web Conspiracy

DoS/DDoS

• Bandwidth.com Is Latest Victim Of DDoS Attacks Against VoIP Providers

Nation State Actors

• APT Focus: ‘Noisy’ Russian Hacking Crews Are Among The World’s Most Sophisticated

• APT29 Targets Active Directory Federation Services With Stealthy Backdoor

• GhostEmperor Hackers Use New Windows 10 Rootkit In Attacks

• Nation-State Attacks Fears Grow, Execs Don’t Trust Governments To Protect Them From Cyber Threats

• APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated

Cloud

• Huawei Cloud Services: U.S. Lawmakers Express Security Concerns

• Cloud Security is the Weak Link

• Why CEOs Should Absolutely Concern Themselves With Cloud Security

• Cloud Security: Report Finds 68% of Malware Delivered From Cloud Apps

Privacy

• Which? Survey Finds People Would Actually Pay The Online Giants Not To Take Their Data

Reports Published in the Last Week

ESET Threat Report T2 2021

Other News

• Revealed: How To Steal Money From Victims' Contactless Apple Pay Wallets

• Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts

• Cyber Security Experts Have Discovered A New Hacker Group

• The Return Of The Hacktivists

• Report Highlights Cyber Security Dangers Of Elastic Stack Implementation Mistakes

• Russian Authorities Arrest Cyber Security Giant Group-IB’s CEO On Treason Charges

• US Deports Convicted Cyber Criminal to Russia

• OWASP Toasts 20th Anniversary With Revised Top 10 For 2021

• New Emergency Fraud Hotline Launched in UK

• Corporate Attack Surface Exploding As A Result Of Remote Work 

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.