Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year

A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.

In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.

Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.

Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]

The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation

In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.

Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.

Source: [News Week] [Beta News]

Ransomware Infection Times Fall from 5 Days to 5 Hours

The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.

This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.

The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.

Sources: [Cision] [PC Mag] [Security Magazine]

80% of Security Leaders See AI as the Biggest Threat to Business

A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.

In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.

With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.

Sources: [Diginomica] [Infosecurity Magazine]

Is Your Board Cyber-Ready?

With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.

Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.

Sources: [Harvard.edu] [JDSupra]

Cyber Security Should Be a Business Priority for CEOs

A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.

Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.

Source: [HelpNet Security]

The Looming Threat of a Single Phishing Click to Your Business

A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.

Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CMS-lawnow]

40% of Organisations Leave Ransomware to IT

A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.

By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [MSSP Alert]

Auditors’ Growing Concern About Cyber Security

The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.

Source: [Accounting Today]

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.

Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.

Source: [Dark Reading]

Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone

The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.

It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.

Sources: [Bleeping Computer] [Infosecurity Magazine]

Organisations Grapple with Detection and Response Despite Rising Security Budgets

A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.

The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.

Source: [CSO Online]

Governance, Risk and Compliance

• Half of CISOs Now Report to CEO as Influence Grows - Infosecurity Magazine (infosecurity-magazine.com)

• Auditors more worried about cyber security than AI risks | Accounting Today

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• CEOs concerned about organisations’ ability to avert cyber attacks, despite understanding their impact: Report - The Hindu

• Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar

• Warning as more businesses fall victim to cyber attacks | Insurance Times

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)

• 90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)

• The world was already horrifying — technology is making it more so - The Hustle

• State of Cyber Awareness in the Boardroom (harvard.edu)

• What The Board Needs To Know: Cyber Attack Costs - WSJ

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Is Your Board Cyber-Ready? Leadership Steps to Support Corporate Cyber Security | Jackson Lewis P.C. - JDSupra

• Cyber security should be a business priority for CEOs - Help Net Security

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• The undeniable benefits of making cyber resiliency the new standard | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• Cyber insurance costs pressure business budgets - Help Net Security

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023

• New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)

• Should businesses follow Google’s footsteps in cyber security? | TechRadar

• Cyber security is booming but it comes at a human cost (betanews.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)

• 6 steps to getting the board on board with your cyber security program (welivesecurity.com)

Threats

Ransomware, Extortion and Destructive Attacks

• First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine

• Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber criminals can go from click to compromise in less than a day - Help Net Security

• Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)

• Almost 60% Of Businesses Are 'Very' To 'Extremely' Concerned About Ransomware Attacks - Hornetsecurity Annual Ransomware Survey (Prnewswire.Com)

• Ransomwared health insurer wasn't using anti-virus software • The Register

• Everest searching for corporate insiders amid rare pivot • The Register

• HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)

• How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)

Ransomware Victims

• MGM Suffers $100mn loss following cyber attack, hopes insurance cover will be sufficient (insuranceinsider.com)

• Cyber attack victim Estes making ‘steady progress’ - FreightWaves

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Ransomwared health insurer wasn't using anti-virus software • The Register

• BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)

• Ransomware group starts leaking data allegedly from NJ cardiology consultants group (databreaches.net)

Phishing & Email Based Attacks

• The looming threat of a single phishing click to your business (cms-lawnow.com)

• Hackers are using AI for phishing | Windows Central

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Phishing, the campaigns that are affecting Italy (securityaffairs.com)

BEC – Business Email Compromise

• What is business email compromise (BEC)? | ITPro

Other Social Engineering; Smishing, Vishing, etc

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Artificial Intelligence

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• 'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)

• Cyber security pros predict rise of malicious AI - Help Net Security

• Downing Street trying to agree statement about AI risks with world leaders | Artificial intelligence (AI) | The Guardian

• Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Hackers are using AI for phishing | Windows Central

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

• US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)

• Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)

• How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)

2FA/MFA

• Account Hacking Over Starlink Sparks Calls For Two-Factor Authentication (pcmag.com)

Malware

• Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)

• Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)

• How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)

• Endpoint malware attacks decline as campaigns spread wider - Help Net Security

Mobile

• Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)

• Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)

• 5 quick tips to strengthen your Android phone security today | ZDNET

Botnets

• Mirai DDoS malware botnet variant expands targets with 13 router exploits (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)

• Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert

Internet of Things – IoT

• Connected vehicles can be at risk of hacking, consumer awareness paramount: experts - Victoria Times Colonist

• Automotive cyber security: A decade of progress and challenges - Help Net Security

• Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

• Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week

• Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)

Data Breaches/Leaks

• 3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)

• US Smashes Annual Data Breach Record With Three Months Left - Infosecurity Magazine (infosecurity-magazine.com)

• 23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)

• Hackers compile database of people of Jewish descent using stolen 23andMe user data - Washington Times

• DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)

• Lyca Mobile says customer data was stolen during cyber attack | TechCrunch

• Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Air Europa customers urged to cancel cards following hack on payment system (therecord.media)

• Dymocks breach happened while changing providers | Information Age | ACS

• 88% of Hospitals And Other Health-Care Organisations Faced Cyber Attacks Last Year (databreaches.net)

• Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The cyber villains are getting bolder. Businesses need to up their game - Raconteur

• Minister:  ‘Cyber criminals are often in uncooperative jurisdictions – making international collaboration essential’ – PublicTechnology

• Protecting your business against the cyber criminal enterprise (techuk.org)

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

Insider Risk and Insider Threats

• Everest searching for corporate insiders amid rare pivot • The Register

• Time to safeguard the financial sector? Navigating employee turnover to defend against cyber attacks - Digital Journal

• Former US soldier accused of trying to pass secrets to China • The Register

• The Mind of the Inside Attacker (informationweek.com)

• Understanding the human factor of digital safety | TechRadar

Fraud, Scams & Financial Crime

• Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media

• Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• UK users of illicit streaming services warned of risk of fraud or police visit | TV streaming | The Guardian

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• Never click on bank-draining words if message pops up, expert warns (ladbible.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Deepfakes

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

AML/CFT/Sanctions

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

Insurance

• Cyber insurance costs pressure business budgets - Help Net Security

• Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News

• Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)

Supply Chain and Third Parties

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• Cyber attack hits electronics firm Volex (cityam.com)

Software Supply Chain

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

Cloud/SaaS

• The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)

• Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology

• Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits (thehackernews.com)

• Securely Moving Financial Services to the Cloud (darkreading.com)

Identity and Access Management

• Why identity infrastructure is the new cyber attack surface (siliconrepublic.com)

Encryption

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

API

• You can't avoid APIs, so you need to secure them (betanews.com)

Open Source and Linux

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

• US Government Issues Open-Source Security Guidance for Critical Infras - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA publishes top 10 most common security misconfigurations • The Register

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

Social Media

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)

• What should you do if your Facebook is hacked? (pocket-lint.com)

Parental Controls and Child Safety

• New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise (thehackernews.com)

Regulations, Fines and Legislation

• SEC Adopts New and Burdensome Cyber Cecurity Disclosure Rules | Kohrman Jackson & Krantz LLP - JDSupra

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

Models, Frameworks and Standards

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

Data Protection

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

Careers, Working in Cyber and Information Security

• Work-related stress “keeps cyber professionals up at night” | ITPro

• Fifth of UK Cyber Security Pros Work Excessive Hours - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security is booming but it comes at a human cost (betanews.com)

• eBook: Cyber security career hacks for newcomers - Help Net Security

• Turning military veterans into cyber security experts - Help Net Security

• CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week

• Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)

Law Enforcement Action and Take Downs

• European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State/Cyber Warfare

• Cyber Attacks Targeting Israel Are on the Rise After Hamas Attack | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

• Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)

• Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week

• Israel Cyber Attacks: What MSSPs Need to Know | MSSP Alert

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

• The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cyber crime. (thecyberwire.com)

• Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)

• The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

Russia

• Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)

• Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)

• Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba

• Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

China

• A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)

• Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)

• Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Former US soldier accused of trying to pass secrets to China • The Register

• Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants (thehackernews.com)

Iran

• Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)

North Korea

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• North Korea's State-Sponsored APTs Organise & Align (darkreading.com)

Vulnerability Management

• Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)

• Microsoft Patch Tuesday turns 20 • The Register

• Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert

Vulnerabilities

• Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws (securityaffairs.com)

• Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)

• Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week

• Google Chrome 118 is a massive security update - gHacks Tech News

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)

• WhatsApp exploits commanding multi-million prices (computing.co.uk)

• High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)

• Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week

• Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)

• Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica

• New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)

• libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)

• D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• Apple releases iOS 16.7.1 to plug critical security holes | Macworld

• The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• 35 Squid proxy bugs still unpatched after 2 years • The Register

• Fortinet Releases Security Updates for Multiple Products | CISA

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

Tools and Controls

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

• 16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)

• A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)

• You can't avoid APIs, so you need to secure them (betanews.com)

• What is External Attack Surface Management (EASM)? | UpGuard

• Why You Should Phish In Your Own (informationsecuritybuzz.com)

• Why zero trust delivers even more resilience than you think - Help Net Security

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

• Unmasking the limitations of yearly penetration tests - Help Net Security

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Keep on keeping your organisation informed to stay cyber secure (techuk.org)

• Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)

Reports Published in the Last Week

• Global Incident Response Threat Report (vmware.com)

Other News

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Large law firms experiencing two 'cyber incidents' a month - Legal Futures

• Small businesses growing target for cyber criminals (planetradio.co.uk)

• The world was already horrifying — technology is making it more so - The Hustle

• Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)

• Subsea cable business seeks to plug its security holes (lightreading.com)

• Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)

• Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)

• Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star

• Proactive not reactive: adjusting the approach to cyber crime in education

• Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)

• As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security

• Social care and cyber-crime - Social care (blog.gov.uk)

• Electric Power System Cyber Security Vulnerabilities (trendmicro.com)

• Cable Giant Volex Targeted in Cyber Attack - Security Week

• Securing the Food Pipeline from Cyber Attacks (newswise.com)

• US construction giant reports cyber security incident • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of IT Leaders Consider Security as an Afterthought

A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.

https://www.itsecurityguru.org/2023/03/14/almost-half-of-it-leaders-consider-security-as-an-afterthought-research-reveals

• Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.

https://www.darkreading.com/application-security/pig-butchering-investment-scams-3b-cybercrime-threat-overtaking-bec

• Over 721 Million Passwords were Leaked in 2022

A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.

https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/

• How Much of a Cyber Security Risk are Suppliers?

When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.

https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2

• 90% of £5m+ Businesses Hit by Cyber Attacks

A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.

https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/

• Rushed Cloud Migrations Result in Escalating Technical Debt

A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.

https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.

https://www.securityweek.com/microsoft-17-european-nations-targeted-by-russia-in-2023-as-espionage-ramping-up/

• Microsoft Warns of Large-Scale Use of Phishing Kits

Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.

https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html

• BEC Volumes Double on Phishing Surge

The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.

https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/

• The Risk of Pasting Confidential Company Data in ChatGPT

Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.

https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html

• Ransomware Attacks have Entered a Heinous New Phase

With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.

https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

• MI5 Launches New Agency to Tackle State-Backed Attacks

British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.

https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/

• Why Cyber Awareness Training is an Ongoing Process

A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.

https://www.hornetsecurity.com/en/security-information/why-cyber-awareness-training-is-an-ongoing-process/

Threats

Ransomware, Extortion and Destructive Attacks

• BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)

• The changing face of ransomware attacks (pandasecurity.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)

• Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)

• CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)

• LockBit Ransomware gang claims to have stolen SpaceX confidential data from Maximum Industries- - Security Affairs

• Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs

• The Prolificacy of LockBit Ransomware (thehackernews.com)

• Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register

• CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking - SentinelOne

• Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• Dish customers kept in the dark as ransomware fallout continues | TechCrunch

• Cancer patient sues hospital over stolen naked photos • The Register

• ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)

• Lawyers suspect Arnold Clark hackers have now leaked 45GB of personal data on dark web – Car Dealer Magazine

• Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert

• Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)

• Universities and colleges cope silently with ransomware attacks | CSO Online

Phishing & Email Based Attacks

• Top 50 most impersonated brands in phishing attacks and new tools you can use to protect your employees from them (cloudflare.com)

• Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily (thehackernews.com)

• Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica

• Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)

• 6 reasons why your anti-phishing strategy isn’t working | CSO Online

• Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• How two-step phishing attacks evade detection and what you can do about it - Help Net Security

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)

• Organizations need to re-examine their approach to BEC protection - Help Net Security

• BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica

Malware

• SpyCloud Report: Malware Infections the Most Prolific & Persistent Threat to Businesses | Business Wire

• Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)

• Law enforcement seized the website selling the NetWire RAT- - Security Affairs

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

• KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (thehackernews.com)

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)

• What is Zeus Trojan Malware? - CrowdStrike

• Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)

• Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)

• Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)

• Tracking the global spread of malware - Help Net Security

Mobile

• Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)

• GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)

Botnets

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

Denial of Service/DoS/DDOS

• Record Breaking DDoS Attack - 158.2 Million Packets Per Second (gbhackers.com)

Internet of Things – IoT

• Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)

• Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)

Data Breaches/Leaks

• Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert

• Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)

• BMW exposes data of clients in Italy, experts warn- - Security Affairs

• Acronis states that only one customer's account was compromised- - Security Affairs

• Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch

• Key aerospace player leaks sensitive data | Cybernews

• Hundreds of thousands of customer records stolen from lender Latitude in cyber-attack | Business | The Guardian

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

Organised Crime & Criminal Actors

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing Campaigns Use SVB Collapse to Harvest Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

• CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Insider Risk and Insider Threats

• Future-Proofing Your Business Against Insider Threats (informationsecuritybuzz.com)

Fraud, Scams & Financial Crime

• ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Investment Fraud is Now Biggest Cyber crime Earner - Infosecurity Magazine (infosecurity-magazine.com)

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• The SVB demise is a fraudster's paradise, so take precautions - Help Net Security

• Fighting financial fraud through fusion centers - Help Net Security

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Impersonation Attacks

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

Deepfakes

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

AML/CFT/Sanctions

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

Dark Web

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Supply Chain and Third Parties

• Top 10 operational risks: focus on third-party risk - Risk.net

• How much of a cyber security risk are my suppliers? (thetimes.co.uk)

Software Supply Chain

• We can't wait for SBOMs to be demanded by regulation - Help Net Security

• Best practices for securing the software application supply chain - Help Net Security

• Addressing Software Supply Chain Security - DevOps.com

Cloud/SaaS

• Rushed cloud migrations result in escalating technical debt - Help Net Security

• CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

Hybrid/Remote Working

• Orgs Have a Long Way to Go in Securing Remote Workforce (darkreading.com)

Attack Surface Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

Identity and Access Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

• Navigating the future of digital identity - Help Net Security

Encryption

• Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

Passwords, Credential Stuffing & Brute Force Attacks

• Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert

• Study: Over 721 million passwords were leaked in 2022 - Neowin

• Understanding password behavior key to developing stronger cyber security protocols - Help Net Security

Social Media

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Spies, lies and influenced children: What TikTok must overcome to show us it can be trusted (telegraph.co.uk)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

Malvertising

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

Training, Education and Awareness

• Forgetting Curve according to Dr Ebbinghaus: Why cyber awareness training is an ongoing process - Hornetsecurity

Regulations, Fines and Legislation

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors (databreaches.net)

• When and how to report a breach to the SEC | CSO Online

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop

Governance, Risk and Compliance

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• 6 principles for building engaged security governance | TechTarget

Models, Frameworks and Standards

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Data Protection

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

Law Enforcement Action and Take Downs

• International authorities bring NetWire's malware infrastructure to a standstill | TechSpot

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Privacy, Surveillance and Mass Monitoring

• German states rethink reliance on Palantir technology | Financial Times (ft.com)

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Artificial Intelligence

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• How to stop AI waging war on humans (thetimes.co.uk)

• ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek

• How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News

• Why red team exercises for AI should be on a CISO's radar | CSO Online

• GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)

Misinformation, Disinformation and Propaganda

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek

• UK’s Royal Navy, Ukraine Jointly Repel Simulated, Russian Cyber attack on National Infrastructure - MSSP Alert

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Polish intelligence dismantled a network of Russian spies- Security Affairs

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Nation State Actors

• MI5 Launches New Agency to Tackle State-Backed Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop

• A new Chinese era: security and control | Financial Times (ft.com)

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

• APT29 abuses EU information exchange systems in recent attacks- Security Affairs

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Vulnerabilities

• Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)

• Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• Microsoft and Fortinet fix bugs under active exploit • The Register

• CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)

• Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)

• Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)

• Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)

• Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek

• Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

• Bitwarden's password manager browser extension has a known exploit it hasn't addressed in five years | TechSpot

Tools and Controls

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Set up PowerShell script block logging for added security | TechTarget

• Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• 5 Steps to Effective Cloud Detection and Response  - The New Stack

• Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)

• ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)

• Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

Other News

• CASPER attack steals data using air-gapped computer's internal speaker (bleepingcomputer.com)

• US govt web server attacked by 'multiple' criminal gangs • The Register

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Quarter of UK SMBs Hit by Ransomware in 2022

Over one in four (26%) British SMBs have been targeted by ransomware over the past year, with half (47%) of those compromised paying their extorters, according to new data from anti-virus provider Avast. The security vendor polled 1000 IT decision makers from UK SMBs back in October, to better understand the risk landscape over the previous 12 months.

More than two-thirds (68%) of respondents said they are more concerned about being attacked since the start of the war in Ukraine, fuelling concerns that have led to half (50%) investing in cyber-insurance. They’re wise to do so, considering that 41% of those hit by ransomware lost data, while 34% lost access to devices, according to Avast.

Given that SMBs comprise over 99% of private sector businesses in the country, it’s reassuring that cyber is now being viewed as a major business risk. Nearly half (48%) ranked it as one of the biggest threats they currently face, versus 66% who cited financial risk stemming from surging operational cost. More respondents cited cyber as a top threat than did physical security (35%) and supply chain disruption (33%).

Avast argued that SMBs are among the groups most vulnerable to cyber-threats as they often have very limited budget and resources, and many don’t have somebody on staff managing security holistically. As a result, not only are SMB’s lacking in their defence, but they’re also slower and less able to react to incidents.

https://www.infosecurity-magazine.com/news/quarter-of-uk-smbs-hit-ransomware/

• Global Cyber Attack Volume Surges 38% in 2022

The number of cyber attacks recorded last year was nearly two-fifths (38%) greater than the total volume observed in 2021, according to Check Point.

The security vendor claimed the increase was largely due to a surge in attacks on healthcare organisations, which saw the largest year-on-year (YoY) increase (74%), and the activities of smaller, more agile hacking groups.

Overall, attacks reached an all-time high in Q4 with an average of 1168 weekly attacks per organisation. The average weekly figures for the year were highest for education sector organisations (2314), government and military (1661) and healthcare (1463).

Threat actors appear to have capitalised on gaps in security created by the shift to remote working. The ransomware ecosystem is continuing to evolve and grow with smaller, more agile criminal groups that form to evade law enforcement. Hackers are also now increasingly widening their aim to target business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits. These make for a rich source of sensitive data given that most organisations’ employees continue to work remotely.

It is predicted that AI tools like ChatGPT would help to fuel a continued surge in attacks in 2023 by making it quicker and easier for bad actors to generate malicious code and emails.

Recorded cyber-attacks on US organisations grew 57% YoY in 2022, while the figure was even higher in the UK (77%). This chimes with data from UK ISP Beaming, which found that 2022 was the busiest year on record for attacks. It recorded 687,489 attempts to breach UK businesses in 2022 – the equivalent of one attack every 46 seconds.

https://www.infosecurity-magazine.com/news/global-cyberattack-volume-surges/

• 1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite the Majority of Employees Having Access to Critical Data

New research from cyber security provider Hornetsecurity has found that 33% of companies are not providing any cyber security awareness training to users who work remotely.

The study also revealed nearly three-quarters (74%) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.

Despite the current lack of training and employees feeling ill-equipped, almost half (44%) of respondents said their organisation plans to increase the percentage of employees that work remotely. The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe.

Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk.

The independent survey, which quizzed 925 IT professionals from a range of business types and sizes globally, highlighted the security management challenges and employee cyber security risk when working remotely. The research revealed two core problems causing risk: employees having access to critical data, and not enough training being provided on how to manage cyber security or how to reduce the risk of a cyber-attack or breach.

https://www.darkreading.com/vulnerabilities-threats/1-in-3-organizations-do-not-provide-any-cybersecurity-training-to-remote-workers-despite-a-majority-of-employees-having-access-to-critical-data

• AI-Generated Phishing Attacks Are Becoming More Convincing

It's time for you and your colleagues to become more sceptical about what you read.

That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harass, and spread fake news.

Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed. Amongst the use cases explored by the research were the use of GPT-3 models to create:

• Phishing content – emails or messages designed to trick a user into opening a malicious attachment or visiting a malicious link

• Social opposition – social media messages designed to troll and harass individuals or to cause brand damage

• Social validation – social media messages designed to advertise or sell, or to legitimise a scam

• Fake news – research into how well GPT-3 can generate convincing fake news articles of events that weren’t part of its training set

All of these could, of course, be useful to cyber criminals hell-bent on scamming the unwary or spreading unrest.

https://www.tripwire.com/state-of-security/ai-generated-phishing-attacks-are-becoming-more-convincing

• Customer and Employee Data the Top Prize for Hackers

The theft of customer and employee data accounts for almost half (45%) of all stolen data between July 2021 and June 2022, according to a new report from cyber security solution provider Imperva.

The data is part of a 12-month analysis by Imperva Threat Research on the trends and threats related to data security in its report “More Lessons Learned from Analysing 100 Data Breaches”.

Their analysis found that theft of credit card information and password details dropped by 64% compared to 2021. The decline in stolen credit card and password data pointing to the uptake of basic security tactics like multi-factor authentication (MFA). However, in the long term, PII data is the most valuable data to cyber-criminals. With enough stolen PII, they can engage in full-on identity theft which is hugely profitable and very difficult to prevent. Credit cards and passwords can be changed the second there is a breach, but when PII is stolen, it can be years before it is weaponised by hackers.

The research also revealed the root causes of data breaches, with social engineering (17%) and unsecured databases (15%) two of the biggest culprits. Misconfigured applications were only responsible for 2% of data breaches, but Imperva said that businesses should expect this figure to rise in the near future, particularly with cloud-managed infrastructure where configuring for security requires significant expertise.

It’s really concerning that a third (32%) of data breaches are down to unsecured databases and social engineering attacks, since they’re both straightforward to mitigate. A publicly open database dramatically increases the risk of a breach and, all too often, they are left like this not out of a failure of security practices but rather the total absence of any security posture at all.

https://www.infosecurity-magazine.com/news/customer-employee-data-hackers/

• Royal Mail hit by Ransomware Attack, Causes ‘Severe Disruption’ to Services

Royal Mail experienced “severe service disruption” to its international export services following a ransomware attack, the company has announced. A statement said it was temporarily unable to despatch export items including letters and parcels to overseas destinations.

Royal Mail said: “We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue” and advising that “Some customers may experience delay or disruption to items already shipped for export.”

The attack was later attributed to LockBit, a prolific ransomware gang with close ties to Russia. Both the NCSC and the NCA were involved in responding to the incident.

https://www.independent.co.uk/business/royal-mail-cyber-attack-exports-b2260308.html

• The Guardian Confirms Personal Information Compromised in Ransomware Attack

British news organisation The Guardian has confirmed that personal information was compromised in a ransomware attack in December 2022.

The company fell victim to the attack just days before Christmas, when it instructed staff to work from home, announcing network disruptions that mostly impacted the print newspaper.

Right from the start, the Guardian said it suspected ransomware to have been involved in the incident, and this week the company confirmed that this was indeed the case. In an email to staff on Wednesday, The Guardian Media Group’s chief executive and the Guardian’s editor-in-chief said that the sophisticated cyber attack was likely the result of phishing.

They also announced that the personal information of UK staff members was compromised in the attack, but said that reader data and the information of US and Australia staff was not impacted. “We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely,” the Guardian representatives said. While the attack forced the Guardian staff to work from home, online publishing has been unaffected, and production of daily newspapers has continued as well.

“We believe this was a criminal ransomware attack, and not the specific targeting of the Guardian as a media organisation,” the Guardian said.

The company continues to work on recovery and estimates that critical systems would be restored in the next two weeks. Staff, however, will continue to work from home until at least early February. “These attacks have become more frequent and sophisticated in the past three years, against organisations of all sizes, and kinds, in all countries,” the Guardian said.

https://www.securityweek.com/guardian-confirms-personal-information-compromised-ransomware-attack

• Ransomware Gang Releases Info Stolen from 14 UK Schools, Including Passport Scans

Another month, another release of personal information stolen from a school system. This time, it's a group of 14 schools in the United Kingdom.

Once again, the perpetrator appears to be Vice Society, which is well known for targeting educational systems in the US. As the Cybersecurity and Infrastructure Security Agency (CISA) pointed out in a bulletin from Sept. 6, "K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers."

The UK hack may have turned up even more confidential information than the Los Angeles school system breach last year. As the BBC reported on Jan. 6, "One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions."

Some prominent school cyber attacks in the US include public school districts in Chicago, Baltimore, and Los Angeles. A new study from digital learning platform Clever claims that one in four schools experienced a cyber-incident over the past year, and according to a new report from security software vendor Emsisoft, at least 45 school districts and 44 higher learning institutions suffered ransomware attacks in 2022.

Schools are an attractive target as they are typically data-rich and resource-poor. Without proper resources in terms of dedicated staffing and the necessary tools and training to protect against cyber-attacks, schools can be a soft target. Many of the 14 schools hit by this latest leak are colleges and universities, but primary and secondary schools were also hit, according to the BBC's list.

https://www.darkreading.com/attacks-breaches/vice-society-releases-info-stolen-uk-schools-passport-scans

• The Dark Web’s Criminal Minds See Internet of Things as Next Big Hacking Prize

Cyber security experts say 2022 may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.

Criminal groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when they realise that it works to do damage or to get people to pay. Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.

For the past decade, manufacturers, software companies and consumers have been rushing to the promise of Internet of Things devices. Now there are an estimated 17 billion in the world, from printers to garage door openers, each one packed with software (some of it open-source software) that can be easily hacked.

What many experts are anticipating is the day enterprising criminals or hackers affiliated with a nation-state figure out an easy-to-replicate scheme using IoT devices at scale. A group of criminals, perhaps connected to a foreign government, could figure out how to take control of many things at once – like cars, or medical devices. There have already been large-scale attacks using IoT, in the form of IoT botnets. In that case, actors leveraging unpatched vulnerabilities in IoT devices used control of those devices to carry out denial of service attacks against many targets. Those vulnerabilities are found regularly in ubiquitous products that are rarely updated.

In other words, the possibility already exists. It’s only a question of when a criminal or a nation decides to act in a way that targets the physical world at a large scale. There are a handful of companies, new regulatory approaches, a growing focus on cars as a particularly important area, and a new movement within the software engineering world to do a better job of incorporating cyber security from the beginning.

https://www.cnbc.com/2023/01/09/the-dark-webs-criminal-minds-see-iot-as-the-next-big-hacking-prize.html

• Corrupted File to Blame for Computer Glitch which Grounded Every US Flight

A corrupted file has been blamed for a glitch on the Federal Aviation Administration's computer system which saw every flight grounded across the US.

All outbound flights were grounded until around 9am Eastern Time (2pm GMT) on Wednesday as the FAA worked to restore its Notice to Air Missions (NOTAM) system, which alerts pilots of potential hazards along a flight route.

On Wednesday 4,948 flights within, into or out of the US had been delayed, according to flight tracker FlightAware.com, while 868 had been cancelled. Most delays were concentrated along the East Coast. Normal air traffic operations resumed gradually across the US following the outage to the NOTAM system that provides safety information to flight crews.

A corrupted file affected both the primary and the backup systems, a senior government official told NBC News on Wednesday night, adding that officials continue to investigate. Whilst Government officials said there was no evidence of a cyber attack, it shows the real world impacts that an outage or corrupted file can cause.

https://news.sky.com/story/all-flights-across-us-grounded-due-to-faa-computer-system-glitch-us-media-12784252

Threats

Ransomware, Extortion and Destructive Attacks

• Royal Mail unable to despatch items abroad after 'cyber incident' | UK News | Sky News

• Lorenz ransomware gang plants backdoors to use months later (bleepingcomputer.com)

• Quarter of UK SMBs Hit by Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Worldwide Ransomware Attacks Trend (informationsecuritybuzz.com)

• LastPass Faces Class-Action Lawsuit Over Password Vault Breach (pcmag.com)

• 10 of the biggest ransomware attacks of 2022 | TechTarget

• Rackspace: Ransomware actor accessed 27 customers' data | TechTarget

• Hackers demand £15 million ransom from Hull and Yorkshire schools after cyber attack - Hull Live (hulldailymail.co.uk)

• Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)

• Risk & Repeat: Analysing the Rackspace ransomware attack | TechTarget

• Guardian confirms it was hit by ransomware attack | The Guardian | The Guardian

• Post-ransomware attack, The Guardian warns staff their personal data was accessed • Graham Cluley

• The Guardian Confirms Personal Information Compromised in Ransomware Attack | SecurityWeek.Com

• Royal Mail cyber attack linked to LockBit ransomware operation (bleepingcomputer.com)

• The Guardian Confirms UK Members' Data Was Accessed in Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Hive Ransomware leaked 550 GB stolen from Consulate Health Care - Security Affairs

• Iowa’s largest school district cancels classes after cyber attack (bleepingcomputer.com)

• Hackers leak sensitive files after attack on San Francisco transit police (nbcnews.com)

• Vice Society ransomware claims attack on Australian firefighting service (bleepingcomputer.com)

• Ransomware attack at Hope Sentamu Learning Trust in York | York Press

Phishing & Email Based Attacks

• AI-generated phishing emails just got much more convincing • The Register

• Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)

• AI-generated phishing attacks are becoming more convincing | Tripwire

• Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED

• New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Telegram Bot Abuse For Phishing Increased By 800% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing campaign targets government institution in Moldova - Security Affairs

Malware

• Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)

• Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED

• ChatGPT Used to Develop New Malicious Tools - Infosecurity Magazine (infosecurity-magazine.com)

• Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly

• Many of 13 New Mac Malware Families Discovered in 2022 Linked to China | SecurityWeek.Com

• Dridex Malware Now Attacking macOS Systems with Novel Infection Method (thehackernews.com)

• New Spyware Variant with RAT Capabilities Targeting Financial Institutions, Social Media - MSSP Alert

• Over 1,300 fake AnyDesk sites push Vidar info-stealing malware (bleepingcomputer.com)

• Attackers abuse business-critical cloud apps to deliver malware - Help Net Security

• New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors (thehackernews.com)

• 6 PyPI Packages Detour Firewall Using Cloudflare Tunnels (informationsecuritybuzz.com)

• Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL (bleepingcomputer.com)

• Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls (bleepingcomputer.com)

• Gootkit Loader Actively Targets Australian Healthcare Industry (trendmicro.com)

• Raspberry Robin's botnet second life - SEKOIA.IO Blog

• Telegram Bot Abuse For Phishing Increased By 800% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours (thehackernews.com)

• Android TV box on Amazon came pre-installed with malware (bleepingcomputer.com)

• VLC media player is being hiajcked to send out malware | TechRadar

• RAT malware campaign tries to evade detection using polyglot files (bleepingcomputer.com)

• Italian Users Warned of Malware Attack Targeting Sensitive Information (thehackernews.com)

• Hackers push fake Pokemon NFT game to take over Windows devices (bleepingcomputer.com)

• How to protect yourself from bot-driven account fraud - Help Net Security

Mobile

• Android spyware strikes again targeting financial institutions and your money | Fox News

• Messenger billed as better than Signal is riddled with vulnerabilities | Ars Technica

• StrongPity hackers target Android users via trojanized Telegram app (bleepingcomputer.com)

• Threema claims encryption flaws never had a real-world impact (bleepingcomputer.com)

• Latest Firmware Flaws in Qualcomm Snapdragon Need Attention (darkreading.com)

• Threat actors claim access to Telegram servers through insiders - Security Affairs

• $20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)

Denial of Service/DoS/DDOS

• How to Defend Against any Type of DNS Attack | A10 Networks

• The most significant DDoS attacks in the past year - Help Net Security

• Multiple Danish Banks Disrupted By DDoS Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)

• New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks (thehackernews.com)

• Serbia Slammed With DDoS Attacks (darkreading.com)

Internet of Things – IoT

• The dark web's criminal minds see IoT as the next big hacking prize (cnbc.com)

• Android TV box on Amazon came pre-installed with malware (bleepingcomputer.com)

• Hackers can trick Wi-Fi devices into draining their own batteries | New Scientist

Data Breaches/Leaks

• Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED

• 14 UK schools hit by cyber attack and documents leaked - BBC News

• Air France and KLM notify customers of account hacks (bleepingcomputer.com)

• Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans (darkreading.com)

• Twitter's mushrooming data breach crisis could prove costly | CSO Online

• Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (thehackernews.com)

• 6 oversights that enable data breaches - Help Net Security

• CircleCI – code-building service suffers total credential compromise – Naked Security (sophos.com)

• Aflac's Japan says US partner leaked cancer customer info • The Register

• Data leak exposes information of 10,000 French social security beneficiaries | CSO Online

• Chick-fil-A investigates reports of hacked customer accounts (bleepingcomputer.com)

• Oxford University dating website for staff and students shut down after ‘huge data breach’ | News | The Times

• SolarWinds shareholders appeal Orion breach lawsuit to Delaware Supreme Court | SC Media (scmagazine.com)

Organised Crime & Criminal Actors

• JP Morgan must face suit over $272m cybertheft • The Register

• Cyber criminals are already using ChatGPT to own you | SC Media (scmagazine.com)

• Russian Cyber Crew Targets Ukraine Financial Sector Via Infected USB Drives - MSSP Alert

• 2022 Was the Biggest Year Yet for Crypto, if You're a Crook (gizmodo.com)

• Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• 2022 Was the Biggest Year Yet for Crypto, if You're a Crook (gizmodo.com)

• European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)

• European cops shut down fake crypto call centres • The Register

• Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL (thehackernews.com)

Fraud, Scams & Financial Crime

• European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)

• Nationwide warns ‘checking is important’ as thousands targeted in online scam | Personal Finance |

• How to protect yourself from bot-driven account fraud - Help Net Security

Insurance

• Insurance Co. Beazley Launches $45M 'Cyber Catastrophe Bond' (gizmodo.com)

• Insurer Beazley launches first catastrophe bond for cyber threats | Financial Times (ft.com)

• 4 Cyber Insurance Requirement Predictions for 2023 (trendmicro.com)

Dark Web

• Threat actors claim access to Telegram servers through insiders - Security Affairs

• $20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)

• Pakistan tells government agencies to avoid the dark web • The Register

Software Supply Chain

• Software Supply Chain Security Needs a Bigger Picture (darkreading.com)

Cloud/SaaS

• Attackers abuse business-critical cloud apps to deliver malware - Help Net Security

• Top SaaS Cyber security Threats in 2023: Are You Ready? (thehackernews.com)

• Why Do User Permissions Matter for SaaS Security? (thehackernews.com)

Attack Surface Management

• Why the atomized network is growing, and how to protect it - Help Net Security

• Web 3.0 Shifts Attack Surface and Highlights Need for Continuous Security (darkreading.com)

Identity and Access Management

• 4 identity security trends to watch in 2023 - Help Net Security

Encryption

• RSA crypto cracked? Or perhaps not! – Naked Security (sophos.com)

• What is Triple DES and why is it being disallowed? | TechTarget

Passwords, Credential Stuffing & Brute Force Attacks

• A fifth of passwords used by federal agency cracked in security audit | Ars Technica

• Why FIDO and passwordless authentication is the future - Help Net Security

• 'Copyright Infringement' Lure Used for Facebook Credential Harvesting (darkreading.com)

• Why it might be time to consider using FIDO-based authentication devices | CSO Online

Social Media

• Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED

• Twitter's mushrooming data breach crisis could prove costly | CSO Online

• New Spyware Variant with RAT Capabilities Targeting Financial Institutions, Social Media - MSSP Alert

• Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (thehackernews.com)

• If governments are banning TikTok, why is it still on your corporate devices? | CSO Online

• 'Copyright Infringement' Lure Used for Facebook Credential Harvesting (darkreading.com)

Training, Education and Awareness

• 1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite a Majority of Employees Having Access to Critical Data (darkreading.com)

Regulations, Fines and Legislation

• Technical And Legal Risks Of ChatGPT: How Prepared Are We With Laws On AI? (informationsecuritybuzz.com)

Governance, Risk and Compliance

• US cyber security director: The tech ecosystem has ‘become really unsafe’ (yahoo.com)

• Global Cyber-Attack Volume Surges 38% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Customer and Employee Data the Top Prize for Hackers – Imperva - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite a Majority of Employees Having Access to Critical Data (darkreading.com)

• Global Risks Report: Understand the risk landscape in 2023 and beyond - Help Net Security

• 6 oversights that enable data breaches - Help Net Security

• Why Analysing Past Incidents Helps Teams More Than Usual Security Metrics (darkreading.com)

• Cyber security spending and economic headwinds in 2023 | CSO Online

• How to Ensure Cyber Security Investments Remain a Priority Across Your Organisation (darkreading.com)

• Practical Risk Management - Beyond Certification (informationsecuritybuzz.com)

• Vulnerable software, low incident reporting raises risks | TechTarget

• How Will a Recession Will Affect CISOs? | SecurityWeek.Com

Careers, Working in Cyber and Information Security

• Cyber security staff are struggling. Here's how to support them better | ZDNET

Law Enforcement Action and Take Downs

• European cops shut down fake crypto call centres • The Register

• European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Hidden Chinese tracking device 'found in UK Government car' sparks national security fears (inews.co.uk)

Artificial Intelligence

• AI-generated phishing emails just got much more convincing • The Register

• ChatGPT: The infosec assistant that is jack of all trades, master of none - Help Net Security

• How hackers might be exploiting ChatGPT | Cybernews

• Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)

• VALL-E AI can mimic a person’s voice from a 3-second snippet • The Register

• ChatGPT Artificial Intelligence: An Upcoming Cyber security Threat? (darkreading.com)

• Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware (hackread.com)

• Cyber criminals are already using ChatGPT to own you | SC Media (scmagazine.com)

• Trojan Puzzle attack trains AI assistants into suggesting malicious code (bleepingcomputer.com)

• The ChatGPT bot is causing panic now – but it’ll soon be as mundane a tool as Excel | John Naughton | The Guardian

• How hackers might be exploiting ChatGPT | Cybernews

• ChatGPT Used to Develop New Malicious Tools - Infosecurity Magazine (infosecurity-magazine.com)

• Technical And Legal Risks Of ChatGPT: How Prepared Are We With Laws On AI? (informationsecuritybuzz.com)

• DHS, CISA plan AI-based cyber security analytics sandbox • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED

• Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly

• Hidden Chinese tracking device 'found in UK Government car' sparks national security fears (inews.co.uk)

• Ukraine: Russian Cyber-Attacks Should Be Considered War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters

• Russian cyber attacks on Ukraine halved with help from Amazon and Microsoft (telegraph.co.uk)

• Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organisations (cyberscoop.com)

• New Dark Pink APT group targets govt and military with custom malware (bleepingcomputer.com)

• Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)

• Phishing campaign targets government institution in Moldova - Security Affairs

• Serbia Slammed With DDoS Attacks (darkreading.com)

• Russian and Belarusian men charged with spying for Russian GRU - Security Affairs

Nation State Actors

Nation State Actors – Russia

• Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED

• Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly

• Ukraine: Russian Cyber-Attacks Should Be Considered War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters

• Russian cyber attacks on Ukraine halved with help from Amazon and Microsoft (telegraph.co.uk)

• How Elon Musk’s Starlink has changed warfare | The Economist

• Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)

• Phishing campaign targets government institution in Moldova - Security Affairs

• Serbia Slammed With DDoS Attacks (darkreading.com)

• Russian and Belarusian men charged with spying for Russian GRU - Security Affairs

• Musk's Starlink Satellite's Role In Ukraine War Inspires Taiwan To Thwart Potential China Attack

Nation State Actors – China

• Hidden Chinese tracking device 'found in UK Government car' sparks national security fears (inews.co.uk)

• Many of 13 New Mac Malware Families Discovered in 2022 Linked to China | SecurityWeek.Com

• If governments are banning TikTok, why is it still on your corporate devices? | CSO Online

• Musk's Starlink Satellite's Role In Ukraine War Inspires Taiwan To Thwart Potential China Attack

Nation State Actors – Iran

• Iran says it foiled cyber attack on central bank | Reuters

Nation State Actors – Misc

• New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organisations (cyberscoop.com)

• New Dark Pink APT group targets govt and military with custom malware (bleepingcomputer.com)

Vulnerability Management

Applications Five Years or Older Likely to have Security Flaws - Infosecurity Magazine (infosecurity-magazine.com)

Patch Where it Hurts: Effective Vulnerability Management in 2023 (thehackernews.com)

70% of apps contain at least one security flaw after 5 years in production - Help Net Security

Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)

Does a hybrid model for vulnerability management make sense? • Graham Cluley

Vulnerabilities

• Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day | SecurityWeek.Com

• Microsoft plugs actively exploited zero-day hole (CVE-2023-21674) - Help Net Security

• The Roadmap to Secure Access Service Edge (SASE) - MSSP Alert

• Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica

• Chrome 109 Patches 17 Vulnerabilities | SecurityWeek.Com

• Cyber criminals bypass Windows security with driver-vulnerability exploit | CSO Online

• Google Chrome 'SymStealer' Vulnerability Could Affect 2.5 Billion Users - Infosecurity Magazine (infosecurity-magazine.com)

• Attackers target govt networks exploiting Fortinet SSL-VPN CVE-2022-42475 - Security Affairs

• Adobe Plugs Security Holes in Acrobat, Reader Software | SecurityWeek.Com

• Zoom Patches High Risk Flaws on Windows, MacOS Platforms | SecurityWeek.Com

• Cisco warns of auth bypass bug with public exploit in EoL routers (bleepingcomputer.com)

• Swiss Threema messaging app found to have vulnerabilities • The Register

• Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability (thehackernews.com)

• Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica

• Critical bug in Cisco Small Business Routers will receive no patch - Security Affairs

• Severe Vulnerabilities Allow Hacking of Asus Gaming Router | SecurityWeek.Com

• JsonWebToken Security Bug Opens Servers to RCE (darkreading.com)

• Latest Firmware Flaws in Qualcomm Snapdragon Need Attention (darkreading.com)

Tools and Controls

• How to prevent and detect lateral movement attacks | TechTarget

• 65% of Organisations Plan to Adopt a Security Service Edge Platform in Next 2 Years: Axis Security (darkreading.com)

• How Will a Recession Will Affect CISOs? | SecurityWeek.Com

• What is Red Teaming & How it Benefits Orgs (trendmicro.com)

• Data Loss Prevention Capability Guide (informationsecuritybuzz.com)

• 4 key shifts in the breach and attack simulation (BAS) market - Help Net Security

• How to prioritize effectively with threat modeling • The Register

• XDR and the Age-old Problem of Alert Fatigue | SecurityWeek.Com

• 11 top XDR tools and how to evaluate them | CSO Online

• Why FIDO and passwordless authentication is the future - Help Net Security

• Why it might be time to consider using FIDO-based authentication devices | CSO Online

• How to Defend Against any Type of DNS Attack | A10 Networks

• DHS, CISA plan AI-based cyber security analytics sandbox • The Register

• ChatGPT: The infosec assistant that is jack of all trades, master of none - Help Net Security

Other News

• Better Include Physical Security With Cyber security | T&D World

• 6 oversights that enable data breaches - Help Net Security

• It’s official: Digital trust really matters to everyone online - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War

As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organisations should read their cyber insurance policies carefully to see what is still covered.

The consequences from NotPetya, which the US government said was caused by a Russian cyber attack on Ukraine in 2017, continue to be felt as cyber insurers modify coverage exclusions, expanding the definition of an "act of war." Indeed, the 5-year-old cyber attack appears to be turning the cyber insurance market on its head.

Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with factories and production disrupted. It took days for the company's staff to regain control of its computer systems. The company filed a claim with its property and casualty insurer, Zurich American, for $100 million in losses. After initially approving a fraction of the claim — $10 million — Zurich declined to pay, stating the attack was an act of war and thus excluded from the coverage. Mondelez filed a lawsuit.

Late last month Mondelez and Zurich American reportedly agreed to the original $100 million claim, but that wasn't until after Merck won its $1.4 billion lawsuit against Ace American Insurance Company in January 2022 for its NotPetya-related losses. Merck's claims also were against its property and casualty policy, not a cyber insurance policy.

Back in 2017, cyber insurance policies were still nascent, and so many large corporations filed claims for damages related to NotPetya — the scourge that caused an estimated $10 billion in damage worldwide — against corporate property and casualty policies.

What's Changed? The significance of these settlements illustrates an ongoing maturation of the cyber insurance market, says Forrester Research.

Until 2020 and the COVID-19 pandemic, cyber insurance policies were sold in a fashion akin to traditional home or auto policies, with little concern for a company's cyber security profile, the tools it had in place to defend its networks and data, or its general cyber hygiene.

Once a large number of ransomware attacks occurred that built off of the lax cyber security many organisations demonstrated, insurance carriers began tightening the requirements for obtaining such policies.

https://www.darkreading.com/edge-articles/amid-notpetya-fallout-cyber-insurers-define-state-sponsored-attacks-as-act-of-war

• Is Your Board Prepared For New Cyber Security Regulations?

Boards are now paying attention to the need to participate in cyber security oversight. Not only are the consequences sparking concern, but the new regulations are upping the ante and changing the game.

Boards have a particularly important role to ensure appropriate management of cyber risk as part of their fiduciary and oversight role. As cyber threats increase and companies worldwide bolster their cyber security budgets, the regulatory community, including the U.S. Securities and Exchange Commission (SEC), is advancing new requirements that companies will need to know about as they reinforce their cyber strategy.

Most organisations focus on cyber protection rather than cyber resilience, and that could be a mistake. Resiliency is more than just protection; it’s a plan for recovery and business continuation. Being resilient means that you’ve done as much as you can to protect and detect a cyber incident, and you have also done as much as you can to make sure you can continue to operate when an incident occurs. A company who invests only in protection is not managing the risk associated with getting up and running again in the event of a cyber incident.

Research indicates that most board members believe it is not a matter of if, but when, their company will experience a cyber event. The ultimate goal of a cyber-resilient organisation would be zero disruption from a cyber breach. That makes the focus on resilience more important.

In March 2022, the SEC issued a proposed rule titled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.  In it, the SEC describes its intention to require public companies to disclose whether their boards have members with cyber security expertise: “Cyber security is already among the top priorities of many boards of directors and cyber security incidents and other risks are considered one of the largest threats to companies. Accordingly, investors may find disclosure of whether any board members have cyber security expertise to be important as they consider their investment in the registrant as well as their votes on the election of directors of the registrant.”

The SEC will soon require companies to disclose their cyber security governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the registrant’s cyber security policies, procedures, and strategies. Specifically, where pertinent to board oversight, registrants will be required to disclose:

• whether the entire board, a specific board member, or a board committee is responsible for the oversight of cyber risks,

• the processes by which the board is informed about cyber risks, and the frequency of its discussions on this topic,

• whether and how the board or specified board committee considers cyber risks as part of its business strategy, risk management, and financial oversight.

https://hbr.org/2022/11/is-your-board-prepared-for-new-cybersecurity-regulations

• Unwanted Emails Steadily Creeping into Inboxes

A research from cloud security provider Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyber attacks in 2022 – indicating the constant, growing threats to email security, and need for caution in digital workplace communications.

Phishing remains the most common style of email attack, representing 39.6% of detected threats. Threat actors used the following file types sent via email to deliver payloads: Archive files (Zip, 7z, etc.) sent via email make up 28% of threats, down slightly from last year’s 33.6%, with HTML files increasing from 15.3% to 21%, and DOC(X) from 4.8% to 12.7%.

This year’s cyber security report shows the steady creep of threats into inboxes around the world. The rise in unwanted emails, now found to be nearly 41%, is putting email users and businesses at significant risk.

HornetSecurity’s analysis identified both the enduring risk and changing landscape of ransomware attacks – highlighting the need for businesses and their employees to be more vigilant than ever.

New cyber security trends and techniques for organisations to watch out for were also tracked. Since Microsoft disabled macros settings in Office 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Microsoft 365 makes it easy to share documents, and end users often overlook the ramifications of how files are shared, as well as the security implications. Hornetsecurity found 25% of respondents were either unsure or assumed that Microsoft 365 was immune to ransomware threats.

For these attackers, every industry is a target. Companies must therefore ensure comprehensive security awareness training while implementing next-generation preventative measures to ward off threats.

https://www.helpnetsecurity.com/2022/11/14/email-security-threats/

• People Are Still Using the Dumbest Passwords Available

If you were thinking that most people would have learned by now not to use “password” as the password for their sensitive systems, then you would be giving too much credit to the general scrolling public.

Cyber security researchers from Cybernews and password manager company NordPass both independently reported this week on data surrounding the most commonly-used passwords. Trying to discern the frequently used words, phrases, and numbers among the general public wouldn’t be simple if it weren’t for the troves of leaked passwords being sold on the dark web.

Cybernews said it based its data on a list of 56 million breached or leaked passwords in 2022 found via databases in darknet and clearnet hacker forums. Some of the most-used passwords were exactly what you expect, easy-to-remember junk passwords for company accounts, including “123456,” “root,” and “guest” all looking pretty in the top three.

NordPass, on the other hand, listed its top passwords by country and the supposed gender of the user. In their case, “password” sat in the number one spot for most-used password throughout the globe. Some countries had very specific passwords that were commonly used, such as “liverpool” being the number 4 most-used password in the UK despite it being 197 in the world. The number 2 most-used password for Brazil accounts is “Brasil” while in Germany, number 5 is “hallo.”

NordPass said the list of passwords was built by a team of independent researchers who compiled 3TB of data from listings on the dark web, including some data that was leaked in data breaches that occurred in 2022. The company noted that some data might be from late 2021, though the passwords were listed on the dark web in the new year.

https://gizmodo.com/passwords-hacker-best-passwords-cybersecurity-1849792818

• Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident

Researchers find current data protection strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defence initiatives.

Organisations are struggling with mounting data losses, increased downtime, and rising recovery costs due to cyber attacks — to the tune of $1.06 million in costs per incident. Meanwhile, IT security teams are stalled on getting defences up to speed.

That's according to the 2022 Dell Global Data Protection Index (GDPI) survey of 1,000 IT decision-makers across 15 countries and 14 industries, which found that organisations that experienced disruption have also suffered an average of 2TB data loss and 19 hours of downtime.

Most respondents (67%) said they lack confidence that their existing data protection measures are sufficient to cope with malware and ransomware threats. A full 63% said they are not very confident that all business-critical data can be reliably recovered in the event of a destructive cyber attack.

Their fears seem founded: Nearly half of respondents (48%) experienced a cyber attack in the past 12 months that prevented access to their data (a 23% increase from 2021) — and that's a trend that will likely continue.

The growth and increased distribution of data across edge, core data centre and multiple public cloud environments are making it exceedingly difficult for IT admins to protect their data.

On the protection front, most organisations are falling behind; for instance, 91% are aware of or planning to deploy a zero-trust architecture, but only 12% are fully deployed.

And it's not just advanced defence that's lacking: Keegan points out that 69% of respondents stated they simply cannot meet their backup windows to be prepared for a ransomware attack.

https://www.darkreading.com/endpoint/zero-trust-initiatives-stall-cyberattack-costs-1m-per-incident

• 44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security

Netwrix, a cyber security vendor, today announced additional findings for the financial and banking sector from its global 2022 Cloud Security Report.

Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. Indeed, 44% of respondents in this sector say their own IT staff poses the biggest risk to data security in the cloud and 47% worry about contractors and partners, compared to 30% and 36% respectively in other verticals surveyed.

Financial organisations experience accidental data leakage more often than companies in other verticals: 32% of them reported this type of security incident within the last 12 months, compared to the average of 25%. This is a good reason for them to be concerned about users who might unintentionally expose sensitive information. To address this threat, organisations need to implement a zero-standing privilege approach in which elevated access rights are granted only when they are needed and only for as long as needed. Cloud misconfigurations are another common reason for accidental data leakage. Therefore, security teams must continually monitor the integrity of their cloud configurations, ideally with a dedicated solution that automates the process.

All sectors say phishing is the most common type of attack they experience. However, 91% of financial institutions say they can spot phishing within minutes or hours, compared to 82% of respondents in other verticals.

Even though mature financial organisations detect phishing quickly, it is still crucial for them to keep educating their personnel on this threat because attacks are becoming more sophisticated. To increase the likelihood of a user clicking a malicious link, attackers are crafting custom spear phishing messages that are directed at the person responsible for a certain task in the organisation and that appear to come from an authority figure. Regular staff training, along with continuous activity monitoring, will help reduce the risk of infiltration.

https://www.darkreading.com/cloud/44-of-financial-institutions-believe-their-own-it-teams-are-the-main-risk-to-cloud-security

• MFA Fatigue Attacks Are Putting Your Organisation at Risk

The rapid advancement of technology in all industries has led to the threat of ever-increasing cyber attacks that target businesses, governments, and individuals alike. A common threat targeting businesses is MFA Fatigue attacks—a technique where a cyber criminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one.

MFA refers to multi-factor authentication, a layered end-user verification strategy to secure data and applications. For a user to log in, an MFA system needs them to submit various combinations of two or more credentials.

Using MFA Fatigue attacks, cyber criminals bombard their victims with repeated 2FA (two-factor authentication) push notifications to trick them into authenticating their login attempts, to increase their chances of gaining access to sensitive information. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them as legitimate authentication requests.

One major MFA Fatigue attack, also known as MFA bombing, targeted the ride-sharing giant Uber in September 2022. Uber attributed the attack to Lapsus$, a hacking group that started by compromising an external contractor’s credentials.

Cyber criminals increasingly use social engineering attacks to access their targets’ sensitive credentials. Social engineering is a manipulative technique used by hackers to exploit human error to gain private information.

MFA Fatigue is a technique that has gained popularity among hackers in recent years as part of their social engineering attacks. This is a simple yet effective technique with destructive consequences as the hackers are banking on their targets’ lack of training and understanding of attack vectors. Since many MFA users are unfamiliar with this style of attack, they would not understand that they are approving a fraudulent notification.

https://www.bleepingcomputer.com/news/security/mfa-fatigue-attacks-are-putting-your-organization-at-risk/

• Cyber Security Training Boosts Risk Posture, Research Finds

Business executives worldwide see the economic advantages of continuing professional cyber security education and the steep downside from a workforce of under-trained individuals, Cybrary, a training platform provider, said in a new report.

The survey of 275 executives, directors and security professionals in North America and the UK who either procure or influence professional cyber security training, was conducted by consultancy Omdia. The results showed that the benefits of professional training boost an employee’s impact on the organisation, the overall risk posture of the organisation, and in the costs associated with finding and retaining highly skilled employees, the analyst said.

The study’s key findings include:

• 73% of respondents said their team’s cyber security performance was more efficient because of ongoing professional cyber security training.

• 62% of respondents said that training improved their organisation’s cyber security effectiveness (which encompasses decreases in the number of breach attempts and overall security events).

• 79% of respondents ranked professional cyber security training at the top or near the top of importance for the organisation’s ability to prevent and rapidly remediate breaches and ensuing consequences such as reputational damage.

• 70% of companies reported a relationship between an incident and training, and two-thirds of respondents reported increased investments in ongoing cyber security training after a security incident.

• Large enterprises are the least likely to delay upskilling until after an incident, indicating that companies with larger cyber security teams firmly understand the importance of ongoing professional training.

• 67% of surveyed SMBs invested in cyber security training after a security incident, which served as a call to action.

• 53% invested in professional cyber security training due to a cyber security insurance audit.

• 48% of organisations said that cyber security training drives retention and decreases the likelihood that a cyber security professional will leave the organisation that trains them.

• 41% said that ongoing cyber security training has no significant impact on if a cyber security professional leaves.

Cybrary said the research shows the rewards that organisations enjoy by investing in training and upskilling their security professionals. The data “codifies the fiscal and reputational paybacks in proactively improving cyber security defences versus responding to attacks. It also codifies an often-underrecognised benefit of cyber security upskilling: helping the organisation retain invaluable security talent despite market and organisational uncertainty”.

https://www.msspalert.com/cybersecurity-research/cybersecurity-training-boosts-risk-posture-research-finds/

• MI5 Chief: UK Will Have to Tackle Russian Aggression ‘for Years to Come’

Britain will have to tackle Russian aggression for years to come, said the MI5’s chief on Wednesday, adding that his agency had blocked more than 100 attempts by the Kremlin to insert suspected spies into the UK since the Salisbury poisonings.

Ken McCallum, giving an annual threat update, said state-based threats were increasing and said the UK also faced a heightened direct threat from Iran, which had threatened “to kidnap or even kill” 10 people based in Britain in the past year.

The spy chief said Russia had suffered a “strategic blow” after 400 spies were expelled from around Europe following the start of the war in Ukraine, but he said the Kremlin was actively trying to rebuild its espionage network.

Britain had expelled 23 Russian spies posing as diplomats after the poisoning of Sergei and Yulia Skripal in Salisbury in 2018, yet since then “over 100 Russian diplomatic visa applications” had been rejected on national security grounds.

McCallum accused Russia of making “silly claims” about British activities without evidence, such as that UK was involved in attacking the Nord Stream gas pipelines. But the head of MI5 said “the serious point” was that “the UK must be ready for Russian aggression for years to come”.

Iran’s “aggressive intelligence services” were actively targeting Britain and had made “at least 10” attempts to “kidnap or even kill” British or UK-based individuals since January as the regime felt greater pressure than ever before.

https://www.theguardian.com/uk-news/2022/nov/16/mi5-chief-uk-will-have-to-tackle-russian-aggression-for-years-to-come

• Offboarding Processes Pose Security Risks as Job Turnover Increases: Report

Research from YouGov finds that poor offboarding practices across industries including healthcare and tech are putting companies at risk, including for loss of end-user devices and unauthorised SaaS application use.

Organisations across multiple industries are struggling to mitigate potential risks, including loss of end-user and storage devices as well as unauthorised use of SaaS applications, during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza.

Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people, more than 20% of Americans, had either lost or changed their job. Although these figures could initially be attributed to the so-called Great Resignation, this figure is likely to increase due to the numerous job cuts that are now being reported, including layoffs at major technology companies, as organisations look to reduce operational costs.

Although the circumstances of an employee’s departure can sometimes make the offboarding process more complex, ultimately offboarding should aim to prevent disruption and mitigate any potential risks.

However, in YouGov’s 2022 State of Corporate Offboarding Process Automation report, the research found that although implementing a secure offboarding processes is now seen as a business imperative for enterprises, 48% of the survey’s respondents expressed deficiencies in or lack of automated workflows across departments and IT tools to facilitate the secure offboarding of employees.

https://www.computerworld.com/article/3680368/offboarding-processes-pose-security-risks-as-job-turnover-increases-report.html#tk.rss_news

• Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say

Nearly every organisation (98%) in a new survey of some 2,100 C-suite executives has been hit by a supply chain cyber attack in the last year, security provider BlueVoyant said in a newly released study.

The study gleaned data from interviews with chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief information security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organisations of more than 1,000 employees across business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defence industries.

While the number of companies experiencing digital supply chain attacks has stayed relatively static year-over-year, the attention paid by organisations to that attack vector has increased, BlueVoyant said. Still, the New York-based cyber defender said, there’s a lot of room for organisations to better monitor suppliers and “work with them to remediate issues to reduce their supply chain risks.”

Here are some macro highlights from the survey:

• 40% of respondents rely on the third-party vendor or supplier to ensure adequate security.

• In 2021, 53% of companies said they audited or reported on supplier security more than twice per year. That number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.

• Budgets for supply chain defence are increasing, with 84% of respondents saying their budget has increased in the past 12 months.

• The top pain points reported are internal understanding across the enterprise that suppliers are part of their cyber security posture, meeting regulatory requirements, and working with suppliers to improve their security.

https://www.msspalert.com/cybersecurity-research/supply-chains-need-shoring-up-against-cyberattacks-c-suite-executives-say/

• Do Companies Need Cyber Insurance?

Companies are increasingly seeking to transfer risk with cyber insurance. This trend has been influenced by a greater severity in cyber attacks and the resulting skyrocketing costs of incident response, business disruption and recovery.

Companies struggle to afford the high prices of cyber insurance, however. One market index reported the price of cyber insurance increased 79% in the second quarter of 2022. Without it, however, companies risk shouldering the full cost of any resulting harm. Furthermore, insurance companies that lack traditional decades of actuarial data must consider whether to provide cyber insurance to clients unable or unwilling to show their cyber security maturity through independent risk analysis.

This combination of circumstances leaves businesses vulnerable, financially drained and facing potential reputational damage. But does it have to be this way? And is cyber insurance truly necessary? For the majority of organisations, the answer is that cyber insurance is a worthwhile investment as part of their overall risk treatment plans. There are a number of activities, however, that should be undertaken to optimise the benefits and reduce the costs of cyber-risk insurance.

A rise in high-profile attacks, in tandem with increased regulation and compliance surrounding cyber security and privacy, has shifted the conversation around digital safety. No longer is cyber security an optional aspect of the business model with a fixed, stagnant cost. Businesses today have become too digitally dependent to ignore cyber security, with classified, internal information stored online; communication largely conducted via email or another platform; and the workforce transitioned to hybrid and remote work environments. Effective cyber security and privacy, as well as mitigating financial and operational risks, can be strategic enablers to modern digital business.

Cyber insurance is not a solution -- it's a piece of the puzzle. Regardless of industry or company size, all businesses should conduct an independent cyber audit prior to committing to cyber insurance. In doing so, organisations can determine the need for cyber insurance and better understand their organisations' risk posture and weak points.

Even if insurance is needed, the audit further adds value as it lets insurance companies support the company specific to its digital landscape and help it become more digitally strong. Additionally, the existence of an independent audit and risk review may indeed enable the insurance company to offer higher levels of coverage without the need for excessive premiums.

https://www.techtarget.com/searchsecurity/post/Do-companies-need-cyber-insurance

Threats

Ransomware and Extortion

• Ransomware incidents now make up majority of British government’s crisis management COBRA meetings - The Record by Recorded Future

• Ransomware is a global problem that needs a global solution | TechCrunch

• FBI: Hive ransomware extorted $100M from over 1,300 victims (bleepingcomputer.com)

• The psychological fallout of a ransomware crisis - Help Net Security

• New extortion scam threatens to damage sites’ reputation, leak data (bleepingcomputer.com)

• Thales Denies Getting Hacked as Ransomware Gang Releases Gigabytes of Data | SecurityWeek.Com

• Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com

• Hive Ransomware Has Made $100m to Date - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit Remains Most Prolific Ransomware in Q3 - Infosecurity Magazine (infosecurity-magazine.com)

• DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog

• Transportation sector targeted by both ransomware and APTs - Help Net Security

• Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)

• Ransomware on Healthcare Organisations cost Global Economy $92 bn - IT Security Guru

• Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security

• Australia to ‘stand up and punch back’ against cyber crims • The Register

• LockBit ransomware activity nose-dived in October (techtarget.com)

• Medibank data breach update: Details of almost 1000 employees also included in cyber attack (9news.com.au)

• How to deal with the trauma of the Medibank cyber breach | Andrea Szasz | The Guardian

• Australia is considering a ban on cyber ransom payments, but it could backfire. Here's another idea (theconversation.com)

• Researchers secretly helped decrypt Zeppelin ransomware for 2 years (bleepingcomputer.com)

• Vanuatu: Hackers strand Pacific island government for over a week - BBC News

• Cape Town scrambles after cyber attacks (iol.co.za)

• Canadian Supermarket Chain Sobeys Hit by Ransomware Attack | SecurityWeek.Com

• Two public schools in Michigan hit by a ransomware attack - Security Affairs

• Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)

Phishing & Email Based Attacks

• Top enterprise email threats and how to counter them - Help Net Security

• China-Based Sophisticated Phishing Campaign Uses 42,000 Domains - Information Security Buzz

• Mass Email Extortion Campaign Claims Server Hack - Infosecurity Magazine (infosecurity-magazine.com)

• Netflix Phishing Emails Surge 78% - Infosecurity Magazine (infosecurity-magazine.com)

• Instagram Credential Phishing Attacks Bypass Microsoft Email Security, Target Thousands - Infosecurity Magazine (infosecurity-magazine.com)

• More Than Half of Black Friday Spam Emails Are Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Earth Preta Spear-Phishing Governments Worldwide (trendmicro.com)

• Email Security Best Practices for Phishing Prevention (trendmicro.com)

Malware

• Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon' (darkreading.com)

• QBot phishing abuses Windows Control Panel EXE to infect devices (bleepingcomputer.com)

• Researchers Sound Alarm on Dangerous BatLoader Malware Dropper (darkreading.com)

• Study: Almost 50% of macOS malware only comes from one app - Neowin

• Notorious Emotet botnet returns after a few months off • The Register

• Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)

• Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com

• LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities (thehackernews.com)

• New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)

• Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)

• North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor (thehackernews.com)

• Google Wins Lawsuit Against Glupteba Botnet Operators | SecurityWeek.Com

Mobile

• Android malware: A million people downloaded these malicious apps before they were finally removed from Google Play | ZDNET

Internet of Things – IoT

• Shocker: EV charging infrastructure is seriously insecure • The Register

• Aiphone Intercom System Vulnerability Allows Hackers to Open Doors | SecurityWeek.Com

Data Breaches/Leaks

• Police published sexual assault victims' names and addresses on its website (bitdefender.com)

• Here’s How Bad a Twitter Mega-Breach Would Be | WIRED

• Whoosh confirms data breach after hackers sell 7.2M user records (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Long-Standing Chinese Cyber crime Campaign Spoofs Over 400 Brands | SecurityWeek.Com

• Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)

• Australia's Hack-Back Plan Against Cyber attackers Raises Familiar Concerns (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)

• 'Three quarters' of retail Bitcoin investors are in the red • The Register

Insider Risk and Insider Threats

• Meta Reportedly Fires Dozens of Employees for Hijacking Users' Facebook and Instagram Accounts (thehackernews.com)

• Meta Employees Were Fired for Selling Account Info to Hackers (gizmodo.com)

Fraud, Scams & Financial Crime

• Massive adware campaign spoofs top brands to trick users | TechRadar

• More Than Half of Black Friday Spam Emails Are Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Monday Will Be the Most Fraudulent Day of the Season, Says SEON (darkreading.com)

• UK Shoppers Lost £15m+ to Scammers Last Winter - Infosecurity Magazine (infosecurity-magazine.com)

• How scammers are now exploiting cashless parking (telegraph.co.uk)

• Experts Advice On International Fraud Awareness Week - Information Security Buzz

• Theranos fraudster Elizabeth Holmes jailed for conning investors over multibillion-dollar blood-testing scam | US News | Sky News

• Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)

Impersonation Attacks

• 42,000 sites used to trap users in brand impersonation scheme (bleepingcomputer.com)

• Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)

Dark Web

• Andy Greenberg on how 'Tracers in the Dark' found the dark web's worst criminals - CyberScoop

Supply Chain and Third Parties

• Where Can Third-Party Governance and Risk Management Take Us? (darkreading.com)

Software Supply Chain

• The Next Generation of Supply Chain Attacks Is Here to Stay (darkreading.com)

Denial of Service DoS/DDoS

• 2022 holiday DDoS protection guide - Microsoft Security Blog

• Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)

Cloud/SaaS

• Cloud data protection trends you need to be aware of - Help Net Security

• Cyber security implications of using public cloud platforms - Help Net Security

• Evolving Security for Government Multiclouds (darkreading.com)

Encryption

• Why companies can no longer hide keys under the doormat - Help Net Security

• Quantum Cryptography Apocalypse: A Timeline and Action Plan (darkreading.com)

Open Source

• It's official - open source software has never been more important | TechRadar

Passwords, Credential Stuffing & Brute Force Attacks

• Top passwords used in RDP brute-force attacks - Help Net Security

Social Media

• Advertising giant warns clients to stay off Twitter (telegraph.co.uk)

• It’s time. Delete your Twitter DMs • Graham Cluley

• Stop using Twitter to log in to other websites | ZDNET

• Instagram Credential Phishing Attacks Bypass Microsoft Email Security, Target Thousands - Infosecurity Magazine (infosecurity-magazine.com)

• Meta keeps booting small-business owners for being hacked on Facebook | Ars Technica

• Guinness, Cadbury’s and Nissan told to avoid ‘toxic’ and ‘dangerous’ Twitter (telegraph.co.uk)

• Meta Reportedly Fires Dozens of Employees for Hijacking Users' Facebook and Instagram Accounts (thehackernews.com)

• FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop

• Here’s How Bad a Twitter Mega-Breach Would Be | WIRED

• Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)

Privacy, Surveillance and Mass Monitoring

• Electronics repair technicians snoop on your data - Help Net Security

• Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location (thehackernews.com)

• Security firms hijack New York trees to monitor workers • The Register

Governance, Risk and Compliance

• Have board directors any liability for a cyber attack against their company? - Security Affairs

• Data sovereignty and compliance need help • The Register

Careers, Working in Cyber and Information Security

• Cyber security jobs: Five ways to help you build your career | ZDNET

• The Future of Cyber security Recruiting: Lessons on What Employers Want and What Students Need (darkreading.com)

• Google cloud wants CISOs to do more about diversity • The Register

• Amazon poaches top National Cyber Security Centre exec Levy | Business News | Sky News

Law Enforcement Action and Take Downs

• Zeus Botnet Suspected Leader Arrested in Geneva - Infosecurity Magazine (infosecurity-magazine.com)

• Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)

• Police dismantle pirated TV streaming network with 500,000 users (bleepingcomputer.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Chinese hackers target government agencies and defence orgs (bleepingcomputer.com)

• Chinese Spy Gets 20 Years for Aviation Espionage Plot - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security

• Botnets, Trojans, DDoS From Ukraine and Russia Have Increased Since Invasion - Infosecurity Magazine (infosecurity-magazine.com)

• COP27 Delegates Given Burner Phones To Combat Spying - Information Security Buzz

• Avast details Worok espionage group's compromise chain - Security Affairs

• New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders (thehackernews.com)

• 'Even if we go into nuclear winter, I know I tried to help': A volunteer hacker on waging cyber war | Euronews

• Biden set to approve expansive authorities for Pentagon to carry out cyber operations - CyberScoop

• Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)

• Europe’s spyware scandal is a global wakeup call. (slate.com)

• Internal Documents Show How Close the F.B.I. Came to Deploying Spyware - The New York Times (nytimes.com)

• Koch-funded group sues US state over mobile 'spyware' • The Register

Nation State Actors

Nation State Actors – Russia

• UK Banks Bolstering Defences As Russian Cyber Threat Rises - Information Security Buzz

• EXCLUSIVE Russian software disguised as American finds its way into U.S. Army, CDC apps | Reuters

• Pro-Russian hackers claim cyber attack on FBI website: Report | Fox News

• Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)

Nation State Actors – China

• China playing ‘long game’ as it co-opts UK assets, warns MI5 chief | Financial Times (ft.com)

• FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop

• Chinese Cyber espionage Group 'Billbug' Targets Certificate Authority | SecurityWeek.Com

• Previously undetected Earth Longzhi APT is a subgroup of APT41 - Security Affairs

• Rishi Sunak to hold surprise meeting with Chinese president at G20 | Financial Times (ft.com)

• Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)

• State-sponsored hackers in China compromise certificate authority | Ars Technica

• Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide (thehackernews.com)

• Reports of Chinese police stations in US worry FBI - BBC News

Nation State Actors – North Korea

• North Korean hackers target European orgs with updated malware (bleepingcomputer.com)

• North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor (thehackernews.com)

Nation State Actors – Iran

• US govt: Iranian hackers breached federal agency using Log4Shell exploit (bleepingcomputer.com)

• CISA: Iranian APT actors compromised federal network (techtarget.com)

• US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j | SecurityWeek.Com

Nation State Actors – Misc

• State-Backed APT Group Activity Continuing Apace - Infosecurity Magazine (infosecurity-magazine.com)

• The challenges of tracking APT attacks - Help Net Security

Vulnerability Management

• Misconfigurations, Vulnerabilities Found in 95% of Applications (darkreading.com)

Vulnerabilities

• Microsoft Office lets hackers execute arbitrary code, update now | TechRadar

• Unpatched Zimbra Platforms Are Probably Compromised, CISA Says (darkreading.com)

• All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks | The Daily Swig (portswigger.net)

• Exploit released for actively abused ProxyNotShell Exchange bug (bleepingcomputer.com)

• F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ (bleepingcomputer.com)

• Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution | SecurityWeek.Com

• Firefox 107 Patches High-Impact Vulnerabilities | SecurityWeek.Com

• Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products (thehackernews.com)

• Windows Kerberos authentication breaks after November updates (bleepingcomputer.com)

• Nasty SQL Injection Bug in Zendesk Endangers Sensitive Customer Data (darkreading.com)

• Mastodon users vulnerable to password-stealing attacks | The Daily Swig (portswigger.net)

• High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices (thehackernews.com)

Tools and Controls

• XDR: Still confusing after all these years | CSO Online

• What is an External Penetration Test? (thehackernews.com)

• MITRE Engenuity Launches Evaluations for Security Service Providers (darkreading.com)

• How Routine Pen Testing Can Reveal the Unseen Flaws in Your Cyber security Posture (darkreading.com)

• How Browser Innovations Are Taking On New Cyber Threats | WIRED UK

Reports Published in the Last Week

• 2022 Global Threat Report | Elastic

• Cyber Risk Index 1H'22 Snapshot (trendmicro.com)

Other News

• Cyber security Industry Must Maintain Public Faith in Technology, Says NCSC Founder - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Resilience: The New Strategy to Cope With Increased Threats | SecurityWeek.Com

• The 4 horsemen of the cyber security apocalypse | Security Magazine

• The Top Five Cyber security Trends of 2023: KnowBe4 Makes Its Predictions - MSSP Alert

• Build a mature approach for better cyber security vendor evaluation | CSO Online

• Almost half of customers have left a vendor due to poor digital trust: Report | CSO Online

• Global 2000 companies failing to adopt key domain security measures | CSO Online

• Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert

• Majority of Companies Reduce Cyber security Staff Over Holidays - Infosecurity Magazine (infosecurity-magazine.com)

• Over 12,000 Cyber Incidents at US DoD Since 2015, But Incident Management Still Lacking | SecurityWeek.Com

• Repair technicians caught snooping on customer data • The Register

• Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert

• 'No guns, no guards, no gates.' NSA opens up to outsiders in fight for cyber security (cyberscoop.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Russian Sanctions Instigator Lloyd's Possibly Hit by Cyber Attack

Lloyd’s of London, the London-based insurance market heavily involved in implementing sanctions against Russia, may have been hit by a cyber-attack. On Wednesday, October 5, 2022, the British insurance market revealed it had detected “unusual activity” on its systems and has turned off all external connectivity “as a precautionary measure.”

“We have informed market participants and relevant parties, and we will provide more information once our investigations have concluded,” said a Lloyd’s spokesperson.

The company did not comment on whether or not it has been contacted by hackers, if a ransom demand has been issued, or on the possible source of the attack.

However, the insurance market has been closely involved with the design and implementation of sanctions imposed on Russia in response to its invasion of Ukraine – a potential motive for the attack. Lloyd’s itself has confirmed it was working closely with British and international governments to implement such sanctions.

Around 100 insurance syndicates operate at Lloyd's.

Earlier in 2022, Lloyd’s instructed its 76 insurance syndicates to remove “nation-state-backed cyber attacks” from insurance policies by March 2023, as well as losses “arising from a war.”

https://www.infosecurity-magazine.com/news/lloyds-possibly-hit-by-cyberattack/

• Former Uber Security Chief Convicted of Covering Up Data Breach

Uber’s former head of security has been convicted of covering up a 2016 data breach at the rideshare giant, hiding details from US regulators and paying off a pair of hackers in return for their discretion.

The trial, closely watched in cyber security circles, is believed to be the first criminal prosecution of a company executive over the handling of a data breach.

Joe Sullivan, who was fired in 2017 over the incident, was found guilty by a San Francisco jury of obstructing an investigation by the Federal Trade Commission. At the time of the 2016 breach, the regulator had been investigating the car-booking service over a different cyber security lapse that had occurred two years earlier.

Jurors also convicted Sullivan of a second count related to having knowledge of but failing to report the 2016 breach to the appropriate government authorities. The incident eventually became public in 2017 when Dara Khosrowshahi, who had just taken over as chief executive, disclosed details of the attack.

Prosecutors said Sullivan had taken steps to make sure data compromised in the attack would not be revealed. According to court documents, two hackers approached Sullivan’s team to notify Uber of a security flaw that exposed the personal information of almost 60mn drivers and riders on the platform.

https://www.ft.com/content/051af6a1-41d1-4a6c-9e5a-d23d46b2a9c9

• First 72 Hours of Incident Response Critical to Taming Cyber Attack Chaos

Cyber security professionals tasked with responding to attacks experience stress, burnout, and mental health issues that are exacerbated by a lack of breach preparedness and sufficient incident response practice in their organisations.

A new IBM Security-sponsored survey published this week found that two-thirds (67%) of incident responders suffer stress and anxiety during at least some of their engagements, while 44% have sacrificed the well-being of their relationships, and 42% have suffered burnout, according to the survey conducted by Morning Consult. In addition, 68% of incidents responders often have to work on two or more incidents at the same time, increasing their stress, according to the survey's results.

Companies that plan and practice responding to a variety of incidents can lower the stress levels of their incident responders, employees, and executives, says John Dwyer, head of research for IBM Security's X-Force response team.

"Organisations are not effectively establishing their response strategies with the responders in mind — it does not need to be as stressful as it is," he says. "There is a lot of time when the responders are managing organisations during an incident, because those organisations were not prepared for the crisis that occurs. These attacks happen every day."

The IBM Security-funded study underscores why the cyber security community has focused increasingly on the mental health of its members. About half (51%) of cyber security defenders have suffered burnout or extreme stress in the past year, according to a VMware survey released in August 2021. Cyber security executives have also spotlighted the issue as one that affects the community and companies' ability to retain skilled workers.

https://www.darkreading.com/attacks-breaches/incident-response-s-first-72-hours-critical-to-taming-chaos

• Email Defences Under Siege: Phishing Attacks Dramatically Improve

This week's report that cyber attackers are laser-focused on crafting attacks specialised to bypass Microsoft's default security showcases an alarming evolution in phishing tactics, security experts said this week.

Threat actors are getting better at slipping phishing attacks through the weak spots in platform email defences, using a variety of techniques, such as zero-point font obfuscation, hiding behind cloud-messaging services, and delaying payload activation, for instance. They're also doing more targeting and research on victims.

As a result, nearly 1 in 5 phishing emails (18.8%) bypassed Microsoft's platform defences and landed in workers' inboxes in 2022, a rate that increased 74% compared to 2020, according to research published by cyber security firm Check Point Software. Attackers increasingly used techniques to pass security checks, such as Sender Policy Framework (SPF), and obfuscate functional components of an e-mail, such as using zero-size fonts or hiding malicious URLs from analysis.

The increasing capabilities of attackers is due to the better understanding of current defences, says Avanan, an email security firm acquired by Check Point in August 2021.

"It is a family of 10 to 20 techniques, but they all lead to the objective of deceiving a company's security layers," he says. "The end result is always an email that looks genuine to the recipient but looks different to the algorithm that analyses the content."

Microsoft declined to comment on the research. However, the company has warned of advanced techniques, such as adversary-in-the-middle phishing (AiTM), which uses a custom URL to place a proxy server between a victim and their desired site, allowing the attacker to capture sensitive data, such as usernames and passwords. In July, the company warned that more than 10,000 organisations had been targeted during one AiTM campaign.

https://www.darkreading.com/remote-workforce/email-defenses-under-siege-phishing-attacks-dramatically-improve

• Remote Services Are Becoming an Attractive Target for Ransomware

Stolen credentials are no longer the number one initial access vector for ransomware operators looking to infect a target network and its endpoints - instead, they’ve become more interested in exploiting vulnerabilities found in internet-facing systems.

A report from Secureworks claims ransomware-as-a-service developers are quick to add newly discovered vulnerabilities into their arsenals, allowing even less competent hackers to exploit them swiftly, and with relative ease.

In fact, the company's annual State of the Threat Report reveals that flaw exploitation in remote services accounted for 52% of all ransomware incidents the company analysed over the last 12 months.

Besides remote services, Secureworks also spotted a 150% increase in the use of infostealers, which became a “key precursor” to ransomware. Both these factors, the report stresses, kept ransomware as the number one threat for businesses of all sizes, “who must fight to stay abreast of the demands of new vulnerability prioritisation and patching”.

All things considered, ransomware is still the biggest threat for businesses. It takes up almost a quarter of all attacks that were reported in the last 12 months, Secureworks says, and despite law enforcement being actively involved, operators remained highly active.

https://www.techradar.com/news/remote-services-are-becoming-an-attractive-target-for-ransomware

• Growing Reliance on Cloud Brings New Security Challenges

There was a time when cloud was just a small subset of IT infrastructure, and cloud security referred to a very specific set of tasks. The current reality is very different, organisations are heavily dependent on cloud technologies and cloud security has become a much more complex endeavour.

Organisations increasingly rely on the cloud to deliver new applications, reduce costs, and support business operations. One in every four organisations already have majority workloads in the cloud, and 44% of workloads currently run in some form of public cloud, says Omdia, a research and advisory group.

Practically every midsize and large organisation now operates in some kind of a hybrid cloud environment, with a mix of cloud and on-premises systems. For most organisations, software-as-a-service constitute the bulk (80%) of their cloud environments, followed by infrastructure-as-a-service and platform-as-a-service deployments.

In the past, cloud security conversations tended to focus on making sure cloud environments are being configured properly, but cloud security nowadays goes far beyond just configuration management. The sprawling cloud environment means security management has to be centralised, Omdia said. Security functions also need to be integrated into existing application deployment workflows.

On top of all of this, multicloud is becoming more common among organisations as they shift their workloads to avoid being dependent on a single platform. The three major cloud providers – Amazon Web Services, Microsoft Azure, and Google Cloud Platform – account for 65% of the cloud market.

https://www.darkreading.com/dr-tech/growing-reliance-on-cloud-brings-new-security-challenges

• Many IT Pros Don’t Think a Ransomware Attack Can Impact Microsoft 365 Data

The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with 20% of attacks happening in the last year.

Cyber attacks are happening more frequently. Last year’s ransomware survey revealed that 21% of companies experienced an attack. This year it rose by three percent to 24%.

“Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. Our survey shows that many in the IT community have a false sense of security. As bad actors develop new techniques, companies like ours have to do what it takes to come out ahead and protect businesses around the world,” said Hornetsecurity.

The report highlighted a lack of knowledge on the security available to businesses. 25% of IT professionals either don’t know or don’t think that Microsoft 365 data can be impacted by a ransomware attack.

Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.

“Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can backup their Microsoft 365 data securely and protect themselves from such attacks,” said Hofmann.

https://www.helpnetsecurity.com/2022/10/03/ransomware-attack-impact-microsoft-365-data/

• Ransomware Group Bypasses "Enormous" Range of EDR Tools

A notorious ransomware group has been spotted leveraging sophisticated techniques to bypass endpoint detection and response (EDR) tools.

BlackByte, which the US government has said poses a serious threat to critical infrastructure, used a “Bring Your Own Driver” technique to circumvent over 1000 drivers used by commercially available EDR products, according to Sophos. The UK cyber security vendor explained in a new report that the group had exploited a known vulnerability, CVE-2019-16098, in Windows graphics utility driver RTCorec6.sys. This enabled it to communicate directly with a victim system’s kernel and issue commands to disable callback routines used by EDR tools.

The group also used EDR bypass techniques borrowed from open source tool EDRSandblast to deactivate the Microsoft-Windows-Threat-Intelligence ETW (Event Tracing for Windows) provider. This is a Windows feature “that provides logs about the use of commonly maliciously abused API calls such as NtReadVirtualMemory to inject into another process’s memory,” explained Sophos. Neutralising it in this way renders any security tool relying on the feature also useless, the firm argued.

“If you think of computers as a fortress, for many EDR providers, ETW is the guard at the front gate,” said Sophos. “If the guard goes down, then that leaves the rest of the system extremely vulnerable. And, because ETW is used by so many different providers, BlackByte’s pool of potential targets for deploying this EDR bypass is enormous.”

BlackByte is not the only ransomware group using these advanced techniques to get around existing detection tools, illustrating the continued arms race between attackers and defenders. AvosLocker used a similar method in May, Sophos said. “Anecdotally, from what we’re seeing in the field, it does appear that EDR bypass is becoming a more popular technique for ransomware threat groups,” the firm confirmed. “This is not surprising. Threat actors often leverage tools and techniques developed by the ‘offensive security’ industry to launch attacks faster and with minimal effort.”

https://www.infosecurity-magazine.com/news/ransomware-bypasses-enormous-range/

• MS Exchange Zero-Days: The Calm Before the Storm?

Two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

But mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working on the patches.

The two vulnerabilities were publicly documented last Wednesday, by researchers with Vietnamese company GTSC, and Microsoft soon after sprung into (discernible) action by offering customer guidance, followed by an analysis of the attacks exploiting the two vulnerabilities. Several changes have been made to the documents since then, after the company found and other researchers pointed out several shortcomings.

Microsoft says its threat analysts observed “activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks,” and that the attackers breached fewer than 10 organisations globally. “MSTIC assesses with medium confidence that the single activity group is likely to be a state-sponsored organisation,” they added.

The other good news is there are still no public exploits for the two vulnerabilities. But, Microsoft says, “Prior Exchange vulnerabilities that require authentication have been adopted into the toolkits of attackers who deploy ransomware, and these vulnerabilities are likely to be included in similar attacks due to the highly privileged access Exchange systems confer onto an attacker.”

Enterprise defenders should expect trouble via this attack path in the near future, it seems, so keeping abreast of the changing situation and springing into action as quickly as possible once the patches are made available is advised. Scammers have since started impersonating security researchers and offering non-existing PoC exploits for CVE-2022-41082 for sale via GitHub

https://www.helpnetsecurity.com/2022/10/03/ms-exchange-cve-2022-41040-cve-2022-41082/

• Average Company with Data in the Cloud Faces $28 Million in Data-Breach Risk

Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous amount of cloud data exposed to insider threats and cyber attacks, according to Varonis.

For the report, researchers analysed nearly 10 billion cloud objects (more than 15 petabytes of data) across a random sample of data risk assessments performed at more than 700 companies worldwide. In the average company, 157,000 sensitive records are exposed to everyone on the internet by SaaS sharing features, representing $28 million in data-breach risk, Varonis researchers have found.

One out of every 10 records in the cloud is exposed to all employees — creating an impossibly large internal blast radius, which maximises damage during a ransomware attack. The average company has 4,468 user accounts without MFA enabled, making it easier for attackers to compromise internally exposed data.

Out of 33 super admin accounts in the average organisation, more than half did not have MFA enabled. This makes it easier for attackers to compromise these powerful accounts, steal more data, and create backdoors. Companies have more than 40 million unique permissions across SaaS applications, creating a nightmare for IT and security teams responsible for managing and reducing cloud data risk.

“Cloud security shouldn’t be taken for granted. When security teams lack critical visibility to manage and protect SaaS and IaaS apps and services, it’s nearly impossible to ensure your data isn’t walking out the door,” said Varonis. “This report is a true-to-life picture of over 700 real-world risk assessments of production SaaS environments. The results underscore the urgent need for CISOs to uncover and remediate their cloud risk as quickly as possible.”

https://www.helpnetsecurity.com/2022/10/05/company-data-breach-risk/

• Secureworks Finds Network Intruders See Little Resistance

Attackers who break into networks only need to take a few basic measures in order to avoid detection.

Security vendor Secureworks said in its annual State of the Threat report that it observed several data breaches between June 2021 and June 2022 and found that, by and large, once network intruders gained a foothold on the targets' environment, they had to do relatively little to stay concealed.

"One thing that is notable about them is that none of these techniques are particularly sophisticated," the vendor said. "That is because threat actors do not need them to be; the adversary will only innovate enough to achieve their objectives. So there is a direct relationship between the maturity of the controls in a target environment and the techniques they employ to bypass those controls."

Among the more basic measures taken by the attackers was coding their tools in newer languages such as Go or Rust. This tweak created enough of a difference in the software to evade signature-checking tools, according to Secureworks' report. In other cases, the network intruders hid their activity by packing their malware within a trusted Windows installer or by sneaking it into the Authenticode signature of a trusted DLL. In another case, a malware infection was seen moving data out of the victim's network via TOR nodes. While effective, Secureworks said the techniques are hardly innovative. Rather, they indicate that threat actors find themselves only needing to do the bare minimum to conceal themselves from detection.

https://www.techtarget.com/searchsecurity/news/252525696/Secureworks-finds-network-intruders-see-little-resistance

• Regulations, Laws and Accountability are Changing the Cyber Security Landscape

As cyber criminals continue to develop new ways to wreak havoc, regulators have been working to catch up. They aim to protect data and consumers while avoiding nation-state attacks that are a risk to national and economic security. But some of these regulations may provide an opportunity for MSSPs.

Some of these regulations are a response to what’s generally been a hands-off approach to telling organisations what to do. Unfortunately, cyber security isn’t always prioritised when budgets and resources are allocated. The result is a steadily rising tide of breaches and exploits that have held organisations hostage and made private information available on the dark web.

The new regulations are coming from all directions: at the state and federal levels in the US and around the world. While many of these regulations aren’t yet final, there’s no reason not to start aligning with where trends will ease the impact of changing rules. At the same time, many organisations want to hold the government responsible for some kinds of attacks. It will be interesting to see how regulating works, as most politicians and bureaucrats aren’t known for their technological savvy.

In the US, for example, new regulations are in development in the Federal Trade Commission, Food and Drug Administration, Department of Homeland Security, Department of Transportation, Department of Energy, and the Cybersecurity and Infrastructure Security Agency. Thirty-six states have enacted cyber security legislation, and the count increases as other countries join.

One of the motivating factors for all these new regulations is that most cyber attacks aren’t reported. Lawmakers realise cyber security threats continue to be one of the top national security and economic risks. In the last year and a half (2020-2022), there have been attacks on America’s gas supply, meat supply, and various other companies, courts, and government agencies. One FBI cyber security official estimated the government only learns about 20% to 25% of intrusions at US business and academic institutions.

In March, Congress passed legislation requiring critical infrastructure operators to report significant cyber attacks to CISA within 72 hours of learning about the attack. It also required them to report a ransomware payment within 24 hours. These regulations will also consider reporting “near misses” so that this data can also be studied and tracked. The problem is, how does one define a “near miss”?

https://www.msspalert.com/cybersecurity-guests/regulations-laws-and-accountability-are-changing-the-cybersecurity-landscape/

• This Year’s Biggest Cyber Threats

OpenText announced the Nastiest Malware of 2022, a ranking of the year’s biggest cyber threats. For the fifth year running, experts combed through the data, analysed different behaviours, and determined which malicious payloads are the nastiest.

Emotet regained its place at the top, reminding the world that while affiliates may be taken down, the masterminds are resilient. LockBit evolved its tactics into something never seen before: triple extortion. Analysis also revealed an almost 1100% increase in phishing during the first four months of 2022 compared to the same period in 2021, indicating a possible end to the “hacker holiday,” a hacker rest period following the busy holiday season.

“The key takeaway from this year’s findings is that malware remains centre stage in the threats posed towards individuals, businesses, and governments,” said OpenText.

“Cyber criminals continue to evolve their tactics, leaving the infosec community in a constant state of catch-up. With the mainstream adoption of ransomware payloads and cryptocurrency facilitating payments, the battle will continue. No person, no business—regardless of size—is immune to these threats.”

While this year’s list may designate payloads into different categories of malware, it’s important to note many of these bad actor groups contract work from others. This allows each group to specialise in their respective payload and perfect it.

https://www.helpnetsecurity.com/2022/10/06/2022-nastiest-malware/

Threats

Ransomware and Extortion

• Ransomware Attacks On The Rise, Secureworks Reveals in its State of the Threat Report - MSSP Alert

• Ransomware: This is how half of attacks begin, and this is how you can stop them | ZDNET

• Fake adult sites push data wipers disguised as ransomware (bleepingcomputer.com)

• Ferrari Hit By Ransomware Attack: 7 GB Of Data Published Online – Expert (informationsecuritybuzz.com)

• BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions (thehackernews.com)

• BlackByte ransomware abuses legit driver to disable security products (bleepingcomputer.com)

• Ransomware attacks ravage schools, municipal governments (techtarget.com)

• Ransomware 3.0: The Next Frontier (darkreading.com)

• More and more ransomware is just data theft, no encryption • The Register

• Netwalker ransomware affiliate sentenced to 20 years in prison (bleepingcomputer.com)

• Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs

• ADATA denies RansomHouse cyber attack, says leaked data from 2021 breach (bleepingcomputer.com)

• Avast releases a free decryptor for some Hades ransomware variants - Security Affairs

• Cyber criminals Leak LA School Data After It Refuses to Ransom (vice.com)

• How Ransomware Is Causing Chaos in American Schools (vice.com)

• Ransomware hunters: the self-taught tech geniuses fighting cyber crime | Cyber crime | The Guardian

BEC – Business Email Compromise

• BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)

• Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg

Phishing & Email Based Attacks

• Hackers Can Use 'App Mode' in Chromium Browsers' for Stealth Phishing Attacks (thehackernews.com)

• Phishing Campaigns Target KFC, McDonald's in Saudi Arabia, UAE, Singapore - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Callback phishing attacks evolve their social engineering tactics (bleepingcomputer.com)

• 3 ways enterprises can mitigate social engineering risks - Help Net Security

Malware

• OpenText Releases List Of The Year’s “Nastiest” Malware - MSSP Alert

• This devious malware is able to disable your antivirus | TechRadar

• Bumblebee Malware Loader's Payloads Significantly Vary by Victim System (darkreading.com)

• Eternity Group Hackers Offering New LilithBot Malware-as-a-Service to Cyber criminals (thehackernews.com)

• Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)

• NullMixer Dropper Delivers a Multimalware Code Bomb (darkreading.com)

• Maggie malware already infected over 250 Microsoft SQL servers - Security Affairs

Mobile

• Android Spyware 'RatMilad' Targets Enterprise Devices in Iran - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• 7 IoT Devices That Make Security Pros Cringe (darkreading.com)

• Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast (darkreading.com)

• Acronis founder is afraid of his own vacuum cleaner • The Register

Data Breaches/Leaks

• “Egypt Leaks” – Hacktivists are Leaking Financial Data - Security Affairs

• No Shangri-La for you: Top hotel chain confirms data leak • The Register

• Home Office reprimanded after sensitive counter-terror documents left at London venue | The Independent

• NSA: Someone hacked military contractor and stole data • The Register

• City of Tucson discloses data breach affecting over 123,000 people (bleepingcomputer.com)

• Optus Says ID Numbers of 2.1 Million Compromised in Data Breach | SecurityWeek.Com

• Aussie Telco Telstra Breached, Reportedly Exposing 30,000 Employees' Data (darkreading.com)

• 2K warns users their info has been stolen following breach of its help desk | Ars Technica

• Russian retail chain 'DNS' confirms hack after data leaked online (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Breaking: Scams Linked To Crypto Soared By 335% (informationsecuritybuzz.com)

• Hacker steals $566 million worth of crypto from Binance Bridge (bleepingcomputer.com)

• Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)

• Binance Says $100 Million Stolen in Latest Crypto Hack (gizmodo.com)

• Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)

Insider Risk and Insider Threats

• Why Don't CISOs Trust Their Employees? (darkreading.com)

• Meta sues app dev for stealing over 1 million WhatsApp accounts (bleepingcomputer.com)

• To avoid insider threats, try empathy - Help Net Security

• Microsoft publishes report on holistic insider risk management - Microsoft Security Blog

• Unearth offboarding risks before your employees say goodbye - Help Net Security

• Splunk alleges source code theft by former employee • The Register

• Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government (thehackernews.com)

Fraud, Scams & Financial Crime

• ICO Fines Four "Predatory" Privacy-Invading Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Consumers Feel Hopeless in Protecting Themselves Against Cyber crime, ISACA Reports - MSSP Alert

• BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)

• Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg

• Russians dodging mobilization behind flourishing scam market (bleepingcomputer.com)

• Scammers and rogue callers – can anything ever stop them? – Naked Security (sophos.com)

• Healthcare Company Owners Get Jail Time for $7m Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Online romance scam boss netted $9.5m, jailed for 25 years • The Register

Deepfakes

• How a deepfake Mark Ruffalo scammed half a million dollars from a lonely heart • Graham Cluley

Supply Chain and Third Parties

• Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)

• Supply Chain Attack Targets Customer Engagement Firm Comm100 | SecurityWeek.Com

Denial of Service DoS/DDoS

• DDoS Attacks Spike in First Half of 2022 to Highest Levels in Four Years - MSSP Alert

Cloud/SaaS

• How Will the Metaverse Affect Cloud Security? (trendmicro.com)

• Hardening data security in the cloud • The Register

• Monitoring Your Cloud And Hybrid IT Infrastructure: How To Find The Right Monitoring Solution (informationsecuritybuzz.com)

Encryption

• Loads of connected PostgreSQL systems do not use SSL • The Register

API

• More Than 30% of All Malicious Attacks Target Shadow APIs (darkreading.com)

• APIs are quickly becoming the most popular attack vector - Help Net Security

• The Problem of API Security and How To Fix It (informationsecuritybuzz.com)

• API authentication failures demonstrate the need for zero trust - Help Net Security

• Shadow APIs hit with 5 billion malicious requests - Help Net Security

Open Source

• When transparency is also obscurity: The conundrum that is open-source security - Help Net Security

• How Secure is Using Open Source Components? - IT Security Guru

Passwords, Credential Stuffing & Brute Force Attacks

• Microsoft warns Basic Auth users over password spray attacks • The Register

• Is mandatory password expiration helping or hurting your password security? - Help Net Security

• Detecting and preventing LSASS credential dumping attacks - Microsoft Security Blog

• Meta Says It Has Busted More Than 400 Login-Stealing Apps This Year | WIRED

Privacy, Surveillance and Mass Monitoring

• The gap between security and privacy, and what it will take to bridge it - Help Net Security

• ICO Fines Four "Predatory" Privacy-Invading Firms - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• New Telecoms Security Framework Comes Into Force (informationsecuritybuzz.com)

Models, Frameworks and Standards

• CIS Controls v8: Safeguards to mitigate the most prevalent cyber-attacks - Help Net Security

Secure Disposal

• The astronomical costs of an asset disposal program gone wrong | CSO Online

• New forensic analysis of electronical devices unveils dangers of inadequate data disposal for individuals and businesses - Business in the News

Backup and Recovery

• Giving Away the Keys to Your Backups? Here’s How to Keep Out Hackers (darkreading.com)

Law Enforcement Action and Take Downs

• Police arrest teen for using leaked Optus data to extort victims (bleepingcomputer.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Relentless Russian Cyber attacks on Ukraine Raise Important Policy Questions (darkreading.com)

• Finnish intelligence warns of Russia's cyber espionage activities - Security Affairs

• Kazakhstan Pins Wave Of Cyber attacks On Foreign Actors | OilPrice.com

• Albania weighed invoking NATO’s Article 5 over Iranian cyber attack - POLITICO

• Russian Hackers Take Aim at Kremlin Targets: Report - Infosecurity Magazine (infosecurity-magazine.com)

• We breached Russian satellite network, say pro-Ukraine partisans | Cybernews

• Ukrainian forces report Starlink outages during push against Russia | Financial Times (ft.com)

• Android Spyware 'RatMilad' Targets Enterprise Devices in Iran - Infosecurity Magazine (infosecurity-magazine.com)

• Report: Mexico Continued to Use Spyware Against Activists | SecurityWeek.Com

Nation State Actors

Nation State Actors – China

• US authorities name China's 20 favourite vulns to exploit • The Register

• Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs

Nation State Actors – North Korea

• Lazarus employed an exploit in a Dell firmware driver in recent attacks - Security Affairs

Vulnerability Management

• CISA mandates vulnerability detection and reporting rules • The Register

• The Zero Day Dilemma | SecurityWeek.Com

Vulnerabilities

• Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities (thehackernews.com)

• Fortinet warns admins to patch critical auth bypass bug immediately (bleepingcomputer.com)

• Cisco Patches High-Severity Vulnerabilities in Communications, Networking Products | SecurityWeek.Com

• Atlassian, Microsoft bugs make CISA’s must-patch list • The Register

• US authorities name China's 20 favourite vulns to exploit • The Register

• October 2022 Patch Tuesday forecast: Looking for treats, not more tricks - Help Net Security

• Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub (bleepingcomputer.com)

• CISA Warns of Attacks Exploiting Recent Atlassian Bitbucket Vulnerability | SecurityWeek.Com

• No fix in sight for mile-wide loophole plaguing a key Windows defence for years | Ars Technica

• Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite (thehackernews.com)

• Lazarus employed an exploit in a Dell firmware driver in recent attacks - Security Affairs

• Unpatched Zimbra flaw under attack is letting hackers backdoor servers | Ars Technica

• macOS Archive Utility Bug Lets Malicious Apps Bypass Security Checks (darkreading.com)

• Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy (thehackernews.com)

• VMware fixed a high-severity bug in vCenter Server - Security Affairs

• BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions (thehackernews.com)

Reports Published in the Last Week

• 2022 State of the Threat Report | Secureworks

• Building a Holistic Insider Risk Management Program

Other News

• Guilty verdict in the Uber breach case makes personal liability real for CISOs | CSO Online

• Cyber attackers view smaller organisations as easier targets - Help Net Security

• Moody's turns up the heat on 'riskiest' sectors for attacks • The Register

• 5 reasons why security operations are getting harder | CSO Online

• Former NSA Employee Faces Death Penalty for Selling Secrets (darkreading.com)

• Fast Company Is Back From the Dead After Being Hacked (gizmodo.com)

• Ready Or Not, Web 3 Is Coming And With It Comes Cybersquatting 2.0 (informationsecuritybuzz.com)

• Cyber Hygiene: 5 Best Practices for Company Buy-In (trendmicro.com)

• School Is in Session: 5 Lessons for Future Cyber Security Pros (darkreading.com)

• Want More Secure Software? Start Recognizing Security-Skilled Developers (thehackernews.com)

• Incident responders increasingly seek out mental health assistance - Help Net Security

• You Are Not Alone If You're Unclear About Extended Detection and Response (XDR) - MSSP Alert

• Why digital trust is the bedrock of business relationships - Help Net Security

• Incident Responders Driven by Sense of Duty, Handcuffed by Volume of Cyber attacks, IBM Reports - MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia

The head of the UK National Cyber Security Centre (NCSC) Lindy Cameron has given an update on Russia’s cyber activity amid its war with Ukraine. Her speech at Chatham House last week came just a few days after Ukraine’s military intelligence agency issued a warning that Russia was “preparing massive cyber attacks on the critical infrastructure of Ukraine and its allies.” This coincides with a new Forrester report that reveals the extent to which the cyber impact of the Russia-Ukraine conflict has expanded beyond the conflict zone with malware attacks propagating into European entities.

Addressing Russian cyber activity this year, Cameron stated that, while we have not seen the “cyber-Armageddon” some predicted, there has been a “very significant conflict in cyber space – probably the most sustained and intensive cyber campaign on record – with the Russian State launching a series of major cyber attacks in support of their illegal invasion in February.”

Russian cyber forces from their intelligence and military branches have been busy launching a huge number of attacks in support of immediate military objectives.

Since the start of the year, the NCSC has been advising UK organisations to take a more proactive approach to cyber security in light of the situation in Ukraine. “There may be organisations that are beginning to think ‘is this still necessary?’ as in the UK we haven’t experienced a major incident related to the war in Ukraine. My answer is an emphatic yes,” Cameron said.

In response to significant recent battlefield set-backs, Putin has been reacting in unpredictable ways, and so we shouldn’t assume that just because the conflict has played out in one way to date, it will continue to go the same way, Cameron added. “There is still a real possibility that Russia could change its approach in the cyber domain and take more risks – which could cause more significant impacts in the UK.” UK organisations and their network defenders should therefore be prepared for this period of elevated alert with a focus on building long-term resilience, which is a “marathon not a sprint,” she said.

https://www.csoonline.com/article/3674871/ncsc-chief-warns-uk-organizations-ukraine-s-allies-of-possible-massive-cyberattacks-by-russia.html#tk.rss_news

• Cyber Criminals See Allure in BEC Attacks Over Ransomware

While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organisations.

BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17% in the first quarter of 2022. That's according to Arctic Wolf's "1H 2022 Incident Response Insights" report, published on 29 September, which found that specific industries — including financial, insurance, business services, and law firms, as well as government agencies — experienced more than double their previous number of cases, the company said.

Overall, the number of BEC attacks encountered per email box has grown by 84% in the first half of 2022, according to data from cyber security firm Abnormal Security.

Meanwhile, so far this year, threat reports released by organisations have revealed contradictory trends for ransomware. Arctic Wolf and the Identity Theft Resource Center (ITRC) have seen drops in the number of successful ransomware attacks, while business customers seem to be encountering ransomware less often, according to security firm Trellix. At the same time, network security firm WatchGuard had a contrary take, noting that its detection of ransomware attacks skyrocketed 80% in the first quarter of 2022, compared with all of last year.

The surging state of BEC landscape is unsurprising because BEC attacks offer cyber criminals advantages over ransomware. Specifically, BEC gains do not rely on the value of cryptocurrency, and attacks are often more successful at escaping notice while in progress. Threat actors are unfortunately very opportunistic.

For that reason, BEC — which uses social engineering and internal systems to steal funds from businesses — continues to be a stronger source of revenue for cyber criminals. In 2021, BEC attacks accounted for 35%, or $2.4 billion, of the $6.9 billion in potential losses tracked by the FBI's Internet Crime Complaint Center (IC3), while ransomware remained a small fraction (0.7%) of the total.

https://www.darkreading.com/threat-intelligence/cybercriminals-see-allure-bec-attacks-ransomware

• Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments

A new survey of 300 ethical hackers provides insight into not only the most common means of initial access, but how a complete end-to-end attack happens.

Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.

The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organisations, with different levels of experience and specialisations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.

The survey highlights the need for organisations to improve their mean time-to-detect and mean-time-to-contain, especially when considering that ethical hackers are restricted in the techniques they're allowed to use during penetration testing or red team engagements. Using black hat techniques, like criminals do, would significantly improve the success rate and speed of attack.

When asked how much time they typically need to identify a weakness in an environment, 57% of the polled hackers indicated ten or fewer hours: 16% responded six to ten hours, 25% three to five hours, 11% one to two hours and 5% less than an hour.

https://www.csoonline.com/article/3675535/most-hackers-need-5-hours-or-less-to-break-into-enterprise-environments.html#tk.rss_news

• Global Firms Deal with 51 Security Incidents Each Day

Security operations (SecOps) teams are struggling to respond to dozens of cyber security incidents every single day, according to a new report from Trellix.

The security vendor polled 9000 security decision makers from organisations with 500+ employees across 15 markets to compile its latest study, ‘XDR: Redefining the future of cyber security’.

It found that the average SecOps team has to manage 51 incidents per day, with 36% of respondents claiming they deal with 50 to 200 daily incidents. Around half (46%) agreed that they are “inundated by a never-ending stream of cyber-attacks.”

Part of the problem is the siloed nature of security and detection and response systems, the study claimed. Some 60% of respondents argued that poorly integrated products mean teams can’t work efficiently, while a third (34%) admitted they have blind spots. It’s perhaps no surprise, therefore, that 60% admitted they can’t keep pace with the rapid evolution of security threats.

This could be having a major impact on the bottom line. The vast majority (84%) of security decision makers that Trellix spoke to estimated that their organisation lost up to 10% of revenue from security breaches in the past year.

Medium size businesses ($50–$100m in revenue) lost an average of 8% in revenue, versus 5% for large businesses with a turnover of $10bn–$25bn. That could mean hundreds of millions of dollars are being thrown away each year due to inadequate SecOps.

https://www.infosecurity-magazine.com/news/global-firms-51-security-incidents/

• Phishing Attacks Crushed Records Last Quarter, Driven by Mobile

Last quarter saw a record-shattering number of observed phishing attacks, fuelled in large part by attempts to target users on their mobile devices.

The latest Anti-Phishing Working Group (APWG) "Phishing Activity Trends Report" for the second quarter of 2022 found 1,097,811 observed phishing attacks, the most the group has ever measured in its history.

The financial sector remained the top target for phishing lures (27.6%), along with other bombarded sectors, including webmail and software-as-a-service providers, social media sites, and cryptocurrency.

But much of the rise in phishing volume is due to a new threat actor focus on mobile devices, specifically vishing (voice phishing) and smishing (SMS phishing) attacks, the report noted.

https://www.darkreading.com/attacks-breaches/phishing-attacks-crushed-records-last-quarter

• Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack

According to new data from Databarracks, 44% of the organisations who experienced a ransomware assault paid the demanded ransom. 22% made use of ransomware decryption software, while 34% restored data from backups.

The Databarracks 2022 Data Health Check produced the results. The annual report has been collecting data on ransomware, cyber, backup, disaster recovery, and business continuity from more than 400 UK IT decision-makers since 2008.

From the victim’s standpoint, it’s logical why you may pay a ransom. You are unable to handle orders or provide customer support, and losses mount swiftly. Downtime expenses can easily surpass the ransom.

Organisations may believe that paying the ransom will solve the issue more quickly, allowing them to resume operations as usual. This strategy is faulty for a number of causes.

First of all, there is no assurance that your data will be returned. Second, once criminals know an organisation is an easy target, they frequently attack it again. Finally, it conveys the incorrect message. By paying, you are assisting the crooks by demonstrating that their strategies are effective.

https://informationsecuritybuzz.com/study-research/why-paying-the-ransom-is-still-the-most-common-response-to-a-ransomware-attack/

• Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months

Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to a latest annual report from cyber security specialist Hornetsecurity.

The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with one in five (20%) attacks happening in the last year.

Cyber attacks are happening more frequently. Last year's ransomware survey revealed one in five (21%) companies experienced an attack; this year it rose by three percent to 24%.

Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. The survey shows that many in the IT community have a false sense of security as bad actors develop new techniques.

The 2022 Ransomware Report highlighted a lack of knowledge on the security available to businesses. A quarter (25%) of IT professionals either don't know or don't think that Microsoft 365 data can be impacted by a ransomware attack.

Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.

Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks.

Industry responses showed the widespread lack of preparedness from IT professionals and businesses. There has been an increase in businesses not having a disaster recovery plan in place if they do succumb to the heightened threat of a cyber attack.

In 2021, 16% of respondents reported having no disaster recovery plan in place. In 2022, this grew to 19%, despite the rise in attacks.

https://www.darkreading.com/attacks-breaches/ransomware-attacks-continue-increasing-20-of-all-reported-attacks-occurred-in-the-last-12-months---new-survey

• More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise

A recent survey from machine identity solutions provider Venafi aimed to explore the complexity of cloud environments and the resulting impact on cyber security.

Venafi surveyed 1,101 security decision makers (SDMs) in firms with more than 1,000 employees and found that eighty-one percent of companies have experienced a cloud security incident in the last year. Forty-five percent have suffered at least four security incidents in the same period. More than half of security decision makers believe that security risks are higher in the cloud than on-premise.

Twenty-four percent of the firms have more than 10,000 employees. Ninety-two percent of the SDMs are at manager level or above, with 49% at c-suite level or higher.

Most of the firms surveyed believe the underlying issue is the increasing complexity of their cloud deployments. Since these companies already host 41% of their applications in the cloud, and expect to increase this to 57% over the next 18 months, the problem is only likely to worsen in the future.

The ripest target of attack in the cloud is identity management, especially machine identities. Each of these cloud services, containers, Kubernetes clusters and microservices needs an authenticated machine identity – such as a TLS certificate – to communicate securely. If any of these identities is compromised or misconfigured, it dramatically increases security and operational risks.

Respondents reported that the most common cloud incidents are security incidents during runtime (34%), unauthorised access (33%), misconfigurations (32%), vulnerabilities that have not been remediated (24%), and failed audits (19%).

Their primary operational concerns are hijacking of accounts, services or traffic (35%), malware or ransomware (31%), privacy/data access issues such as those from GDPR (31%), unauthorised access (28%), and nation state attacks (26%).

https://www.securityweek.com/more-half-security-pros-say-risks-higher-cloud-premise

• How To Outsmart Increasingly Complex Cyber Attacks

Threat detection is harder today than it was two years ago. Next year will be harder than this year. Why? It’s a compounding effect from skills shortages and threat varieties that’s making it more challenging for any one product to handle key security wins. And cyber security is a constantly evolving sector with 2022 a devastating year for cyber security. Both hackers and security experts are always in a battle to outsmart each other.

Even for businesses with good IT departments, data protection can too quickly become an afterthought. Today’s threat landscape is growing, not just in the frequency of attacks (and the number of high-profile breaches recorded in the media) but so is the complexity of any given threat. A recent piece of research found that in 93 percent of cases, an external attacker can breach an organisation’s network perimeter and gain access to local network resources. Following increasing levels of cyber-attacks, it’s a case of “not if I will be hit by a ransomware attack,” but “when…” Organisations need to do something to mitigate the risk and protect their businesses, and they need to do it now. 

Planning and executing a better defence to outsmart attackers and win more security battles doesn’t have to feel like a military operation – but it does require the right service coverage to remove blind spots and reduce emerging risks before they escalate. 

https://informationsecuritybuzz.com/articles/how-to-outsmart-increasingly-complex-cyber-attacks/

• Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks

Fortifying cyber security defences remains a work in progress for many organisations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, according to new research from CompTIA.

While a majority of respondents in each of seven geographic regions feels that their company’s cyber security is satisfactory, CompTIA’s “State of Cybersecurity” shows that a much smaller number rank the situation as “completely satisfactory.” Nearly everyone feels that there is room for improvement.

“Companies are aware of the threats they face and the potential consequences of an attack or breach,” said Seth Robinson, VP of industry research, CompTIA. “But they may be underestimating their exposure and how much they need to invest in cyber security. Risk mitigation is the key, the filter through which everything should be viewed.”

Two of the top three issues driving cyber security considerations are the growing volume of cyber criminals, cited by 48% of respondents, and the growing variety of cyber attacks (45%). Additionally, ransomware and phishing have quickly become major areas of concern as digital operations have increased and human error has proven more costly.

“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cyber security, but this poses significant challenges, both tactically and financially,” Robinson said. “As IT operations and strategy have grown more complex, so has the management of cyber security.”

As cyber security is more tightly integrated with business objectives, zero trust is the overarching policy that should be guiding modern efforts, though its adoption will not take place overnight because it requires a drastically different way of thinking and acting. The report suggests there is small progress in recognising a holistic zero trust approach, but better progress in adopting some elements that are part of an overarching zero trust policy.

https://www.helpnetsecurity.com/2022/09/30/top-issues-driving-cybersecurity/

• Cyber Threats Top Business Leaders' Biggest Concerns

Cyber threats are the number one concern for business decision makers, beating worries over economic uncertainty, rising energy costs and hiring, according to insurance provider Travelers. The firm polled over 1200 business leaders to compile its 2022 Travelers Risk Index report.

This is the third time in four years that cyber has emerged as the top concern, with more than half (57%) of respondents believing a future cyber-attack on their organisation is inevitable. A quarter (26%) said their company had already been a breach victim, the seventh successive year this figure has risen.

The top two cyber-related concerns were suffering a security breach (57%), and a system glitch causing computers to crash (55%). Becoming a cyber-extortion victim rose from eighth position to third this year.

However, despite general concern about cyber-threats, business decision-makers may also be guilty of overconfidence in their organisation’s security posture.

Nearly all respondents (93%) said they’re confident their company has implemented best practices to prevent or mitigate a cyber event. Yet most have not deployed endpoint detection and response tools (64%), they haven’t conducted a vendor cyber-assessment (59%), and don’t have an incident response plan (53%). Further, while 90% said they’re familiar with multi-factor authentication (MFA), only 52% had implemented it for remote access. This increasingly matters, not only to mitigate cyber-risk but also to reduce insurance premium costs and increase coverage.

Cyber attacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions.

Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber-event.

https://www.infosecurity-magazine.com/news/cyberthreats-top-business-big/

• Fired Admin Cripples Former Employer's Network Using Old Credentials

After being laid off, an IT system administrator disrupted the operations of his former employer, a high-profile financial company in Hawaii, hoping to get his job back.

Casey K Umetsu, aged 40, worked as a network admin for the company between 2017 and 2019, when his employer terminated his contract. The US Department of Justice says in a press release that the defendant pled guilty to accessing his former employer's website and making configuration changes to redirect web and email traffic to external computers.

To prolong the business disruption for several more days, Umetsu performed additional actions that essentially locked out the firm's IT team from the website administration panel. In the end, the victimised company learned who was responsible for the sabotage after reporting the cyber security incident to the FBI.

Umetsu is awaiting sentence for his wrongdoings on January 19, 2023. He faces a maximum of 10 years of prison time and a fine of up to $250,000.

While Umetsu's actions are condemnable, the company's security practices cannot be overlooked since Umetsu used credentials that should have been invalidated the moment he got fired.

https://www.bleepingcomputer.com/news/security/fired-admin-cripples-former-employers-network-using-old-credentials/

Threats

Ransomware and Extortion

• Ransomware data theft tool may show a shift in extortion tactics (bleepingcomputer.com)

• The various ways ransomware impacts your organization - Help Net Security

• New Royal Ransomware emerges in multi-million dollar attacks (bleepingcomputer.com)

• Research: 20% of All Reported Ransomware Attacks Occurred in the Last 12 Months - MSSP Alert

• BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal (thehackernews.com)

• Noberus ransomware gets info-stealing upgrades • The Register

• Personal Data Of Duchess Of York, Clarkson And Attenborough Leaked In Ransomware Attack On Luxury Company (informationsecuritybuzz.com)

• SQL Server admins warned to watch for Fargo ransomware • The Register

• BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic (darkreading.com)

• 'Disgruntled insider' shared REvil information with researchers, helped law enforcement (cyberscoop.com)

• Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks (bleepingcomputer.com)

• NCC Group: IceFire ransomware gang ramping up attacks (techtarget.com)

• MS SQL servers are getting hacked to deliver ransomware to orgs - Help Net Security

• TAP Air Portugal confirms hack, as Ragnar Locker gang leaks data - including that of Portuguese president (bitdefender.com)

• ‘The Ransomware Hunting Team’: Book Excerpt (nymag.com)

• Hackers Leak French Hospital Patient Data in Ransom Fight | SecurityWeek.Com

• Oxford Health: Cyber attack continues to hit NHS trust's services - BBC News

• LA School District Ransomware Attackers Now Threaten to Leak Stolen Data (darkreading.com)

Phishing & Email Based Attacks

• Phishing activity exploded in Q2 2022 - Help Net Security

• Fake US govt job offers push Cobalt Strike in phishing attacks (bleepingcomputer.com)

• Germany arrests hacker for stealing €4 million via phishing attacks (bleepingcomputer.com)

• Capital One Phish Showcases Growing Bank-Brand Targeting Trend (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• How cyber criminals use public online and offline data to target employees | CSO Online

• Beware Revolut frozen card scams sent via SMS text • Graham Cluley

• IRS warns Americans of massive rise in SMS phishing attacks (bleepingcomputer.com)

Malware

• Office exploits continue to spread more than any other category of malware - Help Net Security

• This credit card-stealing malware is spreading like wildfire | Digital Trends

• VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere | CISA

• Hacking group hides backdoor malware inside Windows logo image (bleepingcomputer.com)

• Hackers now sharing cracked Brute Ratel post-exploitation kit online (bleepingcomputer.com)

• Cobalt Strike malware campaign targets job seekers (techtarget.com)

• New Botnet 'Chaos' Targeting Linux, Windows Systems (informationsecuritybuzz.com)

• Malware targets VMware users for espionage, Mandiant says • The Register

• Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)

• Microsoft Sway Pages Weaponized to Perform Phishing and Malware Delivery - Infosecurity Magazine (infosecurity-magazine.com)

• Quantum Builder tool helps criminals spread Windows RATs • The Register

• Unit 42 finds polyglot files delivering IcedID malware (techtarget.com)

• Hackers use PowerPoint files for 'mouseover' malware delivery (bleepingcomputer.com)

• Does AI-powered malware exist in the wild? Not yet (techtarget.com)

• Hackers Backdoor Pirated Windows OS With Cryptominer and Xtreme RAT - Infosecurity Magazine (infosecurity-magazine.com)

• New Erbium password-stealing malware spreads as game cracks, cheats (bleepingcomputer.com)

• Lazarus APT continues to target job seekers with macOS malware - Security Affairs

• Hackers Use NullMixer and SEO to Spread Malware More Efficiently - Infosecurity Magazine (infosecurity-magazine.com)

• APT28 relies on PowerPoint Mouseover to deliver Graphite malware - Security Affairs

Mobile

• WhatsApp 0-Day Bug Let Hackers Execute an Arbitary Code Remotely (gbhackers.com)

• Adware on Google Play and Apple Store installed 13 million times (bleepingcomputer.com)

• Samsung facing class action suit after customer data leak • The Register

• Inside a cyber attack method that targets your cellphone - The Washington Post

Internet of Things – IoT

• Embedded IoT security threats and challenges - Help Net Security

• Manufacturers Failing to Address Cyber security Vulnerabilities Liable Under New European Rules - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• Watchfinder warns customers that hackers stole their data • Graham Cluley

• Samsung Fails Consumers in Preventable Back-to-Back Data Breaches, According to Federal Lawsuit (darkreading.com)

• Shangri-La hotels Customer Database Hacked | SecurityWeek.Com

• Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme (thehackernews.com)

• Australia government wants Optus to pay for data breach | ZDNET

Organised Crime & Criminal Actors

• Ukraine Arrests Cyber Crime Group for Selling Data of 30 Million Accounts (thehackernews.com)

• Middle-class migrant trap as traffickers lure white collar workers into bogus overseas jobs (telegraph.co.uk)

• New hacking group ‘Metador’ lurking in ISP networks for months (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Scams targeting crypto enthusiasts are becoming increasingly common - Help Net Security

• Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)

• Hackers Backdoor Pirated Windows OS With Cryptominer and Xtreme RAT - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber sleuth alleges $160M Wintermute hack was an inside job (cointelegraph.com)

• Crypto-Thieves Cost Victims 53 Times What They Make - Infosecurity Magazine (infosecurity-magazine.com)

• Preventing Cryptocurrency Cyber Extortion (trendmicro.com)

Insider Risk and Insider Threats

• Recent cases highlight need for insider threat awareness and action | CSO Online

Fraud, Scams & Financial Crime

• Online fraudsters adapt tactics to exploit UK cost of living crisis | UK cost of living crisis | The Guardian

• Identities Stolen From 1 In 4 Internet Users (informationsecuritybuzz.com)

• Fake Sites Siphon Millions of Dollars in 3-Year Scam (darkreading.com)

• Man jailed over involvement in identity theft syndicate that laundered millions of dollars | Crime - Australia | The Guardian

• Here’s how crooks are using deepfakes to scam your biz • The Register

Deepfakes

• Reshaping the Threat Landscape: Deepfake Cyber attacks Are Here (darkreading.com)

• The deepfake danger: When it wasn’t you on that Zoom call | CSO Online

Software Supply Chain

• With the Software Supply Chain, You Can't Secure What You Don't Measure (darkreading.com)

Denial of Service DoS/DDoS

• DDoS Threat Intelligence Report: More Than 6 Million Cyber attacks in First Half of 2022 - MSSP Alert

• Hackers are making DDoS attacks sneakier and harder to protect against | ZDNET

• UK's MI5 website briefly hit by denial of service attack - BBC | Reuters

• Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)

Cloud/SaaS

• Cloud security trends: What makes cloud infrastructure vulnerable to threats? - Help Net Security

• 81% of Companies Suffered A Cloud Security Incident Last Year – (informationsecuritybuzz.com)

• What Lurks in the Shadows of Cloud Security? (darkreading.com)

• The current state of cloud security - Help Net Security

Open Source

• Open source projects under attack, with enterprises as the ultimate targets - Help Net Security

• Microsoft: Lazarus hackers are weaponizing open-source software (bleepingcomputer.com)

• Numerous orgs hacked after installing weaponized open source apps | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• The Country Where You Live Impacts Password Choices (darkreading.com)

• Five Steps to Mitigate the Risk of Credential Exposure (thehackernews.com)

Social Media

• Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security

• Fake Accounts Are Not Your Friends! (darkreading.com)

• Ofcom chair says tech firms must prioritise safety alongside clicks | Ofcom | The Guardian

• UK may fine TikTok $29 million for failing to protect children's privacy | Reuters

Training, Education and Awareness

• Time to Change Flawed Approach to Security Awareness (darkreading.com)

Parental Controls and Child Safety

• TikTok could face £27m fine for failing to protect children’s privacy | TikTok | The Guardian

Regulations, Fines and Legislation

• Australia flags privacy overhaul after huge cyber attack on Optus | Reuters

Models, Frameworks and Standards

• 10 PCI DSS best practices to weigh as new standard rolls out (techtarget.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows | SecurityWeek.Com

• Russia prepares massive cyber attacks on the critical infrastructure of Ukraine and its allies - Security Affairs

• State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organisations (thehackernews.com)

• NCSC: UK Organisations Can Learn from Ukraine’s Impressive Cyber Defences - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook Shuts Down Covert Political 'Influence Operations' from Russia and China (thehackernews.com)

• Mystery hackers are “hyperjacking” targets for insidious spying | Ars Technica

• Cyber espionage group developed backdoors tailored for VMware ESXi hypervisors | CSO Online

• Taiwanese citizens prepare for possible cyber war (axios.com)

• Malware targets VMware users for espionage, Mandiant says • The Register

• Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange (darkreading.com)

• Can Kaspersky survive the Ukraine war? - CyberScoop

Nation State Actors

Nation State Actors – Russia

• Researchers Identify 3 Hacktivist Groups Supporting Russian Interests (thehackernews.com)

• APT28 relies on PowerPoint Mouseover to deliver Graphite malware - Security Affairs

• Meta dismantles massive Russian network spoofing Western news sites (bleepingcomputer.com)

Nation State Actors – China

• Chinese Cyberespionage Group 'Witchetty' Updates Toolset in Recent Attacks | SecurityWeek.Com

• China’s infosec researchers may have dodged vuln report ban` • The Register

Nation State Actors – North Korea

• Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings (darkreading.com)

• Microsoft: Lazarus hackers are weaponizing open-source software (bleepingcomputer.com)

• Lazarus APT continues to target job seekers with macOS malware - Security Affairs

• Lazarus hackers abuse Dell driver bug using new FudModule rootkit (bleepingcomputer.com)

Nation State Actors – Iran

• 'Our Conflict With Iran Is Unparalleled', Say Israel's Elite Cyber Unit Commanders - Israel News - Haaretz.com

• OpIran:Anonymous declares war on Iran amid Mahsa Amini’s death - Security Affairs

Nation State Actors – Misc

• Hunting for Unsigned DLLs to Find APTs (paloaltonetworks.com)

Vulnerabilities

• Exchange Server zero-day being actively exploited • The Register

• Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet (darkreading.com)

• Cisco Patches High-Severity Vulnerabilities in Networking Software | SecurityWeek.Com

• Sophos fixes critical code injection bug under exploit • The Register

• Zoho ManageEngine flaw is actively exploited, CISA warns | CSO Online

• Lazarus hackers abuse Dell driver bug using new FudModule rootkit (bleepingcomputer.com)

• Google Quashes 5 High-Severity Bugs With Chrome 106 Update (darkreading.com)

• Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely (thehackernews.com)

• Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws | WIRED

Reports Published in the Last Week

• 2022 State of Bot Mitigation Report: Growing Majority of Companies (69%) (informationsecuritybuzz.com)

Other News

• High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks | SecurityWeek.Com

• Poll Of IT Security Pros Suggests Gaps In UK Cyber Defence (informationsecuritybuzz.com)

• Why Organisations Need Both EDR and NDR for Complete Network Protection (thehackernews.com)

• Lessons From the GitHub Cyber Security Breach (darkreading.com)

• Data security trends: 7 statistics you need to know - Help Net Security

• Why does a Legacy WAF Fail to “Catch” Sophisticated Attacks? (informationsecuritybuzz.com)

• Akamai finds 13 million malicious newly observed domains a month | SC Media (scmagazine.com)

• Opinion | The Uber Hack Exposes More Than Failed Data Security - The New York Times (nytimes.com)

• Cyber security Study Sees “Siloed” Security As Organisational Weak Spot - MSSP Alert

• The key differences between a business continuity plan and a disaster recovery plan - Help Net Security

• 3 types of attack paths in Microsoft Active Directory environments - Help Net Security

• 97% of enterprises say VPNs are prone to cyber attacks: Study | CSO Online

• Collaboration in Cyber Security is the Key to Combatting the Growing Cyber Threat. Here’s Why - IT Security Guru

• 65% of companies are considering adopting VPN alternatives - Help Net Security

• Spoofing cyber attack can make cameras see things that aren’t there | New Scientist

• Zero Trust is the Goal But Much Ground Yet to Cover, CompTIA Reports - MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.