Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 01 March 2024
Black Arrow Cyber Threat Intelligence Briefing 01 March 2024:
-Phishing, Smishing and Vishing Skyrocket 1,265%
-Business Email Compromise Attacks Are Evolving, But What Can Be Done About It
-Vulnerabilities Count Set to Rise by 25% in 2024
-BYOD Increases Mobile Phishing; Risks Have Never Been Higher
-Risk-based spending: An Imperative for Cyber Security That Demands Board Attention
-If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks
-Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business
-Why Governance, Risk and Compliance Must be Integrated with Cyber Security
-More and More UK Firms Concerned About Insider Threats
-98% of Businesses Linked to Breached Third Parties
-What Companies Should Know About Rising Legal Threats
-CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Risk-based spending: An Imperative for Cyber Security That Demands Board Attention
Staying ahead of the latest cyber security developments is essential to keeping your organisation safe. But with the rise of artificial intelligence and attackers dreaming up new techniques every day, a lot of organisations are left to question how they can create proactive, agile cyber security strategies and what approach gives the best return on investment, mitigating risks and maximising the value of their cyber security investments.
Unfortunately, most organisations do not have an unlimited budget, and for small and medium-sized businesses, there is even less to work with. What is needed is a risk-based approach, where organisations identify and prioritise their greatest vulnerabilities, correlating these to business impact; this is then used to form the cyber risk strategy for the organisation.
Sources: [Security Week] [The Hacker News] [Risk.net]
If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks
Recent research from Proofpoint has found that 69% of organisations experienced a successful ransomware incident in the past year, a rise of 5% compared to the previous year. The report found that 60% reported four or more separate ransomware incidents and of the total involved, 54% admitted to paying a ransom. In a separate report, it was found that 78% of organisations suffering a ransomware attack suffered repeat attacks even after they paid.
Sources: [databreaches.net] [Infosecurity Magazine] [Infosecurity Magazine] [Claims Journal]
Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business
Cyber resilience unites cyber security with business continuity and organisational durability, with proper implementation allowing the continuation of routine operations during adverse cyber incidents. Cyber hygiene, on the other hand, refers to having strong cyber security processes and procedures, to help the organisation mitigate the chance of an incident. The combination of both of these allows an organisation to reduce their likelihood of suffering a cyber incident, whilst improving their likelihood of continuing operations in the event of such an incident.
Sources: [Information Week] [Security Boulevard]
Why Governance, Risk and Compliance Must be Integrated with Cyber Security
With pressure from regulators, the evolving threat landscape and requirements for stronger oversight, governance, risk and compliance (GRC) has even more of an argument for alignment with cyber security. After all, cyber security is still security. Incorporating cyber security into the GRC programme of an organisation allows for cyber to become a business enabler.
Source: [CSO Online]
More and More UK Firms Concerned About Insider Threats
A report has found that 54% of UK business decision makers are concerned about the likelihood of their employees disclosing sensitive information or providing network access to fraudsters. In a separate report, 35% of respondents cited overworked and distracted staff making mistakes as a reason why they thought their business experienced insider risk. Certainly, insider risk does not just involve malicious employees; it can also include negligence and in some cases, employees may not be trained enough to identify the risk they are placing on the organisation such as not knowing or following an organisation’s call back procedure. It is important for organisations to consider whether their current training addresses this and whether the programme is doing enough to ensure that insider risk is mitigated.
Source: [Infosecurity Magazine]
98% of Businesses Linked to Breached Third Parties
A new report has found that 98% of organisations are associated with a third party that has experienced a breach, and these breaches often take months or more to be discovered. 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services. Third party security is an important part of an organisation’s cyber security and to manage it correctly, organisations need to implement a third party risk management programme.
Source: [Help Net Security]
Phishing, Smishing and Vishing Skyrocket 1,265%
According to a report, since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%. Despite different techniques, these attacks all have one focus, and that’s on the user. Organisations looking to protect themselves should consider a blend of mitigations, including advanced email filtering, enabling multi-factor authentication and arguably the most important, effective user education and awareness training. This training should go beyond ticking boxes, by instead teaching employees how to both recognise and report phishing attempts.
A separate report analysed over 1 billion emails. Some of the key findings included that the majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are on the rise. When it came to spoofs, Microsoft was the most spoofed entity and financial services were amongst those most targeted sectors.
Source: [Bleeping Computer] [Help Net Security] [Security Affairs]
Business Email Compromise Attacks Are Evolving, But What Can Be Done About It
Business Email Compromise (BEC) attacks remain a dominant danger, with a staggering $51 billion lost over the last decade. A recent report underscores the prevalence of email as the primary battlefield, far outstripping other cyber attack methods. The low-cost, high-reach nature of email makes it an attractive starting point for cyber criminals. As organisations embrace cloud-based infrastructures, these attacks have morphed, presenting new challenges. Attackers have progressed from direct phishing attempts, to compromising business partners, vendors and other third parties. In this arms race, artificial intelligence (AI) assumes a pivotal role as an essential ally, efficiently discerning between benign and malicious content. This development signifies a significant milestone in the realm of email security resilience.
Source: [ITPro]
Vulnerabilities Count Set to Rise by 25% in 2024
The cyber threat landscape is rapidly evolving, with an anticipated 25% increase in published systems vulnerabilities for 2024. This surge, reaching approximately 2,900 vulnerabilities per month, underscores the critical need for robust vulnerability management strategies. Vulnerabilities serve as prime entry points for ransomware actors, heightening the urgency for organisations to fortify their defences. However, the sheer volume of vulnerabilities poses a daunting challenge for security and IT teams already thinly stretched. Timely risk-scoring remains a significant issue, leaving defenders vulnerable to exploits with threat actors often gaining a head start. Honeypot data reveals a concerning uptick in scans targeting remote desktop protocol (RDP), with businesses running end-of-life (EOL) software at heightened risk. In this dynamic cyber security climate, proactive risk management and expert intervention, such as Managed Detection and Response (MDR), are imperative to safeguarding against emerging threats.
Source: [Help Net Security]
BYOD Increases Mobile Phishing; Risks Have Never Been Higher
The risk of cyber attacks looms large, with stolen employee login credentials serving as a prime target for malicious actors. Mobile phishing has emerged as a significant threat, with data revealing a surge in encounter rates, especially in hybrid work environments and amid Bring Your Own Device (BYOD) policies. Personal devices, once considered outside the realm of corporate security, now pose substantial risks, as attackers exploit social engineering schemes to breach organisational networks. The financial implications of a successful phishing attack are staggering, with estimates suggesting potential losses of up to $4 million for organisations. As phishing encounter rates continue to rise, it's imperative for businesses to bolster their security strategies, ensuring comprehensive protection against mobile phishing threats across all employee devices. To navigate this evolving landscape and safeguard sensitive data, organisations must stay vigilant and adopt proactive measures.
Source: [MSSP Alert]
What Companies Should Know About Rising Legal Threats
The cyber security landscape is witnessing a significant shift as legal actions increasingly target both corporations and individual security officers. Recent cases including lawsuits by Tesla against ex-employees for cyber security breaches and charges by regulatory bodies like the US FTC and SEC, underscore the mounting legal risks associated with cyber security breaches. Notably, private companies are not exempt from such liabilities, facing scrutiny from authorities, regulators, customers and other affected parties. This environment has prompted many cyber security leaders to reconsider their roles, with concerns raised about the future of the profession. Amidst escalating threats and enforcement actions, there's a pressing need for enhanced cyber security budgets, robust risk-based controls and proactive audits or other independent assurance.
Source: [Darkreading]
CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments
As organisations embrace the cloud, CIOs recognise that a one-size-fits-all approach may not be optimal. Many now favour a nuanced strategy, shifting workloads from public clouds to platforms offering productivity gains and cost savings; a trend known as ‘cloud exit.’ CIOs are rethinking cloud strategies, assessing each application’s suitability and fostering context-aware hosting decisions.
This comes as a recent advisory issued jointly by cyber security agencies from the UK, US, Australia, Canada, and New Zealand reveals that Russian cyber espionage units, including APT29 and Cozy Bear, are adapting tactics to target cloud environments used by both public and private organisations. These sophisticated attacks pose significant threats across industries. Implementing basic cloud security measures is crucial to regularly evaluate dormant accounts, limit system-issued token validity, and enforce stringent device policies. As cloud adoption rises, prioritise cyber security fundamentals for effective defence.
Sources: [CyberScoop] [CIO]
Governance, Risk and Compliance
Why governance, risk, and compliance must be integrated with cyber security | CSO Online
Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista
The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week
Why Cyber Resilience May Be More Important Than Cyber Security (informationweek.com)
Beating the drum on cyber risk: the battle for boardroom attention - Risk.net
What is cyber hygiene and why businesses should know about it - Security Boulevard
Bridging the Gap: Connecting Cyber Security Spending to Business Results - Security Boulevard
What Companies & CISOs Should Know About Rising Legal Threats (darkreading.com)
Essential Guide To Security Metrics For Businesses (informationsecuritybuzz.com)
Essential Guide To Information Security Compliance (informationsecuritybuzz.com)
Mastering Risk Management: The Art Of Effective Strategy (informationsecuritybuzz.com)
The CISO: 2024’s Most Important C-Suite Officer (forbes.com)
UK Unveils Draft Cyber Security Governance Code - Infosecurity Magazine (infosecurity-magazine.com)
Cyber security 'blind spot' leaves businesses exposed - Accountancy Age
Building Your Cyber Incident Response Team - Security Boulevard
9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)
AWS on why CISOs should track 'the metric of no' | TechTarget
2024 will see more cyber threats emerge – here is what SMEs need to know | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Stages of LockBit Grief: Anger, Denial, Faking Resurrection? (inforisktoday.com)
What CISOs Need To Know About The Lockbit Takedown - Security Boulevard
Ransomware crews lean into infostealers for initial access • The Register
78% of Organisations Suffer Repeat Ransomware Attacks After Paying (claimsjournal.com)
Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)
Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)
What Are Ransomware Attacks and Can They Be Stopped? Explainer - Bloomberg
Study: Ransom payment not a shield against future attacks | SC Media (scmagazine.com)
FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (bleepingcomputer.com)
Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)
Is Now the Right Time for a Ransomware Payment Ban? (govtech.com)
What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future
3 Ways Your Organisation Could Be Susceptible To Ransomware Attacks (forbes.com)
What the war on terrorism teaches us about the war on ransomware | SC Media (scmagazine.com)
Cyber criminals follow the money to hit manufacturing sector • The Register
Why your legitimate software is not safe from ransomware attacks (networkingplus.co.uk)
Ransomware Victims
Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust | WIRED
LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - Security Week
Rhysida ransomware wants $3.6 million for children’s stolen data (bleepingcomputer.com)
Stolen Donald Trump Court Files Will Be Published February 29, Hackers Say (forbes.com)
Epic Games attacked by new ransomware group Mogilevich | SC Media (scmagazine.com)
Hackers claim to have stolen 7GB of data from Irish Department of Foreign Affairs | Independent.ie
Insomniac Games alerts employees hit by ransomware data breach (bleepingcomputer.com)
German Steelmaker Thyssenkrupp Confirms Ransomware Attack - Security Week
US pharmacy outage caused by Blackcat attack on Optum (securityaffairs.com)
MGM Resorts Says Regulators Probing September Cyber Attack (claimsjournal.com)
Phishing & Email Based Attacks
European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack - Help Net Security
Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security
BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert
SMBs are being targeted by this new phishing scam — make sure you don't fall victim | TechRadar
Need to Know: Key Takeaways from the Latest Phishing Attacks (bleepingcomputer.com)
Unmasking 2024's Email Security Landscape (securityaffairs.com)
Registrars can now block all domains that resemble brand names (bleepingcomputer.com)
Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails | TechSpot
Other Social Engineering
Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security
The Silent Threat: Why Vishing is Causing Major Problems for Businesses - Security Boulevard
Registrars can now block all domains that resemble brand names (bleepingcomputer.com)
How to stay safe from cyber criminal "quishing" attacks | TechRadar
Artificial Intelligence
Blackstone's Schwarzman sees peril in “not bright” criminals getting their hands on AI | Fortune
AI threats: The importance of a concrete strategy in fighting novel attacks | ITPro
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)
AI in cyber security presents a complex duality - Help Net Security
AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)
Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)
Cyber experts raise AI fears security fears in Parliament | IT Reseller Magazine (itrportal.com)
UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)
BEAST AI attack can break LLM guardrails in a minute • The Register
2FA/MFA
Malware
Ransomware crews lean into infostealers for initial access • The Register
BobTheSmuggler: Open-source tool for undetectable payload delivery - Help Net Security
New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT (thehackernews.com)
North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub (thehackernews.com)
GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica
Pikabot returns with new tricks up its sleeve - Help Net Security
TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users (thehackernews.com)
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)
CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)
Cloud-focused malware campaigns on the increase (betanews.com)
New Backdoor Targeting European Officials Linked to Indian Diplomatic Events (thehackernews.com)
Mobile
BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert
Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023 (darkreading.com)
Meet 'XHelper,' the All-in-One Android App for Global Money Laundering (darkreading.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
U-Haul says 67K customers' data was stolen in cyber attack • The Register
Pharma giant hit by major cyber attack — Cencora confirms data was stolen | TechRadar
Organised Crime & Criminal Actors
Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista
8 Worrying Cyber Security Statistics You Need to Know in 2024 (tech.co)
It’s only February and cyber crime is already running rampant (techinformed.com)
Scottish Police Face Toil and Trouble From Cyber Crime (govinfosecurity.com)
How active adversaries divide labour to more effectively target victims | SC Media (scmagazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
SonicWall: Cryptojacking Attacks Spike 659% in 2023 | MSSP Alert
Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
Insider Risk and Insider Threats
Are remote workers at greater risk of cyber security threats? | TechRadar
Understanding employees' motivations behind risky actions - Help Net Security
The human element of cyber security: Why people are the ultimate defence. (thecyberwire.com)
Insurance
Supply Chain and Third Parties
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)
98% of businesses linked to breached third parties - Help Net Security
Cloud/SaaS
Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)
Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
Your Data Has Moved to the Cloud: Can Your Security Strategy Keep Up? | MSSP Alert
Cloud-focused malware campaigns on the increase (betanews.com)
Identity and Access Management
How organisations can navigate identity security risks in 2024 - Help Net Security
Echoes of SolarWinds in New 'Silver SAML' Attack Technique (darkreading.com)
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Rights groups file GDPR suits on Meta's pay-or-consent model • The Register
Meta Patches Facebook Account Takeover Vulnerability - Security Week
Malvertising
How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED
Google faces $2.27 billion lawsuit over advertising practices (searchengineland.com)
Training, Education and Awareness
Cyber awareness education is a change-management initiative | CSO Online
Cyber Security Training Not Sticking? How to Fix Risky Password Habits (bleepingcomputer.com)
4 Ways Organisations Can Drive Demand for Software Security Training (darkreading.com)
Creating a cyber security training curriculum for SMBs and MSPs | TechRadar
9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)
Regulations, Fines and Legislation
81% of security leaders predict SEC rules will impact their businesses | Security Magazine
Orgs Face Major SEC Penalties for Failing to Disclose Breaches (darkreading.com)
Getting Ahead of Cyber Security Materiality Mayhem - Security Boulevard
UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)
Backup and Recovery
Models, Frameworks and Standards
NIST Adds “Govern” Function to Cybersecurity Framework | MSSP Alert
Top 3 NIST Cyber Security Framework 2.0 takeaways | SC Media (scmagazine.com)
Data Protection
UK ICO issues warning on biometric employee tracking, guidance for businesses | Biometric Update
Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)
Rights groups file GDPR suits on Meta's pay-or-consent model • The Register
UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
A Perfect Cyber Storm is Leading to Burnout | Network Computing
The Next Gen of Cyber Security Could Be Hiding in Big Tech (darkreading.com)
Lost to the Highest Bidder: The Economics of Cyber Security Staffing - Security Boulevard
Law Enforcement Action and Take Downs
Is the LockBit gang resuming its operation? (securityaffairs.com)
Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)
Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica
US Official Warns Of China’s Growing Offensive Cyber Power – Analysis – Eurasia Review
Chinese Cyber Espionage Set To Ramp Up This Year (forbes.com)
The Drums of US-China Cyber War by Stephen S. Roach - Project Syndicate (project-syndicate.org)
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)
The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED
Foreign Firms in China Flag Lack of Feedback on Data Security (bloomberglaw.com)
Beijing Silent Over Russia's Reported War-Gaming of China Invasion
Russia
Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica
Russia may have just carried out its first direct action against the West (yahoo.com)
Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)
Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)
Cyber Security Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat (thehackernews.com)
Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)
Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)
Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)
Russia warns of "military-technical" response to Sweden's NATO membership (newsweek.com)
Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)
Beijing Silent Over Russia's Reported War-Gaming of China Invasion
Russia subjected to deluge of nation-state, hacktivist cyber threats | SC Media (scmagazine.com)
How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED
Iran
North Korea
Vulnerability Management
Vulnerabilities
Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)
Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)
Cisco Patches High-Severity Vulnerabilities in Data Center OS - Security Week
CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)
Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities (thehackernews.com)
Critical Flaw in Popular 'Ultimate Member' WordPress Plugin - Security Week
Meta Patches Facebook Account Takeover Vulnerability - Security Week
MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs (darkreading.com)
Citrix, Sophos software impacted by 2024 leap year bugs (bleepingcomputer.com)
Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns | CyberScoop
Zyxel fixed four bugs in firewalls and access points (securityaffairs.com)
Tools and Controls
The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week
Cyber awareness education is a change-management initiative | CSO Online
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)
How Zero Trust Data Detection & Response is Changing the Game - Security Boulevard
APIs become the leading attack vector, cyber security research shows (securitybrief.co.nz)
How organisations can navigate identity security risks in 2024 - Help Net Security
9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)
Artificial Arms Race: What Can Automation and AI do to Advance Red Teams - Security Week
Savvy Seahorse gang uses DNS CNAME records to power investor scams (bleepingcomputer.com)
Cloud Apps Make the Case for Pentesting-as-a-Service (darkreading.com)
Other News
Cyber attacks on UK law firms on the rise - Spear's (spearswms.com)
IntelBroker claimed the hack of the Los Angeles International Airport (securityaffairs.com)
It's time to stop trusting your antivirus software | Digital Trends
Three new advanced threat groups targeted industrial organisations last year | CSO Online
What’s on the Radar for Aviation Industry Cyber Security? - Security Boulevard
Business leaders warn of rising cyber security threat | The Herald (heraldscotland.com)
Why Health Care Is Top Target for Cyber Criminals (govtech.com)
RCMP investigating cyber attack as its website remains down (bleepingcomputer.com)
Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 December 2023
Black Arrow Cyber Threat Intelligence Briefing 08 December 2023:
-Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year
-Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says Government
-NCSC CTO Cyber Security is Essential, Not Optional
-69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs
-75% of Sports Related Passwords are Reused Across Accounts
-Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift
-Ransomware, Vendor Hacks Push Breach Number to Record High
-Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure
-Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?
-US Government Agency Was Hacked Thanks to 'End of Life' Software
-Digital Transformation, Security Implications, and their Effects on The Modern Workplace
-Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach
-Report Reveals Sorry State of Cyber Security at UK Football Clubs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year
A survey of more than 1,200 UK businesses of all sizes across multiple industries conducted by Aviva found that a fifth of UK businesses were victims to cyber attacks in the past year. The report found that businesses were 67% more likely to have experienced a cyber incident than a physical theft and five times more likely to have experienced a cyber attack than a fire.
When it came to the fallout from a cyber attack, 31% of businesses experienced operational disruption and 20% admit to not being confident in knowing what to do should this happen. This lack of confidence rises to more than a quarter (27%) for small businesses, who appear to be the most vulnerable to such a risk. Financially, the average incident was found to cost £21,000, however this figure is likely to be more given the further implications that result from a cyber attack.
Sources: [Insurance Age] [theHRD] [Infosecurity Magazine]
Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says UK Government
The UK government has accused Russia's Federal Security Service (FSB), successor to the KGB, of conducting a prolonged cyber hacking campaign since at least 2015, targeting politicians, journalists, academics, and others through sophisticated attacks that included the creation of false accounts. This accusation, part of a coordinated effort with the US, aims to disrupt FSB operations and raise awareness ahead of major elections. This comes as a recent report by Palo Alto Networks' Unit 42 found that the Russia-linked APT28 group, also known as “Forest Blizzard” or “Fancybear,” has exploited a Microsoft Outlook vulnerability to target European NATO members. Active since 2007 and linked to the Russian military, APT28's recent campaigns have focused on government, energy, transportation, and NGOs in the US, Europe, and the Middle East. These incidents highlight the critical need for enhanced cyber security measures and international cooperation to counter sophisticated and evolving cyber threats, ensuring the security of sensitive sectors and the integrity of global democratic processes.
Sources: [BBC News] [ Security Affairs]
NCSC CTO: Cyber Security is Essential, Not Optional
Ollie Whitehouse, Chief Technology Officer (CTO) of the UK’s NCSC has argued in a recent keynote that extra security features should not be a premium feature, highlighting the importance of vendors adopting a secure-by-design method, rather than implementing security upcharges where vendors charge extra for users to secure their product.
The speech also noted that organisations should utilise the tools that are already available to them, on top of maintaining a focus on user awareness.
Sources: [Infosecurity Magazine] [Dark Reading]
69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs
According to a survey, 75% of respondents reported being targeted by ransomware in the past year, and of those, 69% paid the ransom. 54% of those who paid the ransom, suffered financial ramifications of $100,000 or more. It is unclear whether the research includes further implications such as regulatory fines, loss of work, reputational damage, and cost of down-time.
A separate study found that ransomware attacks costs are directly contributing to rising inflation in the UK, as businesses face an average increase of 17% to their costs following an attack. Cumulatively, 68% of the companies represented in the survey reported they had increased prices by at least 11% as a direct result of suffering an attack. In addition, of those falling victim to ransomware, 70% believed their business would have to close if they suffered another attack. When it came to the time lost to dealing with ransomware, companies took an average of two months to recover from an attack and 16% took between three and six months.
Sources: [ITPro] [Beta News] [Security Magazine]
75% of Sports Related Passwords are Reused Across Accounts
According to a recent Bitwarden report, 33% of Americans have used a sports-themed password. This figure rose to 49% for those ages 18-34. Of those, 75% admitted to using it across multiple accounts. Password re-use a common issue globally: by re-using passwords, users are multiplying the likelihood of being breached by an attacker. Additionally, this can crossover to the corporate environment, where users’ personal breached credentials can be utilised to get into their corporate account.
Sources: [Security Magazine] [Help Net Security]
Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift
As ransomware continues to rise, we can expect groups to evolve their attacks, operating on a larger scale for bigger profits, especially following large-scale supply chain attacks in the past 12 months. Ransomware has solidified its position as the predominant security threat in 2023, with a record number of victims. A recent report highlighted a 46% increase in cyber extortion and ransomware attacks compared to previous years. This trend shows ransomware evolving into a profitable microcosm, akin to a startup ecosystem, with more groups emerging as disruptors and newcomers. In response, organisations are increasingly turning to services that lend-out cryptocurrency, a frequent ransomware payment method. With changing tactics and the formation of new groups, it's crucial for leaders to prepare their 2024 security strategies now, ensuring they have a robust plan in place to counter ransomware threats to their organisations.
Sources: [Barrons] [Help Net Security] [Computer Weekly]
Ransomware, Vendor Hacks Push Breach Number to Record High
The world is experiencing a significant rise in data breaches, reaching a record high with more than 360 million individuals affected in the first eight months of 2023 in the US alone, according to a joint report from Apple and an MIT researcher. This alarming increase includes a notable surge in ransomware attacks, which have escalated by nearly 70% compared to 2022. The healthcare sector is particularly vulnerable, with 60% of organisations reporting ransomware attacks in 2023, an increase from 34% in 2021. The largest health data breach this year impacted 11 million people at HCA Healthcare. A critical factor in these breaches is the exploitation of third-party vendors, as seen in attacks on Progress Software's MOVEit and Fortra's GoAnywhere applications. These incidents highlight the urgent need for organisations to prioritise data security, especially in managing relationships with vendors, to protect sensitive information and mitigate the growing threat of cyber attacks.
Source: [Info Risk Today]
Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure
News of one of the UK’s most high profile nuclear power stations, Sellafield, being hacked, with fears that highly sensitive information has been accessible for years, has led to new calls for the UK to tighten up security of its vital infrastructure. Rather worryingly, The Guardian have added that it discovered that authorities were unaware of its first compromise, but it has been detected as far back as 2015.
Sources: [Emerging Risks]
Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?
Conveyancing firms across the UK faced significant disruption when they discovered blank screens on their computers due to a problem originating from CTS, a cloud hosting provider widely used for legal applications. This unexpected issue led many within these affected firms to hastily purchase new laptops to regain partial access to emails and documents, but their case management systems remained largely inaccessible. Firms had to devise manual workarounds to keep transactions moving, amidst concerns about the safety of client data and funds. While most firms have found ways to progress with exchanges and completions, the reliance on cumbersome manual processes and limited access to client data and financial systems has more than doubled the workload. This situation raises several questions about the preparedness and resilience of paperless (or paper-light) office environments, the adequacy of backup systems, and potential compensation for those inconvenienced. The immediate focus, however, is on collaborative efforts to ensure as many clients as possible can move into their new homes before Christmas.
Source: [Property Industry Eye]
US Government Agency Was Hacked Thanks to 'End of Life' Software
The US Cyber security and Infrastructure Security Agency (CISA) recently issued a warning about two cyber attacks on an undisclosed federal agency, exploiting a vulnerability in outdated Adobe ColdFusion software. This software, now end-of-life, no longer receives updates, leaving the agency vulnerable and unable to apply security patches. The attacks, which occurred in June and July, appeared to be reconnaissance efforts to map the agency's network, with no evidence of malware installation or data exfiltration. However, it's unclear if the same hackers were behind both incidents. Microsoft Defender for Endpoint detected and limited the hackers' activities. This situation underscores the significant risks associated with running end-of-life software, highlighting the need for organisations to update or replace such software to protect against potential cyber threats.
Source:[ TechCrunch]
Digital Transformation, Security Implications, and their Effects on The Modern Workplace
The vast majority of digital transformation projects will have implications for your cyber security, yet too often this is overlooked with the focus on delivery of the project or the functionality it will bring. Thinking about security after the fact is not only more expensive and less efficient, but can also mean dangerous gaps remaining open in the meantime. In this era, where remote work and public network access are prevalent, the lack of a robust cyber security framework significantly undermines the digital transformation process. Continuous employee education on digital threats and proactive cyber security measures are not just add-ons but essential components of a successful digital transformation. As businesses move towards 2024, integrating advanced cyber security practices is as crucial as adopting new technologies for a truly effective and secure digital transformation.
Source:[ Forbes]
Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach
With 90% of the largest energy companies globally experiencing a third-party breach in the past 12 months, it is no wonder the sector is shaken. In the US, 100% of the top 10 US energy providers suffered a breach and in total, 98% of the organisations in the research used at least one third party vendor that had experienced a breach in the last two years.
Third-party breaches are a concern for any organisation. It is important to know who has access to your organisation’s data, and what security controls they have in place to protect it. Organisations can benefit from firstly identifying who has their information and then conducting supply chain risk assessments to understand what information is held and how it is protected.
Sources: [Help Net Security]
Report Reveals Sorry State of Cyber Security at UK Football Clubs
A new report reveals a concerning lack of cyber resilience within UK football clubs, extending from the Premier League downwards. The industry, increasingly targeted by cyber attacks, suffers from a disconnect between the perceived and actual risk levels. Key findings include a general lack of cyber maturity, outdated approaches to cyber security, and a scarcity of dedicated IT and cyber security roles, including Chief Information Security Officers (CISOs). Despite significant financial investments in players, there's reluctance from club boards to allocate sufficient resources for cyber security. The report underscores the need for comprehensive training, increased awareness of security risks across all levels of club operations, and the hiring of dedicated cyber security professionals. This situation calls for an industry-wide standard for cyber security budgets, scaled according to the club's size and turnover, to adequately address these emerging digital threats.
Source: [Computer Weekly]
Governance, Risk and Compliance
A fifth of UK businesses victims of cyber attacks in past year - Insurance Age
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
Digital Transformation And Its Effects On The Modern Workplace (forbes.com)
UK Cyber CTO: Vendors' Security Failings Are Rampant (darkreading.com)
Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)
2024 will see wave after wave of cyber attacks | theHRD (thehrdirector.com)
Doing More With Less: Cyber Security Tools And Budget Efficiency (forbes.com)
Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard
SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)
CISOs are getting more help after cyber attacks, but often it isn't helping | TechRadar
Cyber and remote working: How Covid moved the cursor | Computer Weekly
Why effective cyber security is more important than ever for European family offices | Campden FB
Building cyber-resilience: Security, compliance, governance, and privacy - Digital Journal
Massive Consolidated Lawsuit Blazes Trail for Hacking Litigation (bloomberglaw.com)
Threats
Ransomware, Extortion and Destructive Attacks
69% of organisations facing ransomware attacks paid the ransom | Security Magazine
2023 may have seen highest ransomware ‘body count’ yet | Computer Weekly
Cyber attacks surge in 2023, as millions fall victim to ransomware: Report (yahoo.com)
Ransomware attack costs are driving up inflation in the UK | ITPro
Ransomware ramped up against private sector in November | TechTarget
BlackCat threatens to directly extort vendor's customers • The Register
New wave of ransomware attacks plague US critical infrastructure post-Thanksgiving (axios.com)
How Ransomware Gangs Are Fueling a New Cyber Security Arms Race - Barron's (barrons.com)
Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)
Expert warns of Turtle macOS ransomware (securityaffairs.com)
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)
Linux version of Qilin ransomware focuses on VMware ESXi (bleepingcomputer.com)
LockBit Remains Top Global Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)
Wanted: top three most prolific ransomware gangs revealed! (techinformed.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Ransomware Victims
60 US credit unions offline after cloud ransomware infection • The Register
'Thousands' affected by cyber attack on conveyancing platform (thenegotiator.co.uk)
Western Isles Council 'counting cost' of November's cyber attack - BBC News
Austal USA Investigates Cyber Attack Claimed by Ransomware Group (darkreading.com)
Almost 440K individuals affected by cyber attack on Proliance Surgeons (WA) | HealthLeaders Media
Phishing & Email Based Attacks
Black Friday phishing attacks, and other cyber security news | World Economic Forum (weforum.org)
US aerospace firm downed by spearphishing attack | SC Media (scmagazine.com)
Booking.com users angry at firm's response to hacks - BBC News
Hershey warns of data breach following phishing attack (therecord.media)
This huge Russian phishing campaign is hitting targets across the world | TechRadar
ChatGPT builder helps create scam and hack campaigns - BBC News
Artificial Intelligence
ChatGPT builder helps create scam and hack campaigns - BBC News
Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law
Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek
How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)
Exploring the impact of generative AI in the 2024 presidential election - Help Net Security
Put guardrails around AI use to protect your org, but be open to changes - Help Net Security
Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek
Proliferation of AI-driven Attacks Anticipated in 2024 (itsecuritywire.com)
Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law
Researchers automated jailbreaking of LLMs with other LLMs - Help Net Security
Malware
Fake WordPress security advisory pushes backdoor plugin (bleepingcomputer.com)
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)
Agent Racoon Backdoor Targets Organisations in Middle East, Africa, and US (thehackernews.com)
Mac users are being targeted again with dangerous malware - here's what to know | TechRadar
Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)
New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand (thehackernews.com)
Hackers switch from email attacks to downloads (therecord.com)
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)
Mobile
Android users warned about new threat after one victim loses $280K - PhoneArena
December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)
94 Vulnerabilities Patched in Android with December 2023 Security Updates - SecurityWeek
Top mobile password managers could be exposing user details | TechRadar
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)
SpyLoan Android malware on Google Play downloaded 12 million times (bleepingcomputer.com)
Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)
Apple and some Linux distros are open to Bluetooth attack • The Register
Denial of Service/DoS/DDOS
Internet of Things – IoT
EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)
Customizing Cyber Security For Critical Infrastructure In Smart Cities (forbes.com)
Data Breaches/Leaks
23andMe to Book Up to $2M in Cyber Security Breach Expenses - MarketWatch
After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica
23andMe updates user agreement to prevent data breach lawsuits (bleepingcomputer.com)
23andMe confirms hackers stole ancestry data on 6.9 million users | TechCrunch
23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)
Data breach debacle hits yet another UK public sector org • The Register
Fortune-telling website WeMystic exposes 13M+ user records (securityaffairs.com)
Hackers Claim to Have Stolen Data From Naval Shipyard Austal USA (maritime-executive.com)
Hershey warns of data breach following phishing attack (therecord.media)
Nissan is investigating cyber attack and potential data breach (bleepingcomputer.com)
GST Invoice Billing Inventory exposes sensitive data to threat actors (securityaffairs.com)
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Organised Crime & Criminal Actors
Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)
Police Arrests 1000 Suspected Money Mules - Infosecurity Magazine (infosecurity-magazine.com)
Online crime risks are doubling: Are cyber criminal groups starting to merge? - Digital Journal
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)
Platypus exploiters walk free after claiming to be ‘ethical hackers’ (cointelegraph.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Insider Risk and Insider Threats
Insurance
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)
Brokers urged to deliver cyber threat message (emergingrisks.co.uk)
Hot Topics to Consider for 2024 D&O Questionnaires | Bryan Cave Leighton Paisner - JDSupra
Supply Chain and Third Parties
Third-party breaches shake the foundations of the energy sector - Help Net Security
Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)
60 US credit unions offline after cloud ransomware infection • The Register
Tipalti investigates claims of data stolen in ransomware attack (bleepingcomputer.com)
Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek
BlackCat threatens to directly extort vendor's customers • The Register
Cloud/SaaS
60 US credit unions offline after cloud ransomware infection • The Register
Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk (thehackernews.com)
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts (thehackernews.com)
More oversight needed for cloud in banking, say regulators - Tech Monitor
Encryption
Cracking Weak Cryptography Before Quantum Computing Does (darkreading.com)
HSBC tests protecting FX trading from quantum computer attacks (yahoo.com)
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek
Linux and Open Source
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)
Apple and some Linux distros are open to Bluetooth attack • The Register
Passwords, Credential Stuffing & Brute Force Attacks
75% of sports-related passwords are reused across accounts | Security Magazine
New Relic admits attack on staging systems, user accounts • The Register
After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica
23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)
Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)
Top mobile password managers could be exposing user details | TechRadar
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)
More oversight needed for cloud in banking, say regulators - Tech Monitor
Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek
SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)
Interpol Arrests Smuggler With New Biometric Screening Database (darkreading.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Sellafield nuclear site 'hit by cyber attacks from Russian and Chinese hackers' - Tech Monitor
Sellafield nuclear site under ‘robust scrutiny’ over cyber security fears (telegraph.co.uk)
UK government denies China/Russia nuke plant hack claim • The Register
Russia
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - BBC News
NCSC exposes Russian cyber attacks on UK political processes | Computer Weekly
UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador (therecord.media)
2 Russian intel officers charged with hacking into US and British government agencies (nbcnews.com)
Russia's APT8 exploited Outlook 0day to target EU NATO members (securityaffairs.com)
Fancy Bear goes phishing in US, European high-value networks • The Register
This huge Russian phishing campaign is hitting targets across the world | TechRadar
Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)
Iran
Breaches by Iran-Affiliated Hackers Spanned Multiple US States, Federal Agencies Say - SecurityWeek
US, Israel Warn of Iranian-Linked Cyber Attacks on Water Systems - Bloomberg
North Korea
Vulnerability Management
CISA says US government agency was hacked thanks to ‘end of life’ software | TechCrunch
CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop
Key drivers of software security for financial services - Help Net Security
Vulnerabilities
Sticking With Windows 10 Instead Of Upgrading? Get Ready To Pay For Security Updates (slashgear.com)
Quick: Update iPhones and Macs – WebKit security hole found • The Register
VMware Patches Critical Authentication Bypass Bug | Decipher (duo.com)
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)
Notepad++ Input Validation Flaw Leads Search Path Vulnerability (cybersecuritynews.com)
December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)
94 Vulnerabilities Patched in Android With December 2023 Security Updates - SecurityWeek
Adobe ColdFusion flaw exploited in US government agency attacks (stackdiary.com)
Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks (thehackernews.com)
Dangerous vulnerability in fleet management software seemingly ignored by vendor | CyberScoop
Future Intel, AMD and Arm CPUs Vulnerable to New 'SLAM' Attack: Researchers - SecurityWeek
Tools and Controls
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
How to recover systems in the event of a cyber attack | Computer Weekly
How Financial Institutions Can Navigate the ‘Operational Resilience' imperative (finextra.com)
How to solve 2 MFA challenges: SIM swapping and MFA fatigue | TechTarget
Why you should create a physical security standard for your company (securitybrief.co.nz)
Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard
New 'Pool Party' Process Injection Techniques Undetected by EDR Solutions - SecurityWeek
Best 10 Best Cyber Attack Maps - 2024 (cybersecuritynews.com)
Brokers urged to deliver cyber threat message (emergingrisks.co.uk)
Proactive, not reactive: the path to ensuring operational resilience in cyber security | CSO Online
Cyber Security: How to Demonstrate Resilience and Hygiene - Techopedia
Cyber Security Insurance: Once Optional, Now Essential (informationweek.com)
When Should You Replace A Cyber Security Vendor? (forbes.com)
Are companies falling behind on cyber security awareness training? | CTV News
Other News
NATO’s Flagship Cyber Exercise Concludes In Estonia – Eurasia Review
Ofcom publishes UK age verification proposals • The Register
Microsoft Hires New CISO in Major Security Shakeup - SecurityWeek
US aerospace companies are facing dangerous new cyber attacks | TechRadar
Report reveals sorry state of cyber security at UK football clubs | Computer Weekly
2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks (govtech.com)
Nuclear hack creates rising fears of cyber vulnerability in critical services (emergingrisks.co.uk)
The World Depends on 60-Year-Old Code No One Knows Anymore | PCMag
Public sector has misplaced confidence in cyber security (securitybrief.co.nz)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.