Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape

The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.

The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.

Sources: [ITPro] [The Debrief]

Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge

The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.

However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.

Sources: [ITPro] [Law Society] [Security Brief] [Financial Times]  [Infosecurity Magazine]

Researcher Uncovers One of The Biggest Password Dumps in Recent History

Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.

Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.

Source: [Ars Technica]

Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023

Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.

Source: [Infosecurity Magazine]

75% of Organisations Hit by Ransomware in 2023

A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.

Source: [Infosecurity Magazine]

The Dangers of Quadruple Blow Ransomware Attacks

With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.

This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.

Source: [TechRadar]

Human Error and Insiders Expose Millions in UK Law Firm Data Breaches

UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.

Source: [Infosecurity Magazine]

It’s a New Year and a Good Time for a Cyber Security Checkup

2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.

Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.

Source: [JDSupra]

Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster

Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.

In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.

Source: [The Hacker News]

Cyber Threats Top Global Business Risk Concern for 2024

Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.

Source: [Insurance Journal]

Generative AI has CEOs Worried About Cyber Security, PwC Survey Says

A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company.  When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.

Source: [Quartz]

With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too

As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.

Source: [Dark Reading]

Digital Resilience: a Step Up from Cyber Security

In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [CSO Online] [Financial Times]

Governance, Risk and Compliance

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• JPMorgan suffers 45bn cyber attacks a day (ft.com)

• Improving Supply Chain Security, Resiliency (informationweek.com)

• Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)

• As hacks worsen, SEC turns up the heat on CISOs | TechCrunch

• It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Digital resilience – a step up from cyber security | CSO Online

• How to Recover After Failing a Cyber Security Audit - Security Boulevard

• Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK

• Cyber incident response impaired by stress | SC Media (scmagazine.com)

• Key Considerations for Successful Cyber Security Supply Chain Risk Management (C-SCRM) - Security Boulevard

• Security considerations during layoffs: Advice from an MSSP - Help Net Security

• Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)

• InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

• Applying the Tyson Principle to Cyber Security: Why Attack Simulation is Key to Avoiding a KO (thehackernews.com)

• How to improve cyber resilience across your workforce (ft.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• UK finance firms faced a torrent of ransomware attacks in 2023 as threat actors ramped up activities | ITPro

• Veeam Data Protection Trends Report 2024 Finds Cyber Attacks the #1 Cause of Business Outages | Business Wire

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

• Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)

• The Top 10 Ransomware Groups of 2023 - Security Boulevard

• 3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)

• Ransomware causes mental, physical trauma to security pros • The Register

• The dangers of quadruple blow ransomware attacks | TechRadar

• Ransomware: how financial institutions can prepare to react quickly through regulatory compliance (finextra.com)

• Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert

• Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security

• Outsmarting Ransomware’s New Playbook - SecurityWeek

• TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)

• Ransomware negotiation: When cyber security meets crisis management - Help Net Security

Ransomware Victims

• Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)

• Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)

• British Library to share learning from cyber attack - Museums Association

• British Library starts restoring services online after hack - BBC News

• British cosmetics firm Lush confirms cyber attack (therecord.media)

• Delay to Manx Care dental services after cyber attack - BBC News

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

• Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)

• A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar

• Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)

Phishing & Email Based Attacks

• Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar

• Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Vendor Email Attacks Surged by 137% in Financial Sector in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Modular laptop maker Framework contacts customers after phishing scheme hooks internal spreadsheet packed with personal data | Tom's Hardware (tomshardware.com)

• US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar

• Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)

• Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security

• US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

• Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard

Artificial Intelligence

• AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)

• Adversaries exploit trends, target popular GenAI apps - Help Net Security

• The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)

• The power of AI in cyber security - Help Net Security

• Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security

• AI Could Make Cyber Threats Harder to Detect (newswise.com)

• If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

2FA/MFA

• Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)

• Out with the old and in with the improved: MFA needs a revamp - Help Net Security

• MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)

Malware

• GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)

• Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)

• Data-theft malware exploits Windows Defender SmartScreen • The Register

• Windows PCs targeted by dangerous new threat that even gets around Defender - and even though there's a fix, you could still be at risk | TechRadar

• MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)

• 5 malware mistakes most people make while traveling and trying to charge (nypost.com)

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine (infosecurity-magazine.com)

• Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)

• Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar

• JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard

• $80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)

• Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)

• Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)

• Securing Public Sector Against IoT Malware in 2024 - Security Boulevard

Mobile

• 5 malware mistakes most people make while traveling and trying to charge (nypost.com)

• New Tool Identifies Pegasus and Other iOS Spyware - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Environmental Websites Hit by DDoS Surge in COP28 Crossfire - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Your washing machine could be sending 3.7 GB of data a day — LG washing machine owner disconnected his device from Wi-Fi after noticing excessive outgoing daily data traffic | Tom's Hardware (tomshardware.com)

• Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)

• Modernising print security for today’s working world | TechRadar

• Securing Public Sector Against IoT Malware in 2024 - Security Boulevard

Data Breaches/Leaks

• Human Error and Insiders Expose Millions in UK Law Firm Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Insufficient cyber security caused PSNI data breach  (iapp.org)

• Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360

• Modular laptop maker Framework contacts customers after phishing scheme hooks internal spreadsheet packed with personal data | Tom's Hardware (tomshardware.com)

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

Organised Crime & Criminal Actors

• Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)

• GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)

• Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard

• Illegal online casinos spread crypto-crime across Asia • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine (infosecurity-magazine.com)

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Illegal online casinos spread crypto-crime across Asia • The Register

Insider Risk and Insider Threats

• Human Error and Insiders Expose Millions in UK Law Firm Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Preventing insider access from leaking to malicious actors - Help Net Security

Insurance

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)

• Fighting ransomware: A guide to getting the right cyber security insurance | SC Media (scmagazine.com)

Supply Chain and Third Parties

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)

• Improving Supply Chain Security, Resiliency (informationweek.com)

• Key Considerations for Successful Cyber Security Supply Chain Risk Management (C-SCRM) - Security Boulevard

Cloud/SaaS

• Insurance website's buggy API leaked Office 365 password • The Register

• As Enterprise Cloud Grows, So Do Challenges (darkreading.com)

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• 3 ways to combat rising OAuth SaaS attacks - Help Net Security

• FBI: Beware of cloud-credential thieves building botnets • The Register

• Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)

Identity and Access Management

• Digital nomads amplify identity fraud risks - Help Net Security

Encryption

• New Report Charts Roadmap To A Quantum-Secure Financial System – Eurasia Review

Passwords, Credential Stuffing & Brute Force Attacks

• Researcher uncovers one of the biggest password dumps in recent history | Ars Technica

• GitHub scrambles to rotate keys after credentials in production containers were potentially exposed | ITPro

• Insurance website's buggy API leaked Office 365 password • The Register

• FBI: Beware of cloud-credential thieves building botnets • The Register

Social Media

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Latest Adblock update causes massive YouTube performance hit (bleepingcomputer.com)

Training, Education and Awareness

• The right strategy for effective cyber security awareness - Help Net Security

• Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard

• How to improve cyber resilience across your workforce (ft.com)

Regulations, Fines and Legislation

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

• As hacks worsen, SEC turns up the heat on CISOs | TechCrunch

• IT consultant in Germany fined for exposing shoddy security • The Register

• Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register

• A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK

• Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard

• Home improvement marketers dial up trouble from regulator • The Register

Models, Frameworks and Standards

• 10 cyber security frameworks you need to know about - Help Net Security

• NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST

Backup and Recovery

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

Data Protection

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

Careers, Working in Cyber and Information Security

• Ransomware causes mental, physical trauma to security pros • The Register

• Protecting the protectors: combating stress in the cyber security industry | The Independent

• Best practices to mitigate alert fatigue - Help Net Security

• Universities not delivering the right skills for cyber security (betanews.com)

Law Enforcement Action and Take Downs

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK

Misinformation, Disinformation and Propaganda

• Staying cyber secure in the age of misdirection | The Independent

• FBI Warns of More Election Chaos in 2024 (darkreading.com)

• Election Security 2024: Biggest Cyber Threats and Practical Solutions - Infosecurity Magazine (infosecurity-magazine.com)

• OODA Loop - Elections Are Coming: Time to Sound Misinformation’s Clarion Call… Again

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• Cyberwar continues to underperform (reason.com)

Nation State Actors

China

• End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)

• Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)

• Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)

• China warns of AirDrop de-anonymisation flaw • The Register

Russia

• FBI Warns of More Election Chaos in 2024 (darkreading.com)

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)

• Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)

• Russia finds way around sanctions on battlefield tech: report – POLITICO

• Moscow imports a third of battlefield tech from western companies (ft.com)

• Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop

• Ukrainian hackers successfully attack payment website of one of Russia's regional energy companies (yahoo.com)

Iran

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Threat-hunter says Iran is stepping up the sophistication of its cyber attacks (therecord.media)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• Ukrainian hackers successfully attack payment website of one of Russia's regional energy companies (yahoo.com)

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)

• New Tool Identifies Pegasus and Other iOS Spyware - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Why we must bring order to cyber vulnerability chaos | TechRadar

Vulnerabilities

• CISA: Critical SharePoint vuln is under active exploitation • The Register

• Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)

• Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)

• Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)

• VMware Urges Customers to Patch Critical Aria Automation Vulnerability  - SecurityWeek

• Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)

• Two more Citrix NetScaler bugs exploited in the wild • The Register

• Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)

• Millions of GPUs from Apple, AMD and Qualcomm have a serious security flaw — and it could put literally all your data at risk if it isn't fixed | TechRadar

• End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)

• Apple Magic Keyboards are at risk from security attacks – update now to protect your Mac or iPad | TechRadar

• Windows 10 security update requires some major changes - experts only need apply | TechRadar

• GitLab Patches Critical Password Reset Vulnerability - SecurityWeek

• Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)

• Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek

• Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek

• Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)

• New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica

• China warns of AirDrop de-anonymisation flaw • The Register

• Drupal Releases Security Advisory for Drupal Core | CISA

• Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)

Tools and Controls

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Digital resilience – a step up from cyber security | CSO Online

• If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online

• Key elements for a successful cyber risk management strategy - Help Net Security

• Preventing insider access from leaking to malicious actors - Help Net Security

• Applying the Tyson Principle to Cyber Security: Why Attack Simulation is Key to Avoiding a KO (thehackernews.com)

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• As Enterprise Cloud Grows, So Do Challenges (darkreading.com)

• Best practices to mitigate alert fatigue - Help Net Security

• Modernising print security for today’s working world | TechRadar

• APIs in peril: Wallarm's latest report exposes uptick in API attacks and highlights security predictions for 2024 | Business Wire

• MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)

• Cyber incident response impaired by stress | SC Media (scmagazine.com)

• Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)

• InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)

• Digital nomads amplify identity fraud risks - Help Net Security

• Out with the old and in with the improved: MFA needs a revamp - Help Net Security

• The right strategy for effective cyber security awareness - Help Net Security

• SOC-as-a-Service: The Five Must-Have Features - Security Boulevard

Other News

• Post Office scandal latest: MPs 'shocked' by evidence from Fujitsu and Post Office boss - as victims Alan Bates and Jo Hamilton say they were 'gaslit' | UK News | Sky News

• Post Office syndrome: why we’re more vulnerable than ever to Horizon-like computer systems | The Independent

• What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)

• How news organisations became a prime target for cyber attacks (pressgazette.co.uk)

• UK doubles spending on overseas cyber security projects (ft.com)

• Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)

• NCSC Builds New “Cyber League” Threat Tracking Community - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy

Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).

Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.

https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/

• Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim

Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.

The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.

Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.

https://www.itweb.co.za/content/mYZRX79g8gRqOgA8

• SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups

Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.

Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.

SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.

https://www.csoonline.com/article/3697648/smbs-and-regional-msps-are-increasingly-targeted-by-state-sponsored-apt-groups.html#tk.rss_news

• IT Employee Piggybacked on Cyber Attack for Personal Gain

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.

The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.

“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.

While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.

https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/

• Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More

Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.

Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.

https://www.techradar.com/news/ransomware-threats-are-growing-and-targeting-microsoft-devices-more-and-more

• Microsoft Reports Jump in Business Email Compromise (BEC) Activity

Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.

Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.

Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.

https://www.csoonline.com/article/3697152/microsoft-reports-jump-in-business-email-compromise-activity.html#tk.rss_news

• Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions

The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.

Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.

Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.

https://venturebeat.com/security/forrester-predicts-2023-top-cybersecurity-threats-generative-ai-geopolitical-tensions/

• Advanced Phishing Attacks Surge 356% in 2022

A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.

The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.

Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.

https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security

Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.

To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.

https://www.securityweek.com/todays-cyber-defense-challenges-complexity-and-a-false-sense-of-security/

• Almost All Ransomware Attacks Target Backups

Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.

According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.

Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.

With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.

https://www.computerweekly.com/news/366538492/Almost-all-ransomware-attacks-target-backups-says-Veeam

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.

The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.

https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/

• Half of All Companies were Impacted by Spearphishing in 2022

Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.

The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.

The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.

https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.

There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.

https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool

Governance, Risk and Compliance

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• The Rising Threat of Secrets Sprawl and the Need for Action (thehackernews.com)

• Mass resignations, layoffs seen as major threat to corporate cyber security - The Korea Times

• Improving Cyber security Requires Building Better Public-Private Cooperation (darkreading.com)

• Cyber Defence: Council conclusions stress the importance of further strengthening the EU resilience to face cyber threats - Consilium (europa.eu)

• 5 Cyber security Woes That Threaten Digital Growth (analyticsinsight.net)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• What Security Professionals Need to Know About Aggregate Cyber Risk (darkreading.com)

• Where to Focus Your Company’s Limited Cyber security Budget (hbr.org)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (darkreading.com)

• Today’s Cyber Defence Challenges: Complexity and a False Sense of Security - SecurityWeek

• The biggest threats are always those we fail to predict - Big Think

• How continuous security monitoring is changing the compliance game - Help Net Security

• Forrester predicts 2023's top cyber security threats: From generative AI to geopolitical tensions | VentureBeat

• 50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy - Infosecurity Magazine (infosecurity-magazine.com)

• Defining CISOs, CTOs, and CIOs' Roles in Cyber security (analyticsinsight.net)

Threats

Ransomware, Extortion and Destructive Attacks

• 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns (darkreading.com)

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Backup Repositories Targeted in 93% of Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware threats are growing, and targeting Microsoft devices more and more | TechRadar

• Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (bleepingcomputer.com)

• FIN7 gang returned and was spotted delivering Clop ransomware - Security Affairs

• Fortinet survey finds 78% of organisations felt prepared for ransomware attacks, yet half still fell victim | ITWeb

• Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking (darkreading.com)

• Cyble — New Ransomware Wave Engulfs over 200 Corporate Victims

• Updated 'StopRansomware Guide' warns of shifting tactics | TechTarget

• The Week in Ransomware - May 19th 2023 - A Shifting Landscape (bleepingcomputer.com)

• US saw 45% fewer ransomware victims posted on the dark web | Security Magazine

• BlackCat ransomware takes control of protected computers via new kernel driver | SC Media (scmagazine.com)

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• Ransomware tales: The MitM attack that really had a Man in the Middle – Naked Security (sophos.com)

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (thehackernews.com)

• Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (thehackernews.com)

Ransomware Victims

• Food Distributor Sysco Says Cyber Attack Exposed 126,000 Individuals - SecurityWeek

• Suzuki motorcycle plant shut down by cyber attack (bitdefender.com)

• February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million - Security Affairs

• Iowa hospital discloses breach following Royal ransomware leak | TechTarget

• Arms maker Rheinmetall confirms BlackBasta ransomware attack (bleepingcomputer.com)

• Mazars Group allegedly breached by BlackCat | Cybernews

• Dish Network says February ransomware attack impacted +300K - Security Affairs

• Philly Inquirer disputes Cuba ransomware gang's leak claims • The Register

• Dorchester school IT system held to ransom in cyber attack - BBC News

• BlackByte lists city of Augusta after cyber 'incident' • The Register

Phishing & Email Based Attacks

• Advanced Phishing Attacks Surge 356% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of companies had spearphishing puncture wounds in 2022 (techrepublic.com)

• Microsoft 365 phishing attacks use encrypted RPMSG messages (bleepingcomputer.com)

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• Threat actors exploit new channels for advanced phishing attacks - Help Net Security

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Phishing campaign targets ChatGPT users - Help Net Security

BEC – Business Email Compromise

• Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog

• Microsoft reports jump in business email compromise activity | CSO Online

• Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool (darkreading.com)

Artificial Intelligence

• Employees are banned from using ChatGPT at these companies | Fortune

• When the tech boys start asking for new regulations, you know something’s up | John Naughton | The Guardian

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• 6 ChatGPT risks for legal and compliance leaders - Help Net Security

• 5 Ways Hackers Will Use ChatGPT For Cyber attacks (informationsecuritybuzz.com)

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

• How to avoid shadow AI in your SOC - Help Net Security

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing campaign targets ChatGPT users - Help Net Security

• The Security Hole at the Heart of ChatGPT and Bing | WIRED UK

2FA/MFA

• Cyber criminals masquerading as MFA vendors - Help Net Security

Malware

• New PowerExchange malware backdoors Microsoft Exchange servers (bleepingcomputer.com)

• Hackers Use Weaponised DOCX File to Deploy Stealthy Malware (gbhackers.com)

• Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware (thehackernews.com)

• Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware (thehackernews.com)

• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)

• Threat actors leverage kernel drivers in new attacks | TechTarget

• BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

• Legion Malware Upgraded to Target SSH Servers and AWS Credentials (thehackernews.com)

• AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

• New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

• Google Unveils Bug Bounty Program For Android Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Botnets

• How smart bots are infecting and exploiting the internet - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Denial of Service/DoS/DDOS

• Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry (thehackernews.com)

Internet of Things – IoT

• Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

• How Connected Car Cyber Risk will Evolve (trendmicro.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

Data Breaches/Leaks

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• Luxottica confirms 2021 data breach after info of 70M leaks online (bleepingcomputer.com)

• Hackers steal the SSN of nearly 6 million people (pandasecurity.com)

• Food Distributor Sysco Says Cyber attack Exposed 126,000 Individuals - SecurityWeek

Organised Crime & Criminal Actors

• Inside the Mind of a Cyber Attacker | Tactics, Techniques, and Procedures (TTPs) Every Security Practitioner Should Know

• IT employee piggybacked on cyber attack for personal gain - Help Net Security

• Child hackers: How are kids becoming sophisticated cyber criminals? | Euronews

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• Cyber criminals masquerading as MFA vendors - Help Net Security

• The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)

Insider Risk and Insider Threats

• How to prevent against the 5 main types of insider threats - IT Security Guru

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Get-rich-quick schemes, pyramids and ponzis: five signs you're being scammed (theconversation.com)

• Uncle Sam tries to wrangle 'money mules' • The Register

• Scammers Using ChatGPT "Fleeceware" Apps to Cash In on AI Hype, Sophos Report - MSSP Alert

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Ads for lucrative jobs in Asia may be tech slavery scams • The Register

• Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

• Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)

• IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)

• Banking, tech and telecoms groups combine to gather intelligence on scammers | Financial Times (ft.com)

Supply Chain and Third Parties

• Capita under fire after ‘confidential’ files published online (thetimes.co.uk)

• SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• New Cyber Security Training Packages Launched to Manage Supply Chain Risk - NCSC

Software Supply Chain

• GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains (thehackernews.com)

Cloud/SaaS

• Phishers use encrypted file attachments to steal Microsoft 365 account credentials - Help Net Security

• UK councils caught in Capita unsecured AWS bucket data leak • The Register

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• Google Cloud Bug Allows Server Takeover From CloudSQL Service (darkreading.com)

Attack Surface Management

• The Need to Isolate Branch Offices in High-Risk Countries (darkreading.com)

Identity and Access Management

• 7 access management challenges during M&A - Help Net Security

• Think security first when switching from traditional Active Directory to Azure AD | CSO Online

Encryption

• Quantum attack would trigger Great Depression, think tank warns | SC Media (scmagazine.com)

API

• API bug in OAuth dev tool opened websites, apps to account hijacking | SC Media (scmagazine.com)

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• What is API Security? | Definition from TechTarget

• The fragmented nature of API security ownership - Help Net Security

Open Source

• PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Inactive accounts pose significant account takeover security risks | CSO Online

• What’s a Double-Blind Password Strategy and When Should It Be Used (bleepingcomputer.com)

• Netflix's Password-Sharing Ban Offers Security Upsides (darkreading.com)

Biometrics

• Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

Social Media

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Pentagon explosion hoax goes viral after verified Twitter accounts push (bleepingcomputer.com)

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

Training, Education and Awareness

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Realistic simulations are transforming cyber security training - Help Net Security

Travel

• Online scams target bargain-hunting holiday travelers - Help Net Security

• Four ways your devices can be hacked in hotels and how to stay safe | This is Money

• Tips to Protect Against Holiday and Airline Scams - IT Security Guru

Parental Controls and Child Safety

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Regulations, Fines and Legislation

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop

Models, Frameworks and Standards

• NIST Launches Cyber security Initiative for Small Businesses (securityintelligence.com)

• New security model launched to eliminate 95% of cyber breaches - IT Security Guru

Backup and Recovery

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

Data Protection

• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)

• Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How to become a bug bounty hunter: Getting started | TechTarget

Law Enforcement Action and Take Downs

• UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)

• 79-year-old woman tricks German scammers into getting arrested (iamexpat.de)

Privacy, Surveillance and Mass Monitoring

• Smartphones with Qualcomm chips found to be transmitting users' private data without consent - Dimsum Daily

• WhatsApp now lets you hide your messages from prying eyes. But is Chat Lock a cheaters’ charter? | Technology | The Guardian

• UK police to 'embed' facial recog but oversight is at risk • The Register

• Abuse of government spying powers: What's to worry about? • The Register

• Reflections on Ten Years Past The Snowden Revelations (ietf.org)

Misinformation, Disinformation and Propaganda

• Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Opinion: Cyber war and (no) peace (insuranceinsider.com)

• Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)

• Russia's War in Ukraine Shows Cyber attacks Can Be War Crimes (darkreading.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (thehackernews.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (thehackernews.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• What’s Russia Planning? (informationsecuritybuzz.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• What’s Russia Planning? (informationsecuritybuzz.com)

• United Nations official and others in Armenia hacked by NSO Group spyware | Hacking | The Guardian

• Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)

Nation State Actors

• APT attacks: Exploring Advanced Persistent Threats and their evasive techniques (malwarebytes.com)

• SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups | CSO Online

• NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED

• A TikTok ban isn't a data security solution. It will be difficult to enforce – and could end up hurting users (theconversation.com)

• Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica

• GoldenJackal: Threat Risk For Organisations In Middle East & South Asia (informationsecuritybuzz.com)

• North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)

• N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware (thehackernews.com)

• Fata Morgana Watering Hole Attack Targets Shipping, Logistics Firms - Infosecurity Magazine (infosecurity-magazine.com)

• A deeper insight into the CloudWizard APT's activity revealed a long-running activity - Security Affairs

• Five Eyes and Microsoft accuse China US infrastructure raids • The Register

• Iranian hackers use new Moneybird ransomware to attack Israeli orgs (bleepingcomputer.com)

• Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop

• GCHQ warns of fresh threat from Chinese state-sponsored hackers | Hacking | The Guardian

• New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Five Eyes agencies detail how Chinese hackers breached US infrastructure - Help Net Security

• Lazarus Group Striking Vulnerable Windows IIS Web Servers (darkreading.com)

• 'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns (darkreading.com)

Vulnerability Management

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Fresh perspectives needed to manage growing vulnerabilities - Help Net Security

• Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert

• How to check for new exploits in real time? VulnCheck has an answer | CSO Online

Vulnerabilities

• 12 vulnerabilities newly associated with ransomware - Help Net Security

• Vulnerability in WordPress Google Analytics Plugin Hits +3 Million Websites (searchenginejournal.com)

• Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)

• Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws (informationsecuritybuzz.com)

• Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)

• Microsoft: Windows issue causes file copying, saving failures (bleepingcomputer.com)

• GitLab 'strongly recommends' patching max severity flaw ASAP (bleepingcomputer.com)

• 83C0000B: The error code that means a software update bricked your HP printer (bitdefender.com)

• CISA adds iPhone bugs to Known Exploited Vulnerabilities catalog - Security Affairs

• Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security

• Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)

• Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App - IT Security Guru

Tools and Controls

• Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek

• Malicious links and misaddressed emails slip past security controls - Help Net Security

• Making The Most Of A Penetration Test: The Organisational Perspective (forbes.com)

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• CMOs & CISOs: Uniting for Stronger Brands (cmswire.com)

• Investigating Risks Through Threat Hunting Capability Guide (informationsecuritybuzz.com)

• Realistic Cyber security Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds - MSSP Alert

• A New Look for Risk in Awareness Training (darkreading.com)

• Almost all ransomware attacks target backups, says Veeam | Computer Weekly

• How continuous security monitoring is changing the compliance game - Help Net Security

• Blacklist untrustworthy apps that peek behind your firewall - Help Net Security

• How generative AI is reshaping the identity verification landscape - Help Net Security

• What is API Security? | Definition from TechTarget

• Are Your APIs Leaking Sensitive Data? (thehackernews.com)

• The fragmented nature of API security ownership - Help Net Security

• Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans (darkreading.com)

• Cutting Through the Noise: What is Zero Trust Security? - SecurityWeek

• CISO-level tips for securing corporate data in the cloud - Help Net Security

• 6 ways generative AI chatbots and LLMs can enhance cyber security | CSO Online

• 'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)

• China hits back after Microsoft says state-sponsored group hacked critical US infrastructure | Financial Times

• Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar

• Attributes of a mature cyber-threat intelligence program | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.