Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Social Engineering is the Biggest Cyber Threat, as Study Finds Most Workers Have Clicked on a Suspicious Email Link

According to a recent report, half of office workers have clicked on a link or attachment within a suspicious email sent to their work address within the last 12 months, and of those that interacted with the email, half of them claimed to be confident in their ability to identify phishing emails.

With 68% of breaches involving the human element, your organisation must be cognisant of its employees. Hackers know that no matter what your tech stack is, you will always have employees and where there is an employee, there is a way into your organisation. It is far cheaper to exploit an employee who already has the access you require, than to develop a new exploit. It only takes one human to make a mistake by granting access to an attacker.  

When it came to training, only 41% of respondents said their employer had provided formal cyber security awareness training and 79% said their previous training is not sufficient to keep pace with modern cyber threats.

Source: [HackerNoon] [BusinessPlus]

Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor

A recent report commissioned by BT reveals that 86% of UK business leaders suffer from 'tech-related stress,' particularly concerning AI and cyber security, a phenomenon they have termed as 'Bytmares.' The report found that 59% of business leaders worry about the rapid and relentless pace of tech advancement, and whether appropriate controls are in place to protect it.

According to a different survey, 74% of business leaders view cyber security incidents as the main disruptive threat to their organisations either currently or over the next twelve months. This was followed by cloud computing, internet of things and artificial intelligence.

These findings highlight the critical importance of robust cyber security measures in today’s interconnected world. As organisations increasingly rely on digital infrastructure, safeguarding sensitive data and systems becomes paramount. Cyber threats can disrupt operations, compromise customer trust, and result in financial losses. Remember, cyber security is not just an IT concern; it is a strategic imperative for every organisation.

Sources: [Beta News] [Telecoms] [Verdict]

ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before

A recent update from the UK’s Information Commissioner’s Office (ICO) has revealed that ransomware attacks in the UK have surpassed all previous years, up 52% from the previous year. The report found that finance, retail and education sectors are suffering the most incidents.

The leading causes of breaches include phishing, brute force attacks, errors and supply chain attacks. The ICO noted that many organisations still neglect basic cyber security measures and has called for enhanced efforts to combat the escalating threat, emphasising the importance of foundational controls.

Sources: [Tech Monitor] [Government Business] [The Record Media] [Tech Monitor]

Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks

The latest Verizon Business Data Breach Investigations Report (DBIR) highlights that employee error is the leading cause of cyber security incidents in the EMEA region, accounting for 49% of cases. The top reasons for these incidents are “miscellaneous errors, system intrusion, and social engineering,” making up 87% of all breaches. Hackers primarily target personal information (64%), internal data (33%), and login credentials (20%). Despite zero-day vulnerabilities being a significant threat, with exploitation rising to 14% of breaches, the report emphasises the critical need for ongoing employee training and awareness to mitigate these risks.

Source: [TechRadar]

Why Cyber Insurance isn’t a Substitute for Cyber Risk Management

While cyber insurance can be beneficial in mitigating financial loss from cyber attacks, it is not a substitute for comprehensive cyber risk management. Many firms with cyber insurance have still fallen victim to attacks, highlighting that cyber insurance primarily transfers residual risk. Effective cyber risk management includes conducting proper risk assessments and implementing robust cyber security controls. Cyber insurance cannot resolve issues like business disruption, breach of client confidentiality, and compliance with legal obligations; this stresses the need for proactive measures and independent assurance to protect against cyber threats.

Source: [ Law Society of Scotland]

China Presents Defining Challenge to Global Cyber Security, Says GCHQ

A recent speech by the new director of the UK’s GCHQ highlighted China's growing cyber threat, describing it as an "epoch-defining challenge." She warned that China's destabilising actions undermine global internet security. The current head of the UKs’ NCSC echoed these concerns, pointing to the Chinese state-sponsored hacking group Volt Typhoon which has infiltrated critical sectors like energy and transportation. The National Cyber Director at the White House added that China’s cyber capabilities pose a significant threat to global infrastructure, particularly in crisis scenarios, as Chinese hackers increasingly use sophisticated techniques to pre-position within networks.

Source: [Infosecurity Magazine]

Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign

Since April, millions of phishing emails have been sent through a botnet known as “Phorpiex” to conduct a large-scale LockBit Black ransomware campaign. In a warning from New Jersey’s Cybersecurity and Communications Integration Cell, it was explained that the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The emails are sent from 1,500 unique IP addresses worldwide.

Sources: [Bleeping Computer]

Global Financial Stability at Risk Due to Cyber Threats, IMF warns

A new International Monetary Fund (IMF) report highlights the severe threat cyber attacks pose to global financial stability, revealing that nearly 20% of reported cyber incidents in the past two decades targeted the financial sector, causing $12 billion in direct losses. Since 2020, these attacks have led to an estimated $2.5 billion in direct losses. The report underscores that cyber incidents threaten financial institutions' operational resilience, potentially leading to funding challenges and reputational damage. The IMF calls for bolstered cyber security measures, including stress testing, information-sharing arrangements, and enhanced national cyber security strategies to mitigate these growing risks.

Source: [World Economic Forum]

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

An ongoing social engineering campaign that is bombarding enterprises with spam calls and emails has been uncovered. The campaign involves a threat actor overwhelming a user’s email with junk, followed by a call offering to assist in removing the junk. From here, the threat actor aims to convince the victim to download remote monitoring and management software such as AnyDesk or Microsoft’s built in Quick Assist feature to allow the attacker remote access to the victim’s machine.

Source: [The Hacker News]

Santander Data Breach via Third-Party Provider Impacted Customers and Employees

A recent disclosure by the Spanish bank Santander revealed a data breach at a third-party provider affecting customers in Chile, Spain, and Uruguay. Unauthorised access to a database hosted by the provider compromised information on all current and some former employees, but did not include transactional data, online banking details, or passwords. Santander said they swiftly implemented measures to contain the incident, blocking access to the compromised database and enhancing fraud prevention controls. The bank assured that its operations and systems remain unaffected, allowing customers to continue transacting securely. The number of impacted individuals remains unspecified.

There is a continued trend in third party providers being used as the soft underbelly to attack larger and better defended organisations, requiring all organisations to consider the security controls of their third parties.

Source: [securityaffairs.com]

40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs

Recent research has revealed that 40% of cyber teams have not reported a cyber attack due to the fear of losing their job. Unfortunately, this leaves businesses at risk of being non-compliant, without even knowing so. When it came to challenges faced by organisations, it was found that nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyber attacks and 32% did not have the resources to hire new staff. This is not to say however, they are unable to outsource some of their cyber function to cyber specialists. This lack of allocated resources prevents the organisation from being confident that any incidents have been appropriately remediated.

Source: [Business Wire]

Digital Resilience – a Step Up from Cyber Security

In an increasingly digital world, many organisations are unaware of how truly reliant they are on digital technology, and the accompanying risks. As we move toward an even more digitally dependent future, the need for digital resilience is more critical than ever. Digital resilience refers to the ability to maintain, change, or recover technology-dependent operations. Organisations should begin with an internal audit to assess their digital resilience, involving all departments and ensuring senior management oversight, as board involvement is essential for effective cyber security programmes.

Digital resilience goes beyond cyber security to encompass change management, business resilience, and operational risk. Implementing digital resilience strategies requires continuous adaptation, cross-functional collaboration, and embedding resilience thinking throughout the organisation. Businesses must integrate digital resilience into their strategic planning to ensure ongoing competitiveness and adaptability in an ever-evolving digital landscape.

Sources: [CSO Online] [CSO Online]

UK Lags Europe on Exploited Vulnerability Remediation

A new report by Bitsight reveals that UK organisations lag behind their European counterparts in remediating software flaws listed in the US ‘Known Exploited Vulnerability’ (KEV) catalogue. UK organisations take an average of 225 days to address KEVs, compared to 220 days for European entities and just 21 days for German organisations. Non-KEV vulnerabilities are patched at an even slower rate, with UK entities taking over two years (736 days) to patch. Globally, the average time to resolve KEVs is around six months (180 days). Despite fewer KEVs detected in UK environments (30% versus 43% in Europe), the slow remediation poses significant risks, emphasising the need for faster and more proactive cyber security measures, specifically robust vulnerability scanning and patching.

Source: [Infosecurity Magazine]

Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments

A recent discussion at the British Insurance Brokers' Association (BIBA) conference highlighted the increasing importance of cyber security for businesses, driven by the surge in cyber attacks and the use of AI by criminal gangs. Zurich Resilience Solutions UK noted that businesses face greater scrutiny from underwriters over their cyber exposures.

BIBA, together with the Association of British Insurers (ABI), and the International Underwriting Association (IUA), have united with the UK’s National Cyber Security Centre (NCSC) in a joint effort to tackle ransom payments. As a result of their collaboration, they have published new best practice guidance, which aims to reduce the number of payments being made by UK victims as well as the disruption businesses face.

Source: [Emerging Risks] [NCSC] [Infosecurity Magazine]

Governance, Risk and Compliance

• ICO calls on all organisations to boost their cyber security amid growing threat of cyber attacks | Practical Law (thomsonreuters.com)

• Firms neglecting cyber security basics - ICO - CIR Magazine

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Business leaders consider cyber security main disruptor – Q1 2024 survey - Verdict

• 40% of Cyber Teams Have Not Reported Cyber Attacks Over Fear of Losing Jobs, According to New VikingCloud Research | Business Wire

• The Growing Cyber Security Disconnect Leaves Enterprises Exposed (forbes.com)

• Cyber Security Is a Top Investor Concern | HackerNoon

• Cyber threats demand more focus – Zurich (emergingrisks.co.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Keep it secret, keep it safe: the essential role of cyber security in document management | CSO Online

• Cyber anxiety on the rise in the UK (betanews.com)

• UK business leaders are stressing out over pace of technological change (telecoms.com)

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• 44% of Cyber Security Professionals Struggle with Regulatory Compliance - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attacks threaten global financial stability, IMF warns | World Economic Forum (weforum.org)

• BISO: Enhancing cyber security in modern enterprises - SiliconANGLE

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• What Is Cyber Risk Quantification? | HackerNoon

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• A Third of CISOs Have Been Dismissed “Out of Hand” By the Board - Infosecurity Magazine (infosecurity-magazine.com)

• Maximizing cyber security ROI: A strategic approach | TechRadar

• Many CISOs don't feel they get the right respect from their board | TechRadar

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Lloyd’s updates cyber war wordings - Reinsurance News

• Are you meeting your cyber insurance requirements? - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• UK hit by more ransomware and cyber attacks last year than ever before (therecord.media)

• The ups and downs (and ups again) of the ransomware risk - Digital Journal

• Hackers Target Children of Corporate Executives in Ransomware Attacks (businessinsider.com)

• CISA: Black Basta ransomware breached over 500 orgs worldwide (bleepingcomputer.com)

• Cyber attacks leave significant financial impact on hacked organisations (kwch.com)

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• The UK may not have a choice on a ransomware payment ban | Computer Weekly

• 64% Jump in Ransomware Claims on Remote Access Tools, Report Shows (claimsjournal.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Organisations struggle to defend against ransomware - Help Net Security

• Ransomware statistics that reveal alarming rate of cyber extortion - Help Net Security

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Ransomware negotiator weighs in on the payment debate • The Register

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

• INC ransomware source code selling on hacking forums for $300,000 (bleepingcomputer.com)

• What is ransomware recovery? | Definition from TechTarget

• Ransomware Defence Strategies: Never Trust a Criminal (inforisktoday.com)

Ransomware Victims

• More than 470 legal actions against HSE over cyber attack (rte.ie)

• It's been a bad week for public cyber security | TechRadar

• Christie's Just Postponed the Rare Watches Auction Due to Cyber Attack (robbreport.com)

• Singing River Health System: Data of 895,000 stolen in ransomware attack (bleepingcomputer.com)

• Repeat Offenders: Black Basta’s Latest Healthcare Cyber Attack (informationweek.com)

• E-prescription provider MediSecure impacted by a ransomware attack (securityaffairs.com)

Phishing & Email Based Attacks

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Most Workers Have Clicked on a Suspicious Email Link (businessplus.ie)

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• Stay In The Loop On Emerging And Evolving Email Threat Trends (informationsecuritybuzz.com)

• Collaboration tools are now at the frontline in the battle against phishing (securitybrief.co.nz)

• 5 Common Phishing Vectors and Examples - 2024 (cybersecuritynews.com)

BEC

• Visualizing Global Losses from Financial Scams (visualcapitalist.com)

Other Social Engineering

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Low-tech tactics still top the IT security risk chart | CSO Online

• Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls (thehackernews.com)

• What is vishing and quishing, and how do you protect yourself? | PCWorld

• Beware of fake calls, ward off cyber criminals: Govt - The Statesman

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

Artificial Intelligence

• UK Government Unveils New AI Cyber Security Measures as ICO Details Importance of Data Protection | The Fintech Times

• UK agency releases tools to test AI model safety | TechCrunch

• Security industry struggles to consolidate against AI threats - SiliconANGLE

• Cyber Security Races to Unmask New Wave of AI Deepfakes (darkreading.com)

• Only one-third of firms deploy safeguards against generative AI threats, report finds | CIO Dive

• CISOs Reconsider Their Roles in Response to GenAI Integration - Security Boulevard

• AI's rapid growth puts pressure on CISOs to adapt to new security risks - Help Net Security

• Insider Risk in the Generative AI Era - InfoRiskToday

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Concern over AI cyber threats among UK infrastructure organisations | Security News (sourcesecurity.com)

• The Cyber Security Survival Guide For Generative AI (forbes.com)

2FA/MFA

• How to Prevent Attacks that Bypass MFA - InfoRiskToday

Malware

• Malware was almost 50% of threat detections in Q1 2024 | Security Magazine

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Man destroys his laptop after downloading 1,000 viruses to see which anti-virus software works the best (unilad.com)

Mobile

• Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials (thehackernews.com)

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com)

• Apple warns of increased iPhone security risks – Computerworld

• Apple and Google agree on standard to alert people when unknown Bluetooth devices may be tracking them | TechCrunch

• Protect against iPhone trojan GoldPickaxe: How-to - 9to5Mac

• Unwanted Tracking Alerts Rolling Out to iOS, Android - Security Week

• Apple blocked $7 billion in fraudulent App Store purchases in 4 years (bleepingcomputer.com)

• Android boosting security with Theft Detection Lock, factory reset protection  (9to5google.com)

• Data Privacy: All the Ways Your Cellphone Carrier Tracks You and How to Stop It

• Your Android phone could have stalkerware — here’s how to remove it | TechCrunch

Internet of Things – IoT

• Attack makes autonomous vehicle tech ignore road signs • The Register

• Millions of IoT Devices at Risk From Integrated Modem (darkreading.com)

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• IoT Vulnerabilities and BotNet Infections: A Risk for Executives - Security Boulevard

Data Breaches/Leaks

• Over 5.3 billion data records exposed in April 2024 | Computer Weekly

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Notorious threat actor IntelBroker claims the hack of the Europol (securityaffairs.com)

• Hacker claims another breach into Dell systems | SC Media (scmagazine.com)

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• Hacker claims to have stolen Dell customer data, twice. Here's how to protect yourself | ZDNET

• Santander Data Breach Impacts Customers, Employees - Security Week

• Employee data breaches up 41% - Personnel Today

• The legal sector's data breach conundrum: insights from ICO's latest report - Solicitors Journal

• JPMorgan Chase Suffers Data Breach Affecting Personal Information of 451,809 Customers - The Daily Hodl

• JPMorgan Fixes Security Flaw, Affects 450K Retirement Plans | Entrepreneur

• Europol confirms incident after data break-in claims • The Register

• Largest non-bank lender in Australia warns of a data breach (bleepingcomputer.com)

• Guernsey data breaches: More than 1,000 people affected - BBC News

• Up to 120,000 affected by data breach at City of Helsinki (helsinkitimes.fi)

• Billion-Dollar Bank Sued After Revealing Massive Data Breach Affecting Thousands of Customers, Exposing Account Details, Social Security Numbers and Medical Information: Report - The Daily Hodl

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

• Camden Council cyber attack warning after NRS Healthcare cyber attack | Ham & High (hamhigh.co.uk)

• Lessons learned from high-profile data breaches | TechTarget

• Zscaler Confirms Only Isolated Test Server Was Hacked - Security Week

• Nissan North America data breach impacts over 53,000 employees (bleepingcomputer.com)

Organised Crime & Criminal Actors

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• FBI working towards nabbing Scattered Spider hackers, official says | Reuters

• Low-tech tactics still top the IT security risk chart | CSO Online

• The Growing Cyber Threat Landscape: Insights into State-Sponsored and Criminal Cyber Activities | HackerNoon

• Top 5 Most Dangerous Cyber Threats in 2024 (darkreading.com)

• Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Insider Risk and Insider Threats

• Low-tech tactics still top the IT security risk chart | CSO Online

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Insider Risk in the Generative AI Era - InfoRiskToday

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• CISOs call to ditch the 'stigma of blame' in cyber security (computing.co.uk)

Insurance

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• NCSC guide to help businesses facing ransomware demands (biba.org.uk)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• Lloyd’s provides tighter guidance on cyber war wordings | Insurance Insider

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Are you meeting your cyber insurance requirements? - Help Net Security

Supply Chain and Third Parties

• Most Companies Affected by Software Supply Chain Attacks in the Last Year, Struggling to Detect and React Effectively - IT Security Guru

• Santander: a data breach at a third-party provider impacted customers and employees (securityaffairs.com)

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

Cloud/SaaS

• How to create a cloud security policy, step by step | TechTarget

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Secrecy Concerns Mount Over Spy Powers Targeting US Data Centres | WIRED

Encryption

• You want us to think of the children? Couldn't agree more • The Register

Linux and Open Source

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Establishing a security baseline for open source projects - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• The 10 most common 4-digit PIN numbers — are you at risk of a cyber attack? (nypost.com)

Social Media

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

Training, Education and Awareness

• The Future of Security Awareness - GovInfoSecurity

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

Regulations, Fines and Legislation

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

• Nigeria Halts Cyber Security Tax After Public Outrage (darkreading.com)

Models, Frameworks and Standards

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

Careers, Working in Cyber and Information Security

• The cyber security skills shortage: A CISO perspective | CSO Online

• Why cyber security staff burn out, and what to do about it (computing.co.uk)

Law Enforcement Action and Take Downs

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Lloyd’s updates cyber war wordings - Reinsurance News

• Civil society under increasing threats from ‘malicious’ state cyber actors, US (therecord.media)

Nation State Actors

China

• Cyber threat landscape permanently altered by Chinese operations, US officials say (therecord.media)

• GCHQ boss says China's 'genuine' cyber threat 'weakens security of internet for all' | Science & Tech News | Sky News

• Tracking the Progression of Earth Hundun's Cyber espionage Campaign in 2024 | Trend Micro (US)

• When Chinese Nationalist Hackers Go Rogue (globelynews.com)

• Can't blame all Chinese cyber attacks on the government - Asia Times

• How the West has struggled to keep up with China’s spy threat - BBC News

• Stifling Beijing in cyber space big focus for UK operatives • The Register

• China focuses on non-military ways to take Taiwan, reports warn - Washington Times

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• Chinese Crime Ring Uses Franchise Model to Grow Fake Online Shops (businessinsider.com)

• Three men charged with aiding Hong Kong intelligence service, says Met | UK news | The Guardian

Russia

• Russia is ramping up sabotage across Europe (economist.com)

• File Not Found: Russia Is Hacking Evidence of Its War Crimes - War on the Rocks

• NATO Draws a Cyber Red Line in Tensions With Russia - Security Week

• Pro-Russia hackers targeted Kosovo government websites (securityaffairs.com)

• Russian Actors Weaponize Legitimate Services in Multi-Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK 'increasingly concerned' about Russian intelligence links to hacktivists (therecord.media)

• To the Moon and back(doors): Lunar landing in diplomatic missions (welivesecurity.com)

• New backdoors on a European government's network appear to be Russian (therecord.media)

• 'Russian' hackers deface potentially hundreds of local British news sites (therecord.media)

• Investigation: How Russia's Warplanes Get Their 'Brain Power' From The West, Despite Sanctions

• The Three Seas Initiative: A Vanguard in Digitization and Cyber Security | Warsaw Institute

Iran

• Iran most likely to launch destructive cyber attack on US • The Register

North Korea

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

Vulnerability Management

• Not Just MOVEit: 2023 Was a Banner Year for Zero-Days (inforisktoday.com)

• (Cyber) Risk = Probability of Occurrence x Damage (thehackernews.com)

• Critical vulnerabilities take 4.5 months on average to remediate - Help Net Security

• The Fall of the National Vulnerability Database (darkreading.com)

• Backlogs at National Vulnerability Database prompt action from NIST and CISA | CSO Online

• UK Lags Europe on Exploited Vulnerability Remediation - Infosecurity Magazine (infosecurity-magazine.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped - Infosecurity Magazine (infosecurity-magazine.com)

• Heartbleed: When Is It Good to Name a Vulnerability? (darkreading.com)

Vulnerabilities

• Google Chrome emergency update fixes 6th zero-day exploited in 2024 (bleepingcomputer.com)

• Google patches third exploited Chrome zero-day in a week (bleepingcomputer.com)

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com) 

• Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days (thehackernews.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day (darkreading.com)

• New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (thehackernews.com)

• Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  - Security Week

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• CISA and FBI Issue Alert on Path Traversal Vulnerabilities - Security Boulevard

• VMware Patches Severe Security Flaws in Workstation and Fusion Products (thehackernews.com)

• Firefox 126: Telemetry, privacy feature, and security fixes - gHacks Tech News

• SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Security Week

• Adobe Patches Critical Flaws in Reader, Acrobat - Security Week

• Cisco Releases Security Updates for Multiple Products | CISA

• Microsoft shares temp fix for Outlook encrypted email reply issues (bleepingcomputer.com)

Tools and Controls

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• How To Implement Threat Modeling To Protect Your Business - Minutehack

• How to create a cloud security policy, step by step | TechTarget

• Hackers use DNS tunneling for network scanning, tracking victims (bleepingcomputer.com)

• AWS CISO: In AI gold rush, folks forget application security • The Register

• What Is Cyber Risk Quantification? | HackerNoon

• Best Practices for Preparing for a Cyber Breach | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Ridding your network of NTLM | CSO Online

• Maximizing cyber security ROI: A strategic approach | TechRadar

• What is ransomware recovery? | Definition from TechTarget

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• Addressing the Cyber Security Vendor Ecosystem Disconnect (darkreading.com)

• The Future of Security Awareness - GovInfoSecurity

• Microsoft Deploys Generative AI for US Spies | WIRED

• How to Think About Foundation Models for Cyber Security | Andreessen Horowitz (a16z.com)

Reports Published in the Last Week

• Learning from the mistakes of others – A retrospective review | ICO

• 2024 Browser Security Report (layerxsecurity.com)

• At-Bay's 2024 InsurSec Report [Download Now]

• Kaspersky’s Incident Response Analyst report 2023 (kasperskycontenthub.com)

Other News

• Microsoft president summoned to House over security blunders • The Register

• National Cyber Security Centre: Tech market not working - The Business Magazine

• Critical infrastructure security needs everyone's help • The Register

• Your Hospital Is Under Cyber Attack. Now What? (newsweek.com)

• BT, TalkTalk, Virgin Media and Vodafone on UK Router Security and Upgrades - ISPreview UK

• Hackers use DNS tunnelling for network scanning, tracking victims (bleepingcomputer.com)

• NCSC CTO: Broken market must be fixed to usher in new tech • The Register

• Public Sector IT is Broken: Turning the System Back On - IT Security Guru

• The Cyber Security Implications Of Gen Z’s Tech-Savvy Lifestyle (forbes.com)

• Fortify Your Digital Defences: Top Home Cyber Security Strategies for Personal Protection | HackerNoon

• Classes cancelled as 'sinister' school cyber attacks rise - BBC News

• Irony abounds as UK NCSC’s simple door codes revealed • The Register

• Candidates to get cyber security support amid general election interference fears (nation.cymru)

• NCSC launches Share and Defend capability | UKAuthority

• Too many ICS assets are exposed to the public internet - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

A “Ridiculously Weak“ Password Causes Disaster for Spain’s Number 2 Mobile Carrier

Spain’s second largest mobile operator, Orange España, suffered a major outage after an unknown party obtained a “ridiculously weak” password and used it to access an account for managing the network that delivers the company’s internet traffic. The attacker had posted the account they had compromised, and researchers found that the associated system had been infected with a Raccoon type infostealer back in September of 2023. The compromised account was Orange’s RIPE administrator account, with the password “ripeadmin”. The incident led to a 50% drop in connections for a 4 hour period, and  underscores the critical importance of robust cyber security measures, including strong passwords, and serves as a stark reminder that even seemingly minor oversights can lead to significant disruptions.

Source: [Ars Technica]

Russia Kyivstar Hack Should Alarm the West, Ukraine Security Chief Warns

If Ukraine's core telephone network can be taken out, organisations in the West could easily be next, Ukraine's SBU chief says. December's cyber attack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actor ‘Sandworm’ dealt a catastrophic blow to the telecoms provider, according to Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cyber security department. It is believed that although the attack took place in December 2023, the threat actors likely had access to Kyivstar systems since May 2023.

Source: [Dark Reading]

23andMe Tells Victims It’s Their Fault Their Data Was Breached

A cyber incident at DNA data firm 23andMe started with credential stuffing 14,000 user accounts. Credential stuffing is the process by which a malicious actor uses previously harvested usernames and passwords from earlier unrelated breaches to break into other sites and services. Many of the 14,000 accounts had opted-in for a feature whereby information is shared with relatives, which meant that once compromised, attackers had access to 6.9 million users: nearly half of the user base.

Facing over 30 lawsuits from victims, 23andMe is now blaming victims, according to letters seen by victims. 23andMe stated “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe”. This has caused divide in the cyber world; on one side, recycling and failing to update passwords is poor cyber hygiene and on the other hand, there are technical controls that could have better prevented this type of well known and common attack.

Source: [TechCrunch] [The Register]

Financial Sector Faces More Cyber Attacks Than Other Sectors

A recent study found that more than three-quarters (77%) of financial organisations detected an attack on their infrastructures in 2023, compared with around two-thirds (68%) of other sectors. In particular, the study found that financial workers were at a higher than average risk of phishing compared to other workers. Despite their target attractiveness, only three-quarters (73%) of the financial sector respondents said that they have a cyber security policy in place or will do so within the next year. A separate report from Kaspersky stated that the financial sector is poised to experience an influx of artificial intelligence based attacks 2024, adding to the fire.

Sources: [SC Media] [TechRadar ]

An Innocent-Looking Instagram Trend Could Be a Gift to Hackers

A recent trend that has picked up traction at the end of December on social media apps such as Instagram and TikTok, encourages their followers to “get to know them better”. This trend gets people to answer a popular template, freely giving away personal information such as their height, date of birth, and various details that they feel strongly about including favourite food and phobias. While these questions may seem harmless, these sorts of personal details are used by companies for security questions, for example when a person wants to reset their password. Hackers can use this information to easily social engineer victims or impersonate them to get access to their accounts.

Source: [Business Insider]

Cyber Criminals Shared Millions of Stolen Records During Holiday Break

While many people unwind and enjoy their time off during the festive season, cyber criminals remain active. In fact, they leaked approximately 50 million records containing sensitive personal information during this period. These data breaches were not limited to the West; they had a global impact, affecting individuals in various countries such as Peru, Australia, South Africa, and more. It is important to note that not all the data leaks were recent; some appeared to be remnants of older incidents. For instance, some of the leaked data belonged to customers of the credit company Klarna, which was rumoured to have experienced a breach back in 2022, although it was never publicly confirmed. This ‘Free Leaksmas’ event, as it’s been dubbed, underscores the extensive global reach and serious consequences of these cyber criminal activities.

Sources: [Security Affairs] [Dark Reading]

Law Firm that Handles Data Breaches was Itself Hit by Data Breach

Orrick, Herrington & Sutcliffe, a law firm specialising in managing security incidents for other companies, has disclosed more details of the cyber attack it itself experienced in March 2023. The breach compromised the sensitive health and personal information of over 637,000 individuals. The stolen data was linked to client organisations and included the names of individuals alongside their social security numbers, medical details, and financial information. Despite the firm's expertise in cyber security, the attack highlights the pervasive risk of data breaches, even among those who advise on such matters. Orrick's delayed response and subsequent legal settlements underscore the importance of proactive security measures and swift action in the wake of a breach. This incident serves as a stark reminder to all organisations of the need for robust cyber defences and transparent communication strategies in today's digital landscape. The law firm has recently settled in principle to resolve four class action lawsuits that accused Orrick of failing to inform victims of the breach until months after the incident.

Source: [TechCrunch]

Nigerian Hacker Arrested for Stealing Millions from Charities

A Nigerian national, Olusegun Samson Adejorin, has been arrested for charges relating to business email compromise attacks that caused a charitable organisation in the US to lose more than $7.5 million. Adejorin had purchased a credential harvesting tool to steal login credentials, which were used to send emails to the charity’s financial service provider. The emails requested and authorised a transfer of $7.5 million, which the investment services provider believed it was paying to the charity whereas it was paying into a bank account controlled by the attacker.

Source: [Bleeping Computer]

Cyber Criminals Implemented Artificial Intelligence for Invoice Fraud

A cyber criminal gang known as GXC Team has been seen selling an artificial intelligence tool for creating fraudulent invoices. The tool, known as Business Invoice Swapper, scrutinises compromised emails that are fed to it, looking for emails which mention invoices or include invoice attachments. It then alters the details of the intended recipient to details specified by the perpetrator. This altered invoice then either replaces the compromised one, or is sent to a predetermined set of contacts.

Source: [Security Affairs]

Shadow IT Threatens Corporate Cyber Security, Study Reveals

With remote working becoming more and more prevalent, organisations are finding themselves at risk of cyber threats due to what is known as shadow IT; this is any software, hardware or IT resource used without the IT department’s approval, knowledge or oversight. A study by Kaspersky found of the 77% of companies that had suffered from cyber incidents over the past two years, 11% of these were directly caused by the unauthorised use of shadow IT.

Source: [Security Brief]

Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge

In the constantly evolving cyber threat landscape, 2023 has witnessed a notable surge in the use of bots, fraud farms, and cryptojacking. A new report found that 73% of web and app traffic this year has been attributed to malicious bots and fraud farms, indicating a significant shift towards automated cyber attacks. This trend poses a heightened risk to the ecommerce sector, where cyber criminals exploit API connections and third-party dependencies.

Furthermore, the surge in cryptojacking, marked by a 399% increase, reveals a diversifying strategy among cyber criminals, targeting critical infrastructure with sophisticated methods. These developments serve as a crucial reminder for organisations to bolster their cyber defences and adopt a proactive stance against these emerging and increasingly automated threats.

Source: [Help Net Security]

Putin has Declared a Cyber War on Britain

This year over 2 billion people will vote for new governments across the world, and it is crucial to be aware of upcoming threats to these elections from foreign powers. In particular, Russia is notorious for deploying bots, trolls, and deepfakes, which are techniques used to manipulate information and influence public opinion. These malicious actors are adept at spreading misinformation and disinformation, often with the goal of interfering in elections. With the upcoming UK General Election in 2024 and the US Presidential Election also falling this year, it is imperative to exercise caution and discernment when consuming online content. Not everything we see can be taken at face value.

Source: [Telegraph]

Governance, Risk and Compliance

• Thoughts for Boards: Key Issues in Corporate Governance for 2024 (harvard.edu)

• Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention - Help Net Security

• Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Help Net Security

• Navigating the New Age of Cyber Security Enforcement (darkreading.com)

• Facts and misconceptions about cyber security budgets - Help Net Security

• Budget cuts take a toll on IT decision makers' mental health - Help Net Security

• Consumers prepared to ditch brands after cyber security issues - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Firms urged to stop ransomware payments as attacks become “astronomical” (emergingrisks.co.uk)

• How ransomware could cripple countries, not just companies (economist.com)

• New Black Basta decryptor exploits ransomware flaw to recover files (bleepingcomputer.com)

• ChatGPT-aided ransomware in China results in four arrests as AI raises cyber security concerns | South China Morning Post (scmp.com)

• Sophos reports spike in ransomware groups using remote encryption (securitybrief.co.nz)

• Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop (securityaffairs.com)

• Police locate missing Chinese student who was victim of ‘cyber kidnapping’ (msn.com)

• Kai Zhuang: Cyber kidnapping in US illustrates growing crime trend - BBC News

• Ban on ransomware payments? The alternative isn't working • The Register

• December ransomware attacks disrupt healthcare organisations | TechTarget

• Ransomware's deadly toll: Hacking is killing patient as errors and delays plague healthcare systems, as 2,200 hospitals, schools and government entities were hit in 2023 | Daily Mail Online

• Study: Ransomware Is Actually Killing One American Per Month (tech.co)

• Zeppelin ransomware source code sold for $500 on hacking forum (bleepingcomputer.com)

Ransomware Victims

• Cyber attack on Massachusetts hospital disrupted records system, emergency services (therecord.media)

• Hospitals ask courts to force cloud storage firm to return stolen data (bleepingcomputer.com)

• Ransomware's deadly toll: Hacking is killing patients as errors and delays plague healthcare systems, as 2,200 hospitals, schools and government entities were hit in 2023 | Daily Mail Online

• Software Used by Hundreds of Museums Taken Down by Ransomware Attack (pcmag.com)

• CTS cyber attack: Disruption to home sales now over - BBC News

• Xerox says subsidiary XBS US breached after ransomware gang leaks data (bleepingcomputer.com)

• Cyber attackers breach trove of Victoria court recordings • The Register

• Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyber Attack (huntress.com)

• Estes refuses to pay off ransomware crew, says data stolen • The Register

Phishing & Email Based Attacks

• Numerous backdoors deployed in new Kimsuky spear-phishing attacks | SC Media (scmagazine.com)

• Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)

• SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails (thehackernews.com)

• CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)

• Crypto phishing scams took almost $300M from 324K victims in 2023: Report (cointelegraph.com)

Artificial Intelligence

• Cyber Criminals Implemented Artificial Intelligence (AI) for Invoice Fraud (securityaffairs.com)

• The Imperative of Cyber Security in the Era of AI (thefastmode.com)

• Finance orgs to face increasingly prevalent AI cyber attacks | SC Media (scmagazine.com)

• Enterprise cyber security in 2024: The AI play comes to the fore - Verdict

• Law Firms Taken Aback By The Impact Of AI And The Rise Of Exclusions On Their Cyber Insurance Policies - Above the Law

• NIST Identifies Types of Cyber Attacks That Manipulate Behaviour of AI Systems | NIST

• AI watermarking could be exploited by bad actors to spread misinformation. But experts say the tech still must be adopted quickly | FedScoop

• Use of generative AI in the legal profession accelerating despite accuracy concerns | ITPro

• A New Kind of AI Copy Can Fully Replicate Famous People. The Law Is Powerless. - POLITICO

• ChatGPT-aided ransomware in China results in four arrests as AI raises cyber security concerns | South China Morning Post (scmp.com)

• CISO Planning for 2024 May Struggle When It Comes to AI (darkreading.com)

• Reflecting on Defence and Security Strategies in the AI Era: A New Perspective for Modern Nations - Modern Diplomacy

• Cyber resilience in the age of AI | TechRadar

• Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Help Net Security

• AI Is Driving a Silent Cyber Security Arms Race (govtech.com)

Malware

• Google accounts may be vulnerable to new hack, changing password won’t help | Cybernews

• Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts (bleepingcomputer.com)

• Microsoft patches critical vulnerability used to install malware on Windows PCs - MSPoweruser

• Microsoft disables Windows app installation, again • The Register

• CISA warns of a nasty flaw abusing Excel | TechRadar

• New Version of Meduza Stealer Released in Dark Web (securityaffairs.com)

• Weak password and infostealer blamed for Orange Spain outage • The Register

• Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)

• Russian Military Intelligence Blamed for Blitzkrieg Hacks (inforisktoday.com)

• CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)

• Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (thehackernews.com)

• Activity of Rugmi malware loader spikes | SC Media (scmagazine.com)

• Kronos Malware Reemerges with Increased Functionality (securityintelligence.com)

• Malware attacks exploiting app installation protocol prompt deactivation | SC Media (scmagazine.com)

• New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections (thehackernews.com)

• 29 malware families target 1,800 banking apps worldwide - Help Net Security

• Google password resets not enough to stop this malware • The Register

• 21 New Mac Malware Families Emerged in 2023 - Security Week

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)

• New Bandook RAT Variant Resurfaces, Targeting Windows Machines (thehackernews.com)

Mobile

• Europe's Largest Parking App Provider Informs Customers of Data Breach - Security Week

• How to prevent hackers from breaking into your Android, stealing bank info (nypost.com)

• QR code hacking: How to protect yourself from rogue QR codes (androidpolice.com)

• 29 malware families target 1,800 banking apps worldwide - Help Net Security

Denial of Service/DoS/DDOS

• Guarding against DDoS attacks during high-traffic periods | CSO Online

• Busting three common DDoS myths (betanews.com)

Internet of Things – IoT

• Study Finds IoT Cyber Security Risk Increased 400 Percent Last Year - RFID JOURNAL

• 4 essential smart home cameras tips to protect your sensitive data

• Ukraine says Russia hacked web cameras to spy on targets in Kyiv (therecord.media)

Data Breaches/Leaks

• Cyber Criminals launched 'Leaksmas' event in the Dark Web exposing massive volumes of leaked PII and compromised data (securityaffairs.com)

• 23andMe tells victims it’s their fault that their data was breached | TechCrunch

• Law firm that handles data breaches was hit by data breach | TechCrunch

• Europe's Largest Parking App Provider Informs Customers of Data Breach - Security Week

• Here we go again: 2023’s badly handled data breaches | TechCrunch

• Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service - Security Week

• Data breach at healthcare tech firm impacts 4.5 million patients (bleepingcomputer.com)

• Highlands Oncology Group Notifies Patients of September 2023 Data Breach | Console and Associates, P.C. - JDSupra

• 'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month (darkreading.com)

• Cyber Attacks Are Back in Hollywood. Did Sony Hack Teach Us Nothing? (variety.com)

• Accounting Firm Battling Cyber Security Lawsuit Seeks Dismissal (bloomberglaw.com)

Organised Crime & Criminal Actors

• Nigerian hacker arrested for stealing $7.5M from charities (bleepingcomputer.com)

• Hackers employ nuanced tactics to evade detection - Help Net Security

• The law enforcement operations targeting cyber crime in 2023 (bleepingcomputer.com)

• What’s It Like to Be the Victim of Cyber Crimes? (govtech.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention - Help Net Security

• Beware: Scam-as-a-Service Aiding Cyber Criminals in Crypto Wallet-Draining Attacks (thehackernews.com)

• Crypto phishing scams took almost $300M from 324K victims in 2023: Report (cointelegraph.com)

• Cryptocurrency wallet CEO loses $125,000 in wallet-draining scam | Tripwire

• Cyber criminals set their sights on crypto markets - Help Net Security

• Orbit Chain loses $86 million in the last fintech hack of 2023 (bleepingcomputer.com)

• Crypto-crook Sam Bankman-Fried spared a second trial • The Register

• Bitconned review — Netflix documentary about a fortune built on brazen lies

• Hackers hijack govt and business accounts on X for crypto scams (bleepingcomputer.com)

Insurance

• 6 Cyber Security Insurance Requirements | Proofpoint US

• Cyber insurance should go hand in hand with cyber resilience | Insurance Business America (insurancebusinessmag.com)

• Law Firms Taken Aback By The Impact Of AI And The Rise Of Exclusions On Their Cyber Insurance Policies - Above the Law

Supply Chain and Third Parties

• Online museum collections down after cyber attack on service provider (bleepingcomputer.com)

• A new framework for third-party risk in the European Union | ITPro

Cloud/SaaS

• This company made a significant Google Drive security error that could put a million users at risk | TechRadar

• 5 Ways to Reduce SaaS Security Risks (thehackernews.com)

• 8 Hybrid Cloud Security Challenges and How to Manage Them (techtarget.com)

Identity and Access Management

• The password identity crisis: Evolving authentication methods in 2024 and beyond | VentureBeat

• Active Directory Infiltration Methods Employed by Cyber Criminals (gbhackers.com)

Encryption

• Quantum Risks and Rewards: Forward-Defending Cyber Security (govinfosecurity.com)

• Saving Schrödinger’s Cat: Getting serious about post-quantum encryption in 2024 - Breaking Defence

• Nearly 11 million SSH servers vulnerable to new Terrapin attacks (bleepingcomputer.com)

Linux and Open Source

• 2023: The Year Open Source Security Supply Chain Grew Up - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

• A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica

• 23andMe tells victims it’s their fault that their data was breached | TechCrunch

• The password identity crisis: Evolving authentication methods in 2024 and beyond | VentureBeat

• Using Stronger Passwords Among Top 2024 Digital Resolutions - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• Instagram Trend Could Be a Gift to Hackers (businessinsider.com)

• Social media made $11 billion in US ad sales from minors and therefore has 'overwhelming financial incentives' to avoid protecting children, study finds | Fortune

• Cyber Attackers Target Nuclear Waste Company via LinkedIn (darkreading.com)

• Cyber Criminals Flood Dark Web with X (Twitter) Gold Accounts (darkreading.com)

• Hackers hijack govt and business accounts on X for crypto scams (bleepingcomputer.com)

• Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack (thehackernews.com)

Malvertising

• Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’ - Security Week

• Google Just Disabled Cookies for 30 Million Chrome Users. Here’s How to Tell If You’re One of Them. (gizmodo.com)

• Social media made $11 billion in US ad sales from minors and therefore has 'overwhelming financial incentives' to avoid protecting children, study finds | Fortune

Regulations, Fines and Legislation

• New risk management framework helps with SEC mandate compliance | CSO Online

• A new framework for third-party risk in the European Union | ITPro

• Finding The Silver Lining In Cyber Regulations (forbes.com)

• Navigating the New Age of Cyber Security Enforcement (darkreading.com)

Models, Frameworks and Standards

• An Overview Of The Defence Department’s Long-awaited Proposed Regulations For Its Cyber Security Maturity Model Certification Program | Morrison & Foerster LLP - Government Contracts Insights - JDSupra

Careers, Working in Cyber and Information Security

• Cyber security skills gap poses threat to business protection measures (securitybrief.co.nz)

• Many cyber security workers feel burnt out and worry about understaffing | TechRadar

Law Enforcement Action and Take Downs

• Police investigate virtual sex assault on girl's avatar - BBC News

• The law enforcement operations targeting cyber crime in 2023 (bleepingcomputer.com)

• Additional cyber agents to be deployed by FBI | SC Media (scmagazine.com)

Misinformation, Disinformation and Propaganda

• Vladimir Putin has declared a cyber war on Britain (telegraph.co.uk)

• AI watermarking could be exploited by bad actors to spread misinformation. But experts say the tech still must be adopted quickly | FedScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• The FBI is adding more cyber focused agents to US embassies | CyberScoop

Nation State Actors

China

• CISA warns of a nasty flaw abusing Excel | TechRadar

• BT Miss Deadline to Remove All Huawei Kit from UK Core Network UPDATE - ISPreview UK

• ChatGPT-aided ransomware in China results in four arrests as AI raises cyber security concerns | South China Morning Post (scmp.com)

• Three Chinese balloons float near Taiwanese airbase • The Register

Russia

• Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns (darkreading.com)

• Russian hackers were inside Ukraine telecoms giant for months – cyber spy chief – Euractiv

• Ukraine says Russia hacked web cameras to spy on targets in Kyiv (therecord.media)

• UK exposes Russia for attempted political interference (ukdefencejournal.org.uk)

• Vladimir Putin has declared a cyber war on Britain (telegraph.co.uk)

• Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)

• Russian Military Intelligence Blamed for Blitzkrieg Hacks (inforisktoday.com)

• CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)

• Massive missile strike disrupts Kyiv's internet and power supply (therecord.media)

• The "Tallinn Mechanism" is Designed to Enhance Civilian Cyber Assistance to Ukraine

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)

Iran

• Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania (securityaffairs.com)

• Multiple organisations in Iran breached by a mysterious hacker (securityaffairs.com)

• Israel Battles Spike in Wartime Hacktivist, OT Cyber Attacks (darkreading.com)

• Pilfered Data From Iranian Insurance and Food Delivery Firms Leaked Online (darkreading.com)

North Korea

• Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (thehackernews.com)

• Numerous backdoors deployed in new Kimsuky spear-phishing attacks | SC Media (scmagazine.com)

• Analysing DPRK's SpectralBlur

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• 'Everything on the internet is monitored': Israel's cyber security head - The Week

• 'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month (darkreading.com)

• Israel Battles Spike in Wartime Hacktivist, OT Cyber Attacks (darkreading.com)

• Field spy or electronic espionage: Lebanon’s cyber security challenge against Israeli security breach - Lebanon News (lbcgroup.tv)

Vulnerability Management

• Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (darkreading.com)

• 10 of the biggest zero-day attacks of 2023 | TechTarget

• Vulnerability management remains a moving target | SC Media (scmagazine.com)

Vulnerabilities

• Microsoft patches critical vulnerability used to install malware on Windows PCs - MSPoweruser

• CISA warns of a nasty flaw abusing Excel | TechRadar

• Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Security Week

• Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (darkreading.com)

• Ivanti warns critical EPM bug lets hackers hijack enrolled devices (bleepingcomputer.com)

• 10 of the biggest zero-day attacks of 2023 | TechTarget

• Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover - Security Week

• Malware attacks exploiting app installation protocol prompt deactivation | SC Media (scmagazine.com)

• Qualcomm chip vulnerability enables remote attack by voice call | SC Media (scmagazine.com)

• Nearly 11 million SSH servers vulnerable to new Terrapin attacks (bleepingcomputer.com)

• WordPress Google Fonts Plugin Vulnerability Affects Up To +300,000 Sites (searchenginejournal.com)

• January Android Security Bulletin Arrives, So Does Pixel Update (droid-life.com)

Tools and Controls

• Why training LLMs with endpoint data will strengthen cyber security | VentureBeat

• Cyber security challenges emerge in the wake of API expansion - Help Net Security

• 6 Cyber Security Insurance Requirements | Proofpoint US

• Are Security Appliances fit for Purpose in a Decentralized Workplace? - Security Week

• Guarding against DDoS attacks during high-traffic periods | CSO Online

• Cyber resilience in the age of AI | TechRadar

• 8 Hybrid Cloud Security Challenges and How to Manage Them (techtarget.com)

• Active Directory Infiltration Methods Employed by Cyber Criminals (gbhackers.com)

Other News

• Over 100 European Banks Face Cyber Resilience Test - Infosecurity Magazine (infosecurity-magazine.com)

• Can We Protect the Ballot Box? Global Guide to Election Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Lazy’ broadband engineers blamed for exposing hospitals and banks to cyber attacks (telegraph.co.uk)

• IT and OT cyber security: A holistic approach (securityintelligence.com)

• The FBI is adding more cyber focused agents to US embassies | CyberScoop

• Hackers hit Australian state's court recording database | Reuters

• Cyber Attacks Are Back in Hollywood. Did Sony Hack Teach Us Nothing? (variety.com)

• Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)

• Firm responsible for burying the UK’s nuclear waste faces repeated cyber attacks | Engineering and Technology Magazine (theiet.org)

• Securing the Defence Industrial Base | AFCEA International

• Reflecting on Defence and Security Strategies in the AI Era: A New Perspective for Modern Nations - Modern Diplomacy

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Companies Adopt Board-Level Cyber Security Committees

In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.

Source: [Decipher]

Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High

A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.

Sources: [Dark Reading] [SC Magazine] [Reinsurance News]

Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year

Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.

Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]

More Than 46 Million Potential Cyber Attacks Logged Every Day

New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.

Sources: [Evening Standard] [Proactive] [The Independent]

Fighting Cyber Attacks Requires Top-Down Approach

Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.

Source: [Chief Investment Officer]

Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023

The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.

Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [Security Magazine] [MSSP Alert] [TechRadar]

98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending

Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.

Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]

48% of Organisations Predict Cyber Attack Recovery Could Take Weeks

A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Security Magazine]

Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour

The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.

We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.

Source: [Dark Reading]

How Cyber Security Has Evolved in The Past 20 Years

Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.

The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.

Source: [Forbes]

Rising Global Tensions Could Portend Destructive Hacks

Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.

Source: [Info Risk Today]

Governance, Risk and Compliance

• Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• How to establish a great security awareness culture (att.com)

• More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)

• Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)

• SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

• Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)

• AI-related security fears drive 2024 IT spending - Help Net Security

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Threats

Ransomware, Extortion and Destructive Attacks

• SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)

• Ransomware attacks surge, highlighting need for detection, response tools: Allianz - Reinsurance News

• 2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report (darkreading.com)

• Ransomware is threatening more businesses than ever before | TechRadar

• Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)

• Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

• Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)

• Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Five things organisations don’t consider before a ransomware attack | TechRadar

• Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR

• Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)

• BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)

• Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg

• Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)

• Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News

• Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Should Ransom Payments Be Made Illegal | Intel471

• ThreatLabz state of ransomware report | ITPro | ITPro

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Ransomware Victims

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News

• Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week

• US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)

• Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)

• American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)

• Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)

• Volex dented by cyber attack costs but full-year results are on track | AIM:VLX (proactiveinvestors.co.uk)

• Cyber crims leak patient pics in low blow bid to win ransom • The Register

Phishing & Email Based Attacks

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• Over 200 million malicious emails were detected in Q3 2023 | Security Magazine

• Watch out - that QR code could just be a phishing scam | TechRadar

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Email security threats are more dangerous than ever - here's what you need to know | TechRadar

• What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert

• The US released popular phishing techniques | Inquirer Technology

• Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE

• Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru

Other Social Engineering; Smishing, Vishing, etc

• Social engineering: Hacking minds over bytes (att.com)

Artificial Intelligence

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• New Survey From Abnormal Security Reveals 98% Of Security Leaders Worry About the Risks of Generative AI | Business Wire

• AI-related security fears drive 2024 IT spending - Help Net Security

• Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly

• AI-Based Cyber Attacks Target HR Teams (thehrworld.co.uk)

• Governments, firms should spend more on AI safety, top researchers say | Reuters

• Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• AI risk must be treated as seriously as climate crisis, says Google DeepMind chief | Technology | The Guardian

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)

• Businesses ignorant to gen AI security threats suggests research (ship-technology.com)

• Inside the battle to contain – and capitalise on – artificial intelligence | World news | The Guardian

• AI to Create Demand for Digital Trust Professionals, ISACA Survey Find - Infosecurity Magazine (infosecurity-magazine.com)

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Britain’s Big AI Summit Is a Doom-Obsessed Mess | WIRED

• Oops! When tech innovations create new security threats | CSO Online

• UK officials use AI to decide on issues from benefits to marriage licences | Artificial intelligence (AI) | The Guardian

2FA/MFA

• Okta support system breach highlights need for strong MFA policies | CSO Online

Malware

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• Hackers are using an incredibly sneaky trick to hide malware | Digital Trends

• Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)

• Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)

• Dangerous new malware can crack encrypted USB drives | TechRadar

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• 'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

Mobile

• Android trojan spotted in the wild can record audio and phone calls | ZDNET

• Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)

• iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation (thehackernews.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• A huge amount of financial apps contain security flaws - and this is the best scoring industry | TechRadar

• Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News

• Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)

• Android adware apps on Google Play amass two million installs (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

• Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)

Internet of Things – IoT

• How an explosion of 'smart' devices is threatening US households -- and national security (nypost.com)

• UK government finalises IoT cyber security requirements - Lexology

Data Breaches/Leaks

• Okta says hackers breached its support system and viewed customer files | Ars Technica

• Okta support system breach highlights need for strong MFA policies | CSO Online

• 1Password suffers cyber security incident after latest Okta breach - Tech Monitor

• Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)

• Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)

• City of Philadelphia discloses data breach after five months (bleepingcomputer.com)

• 500k Irish National Police records exposed by third party • The Register

• The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)

Organised Crime & Criminal Actors

• More than 500 potential cyber attacks logged every second, BT says | The Independent

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insider Risk and Insider Threats

• Forget the outside hacker, the bigger threat is inside • The Register

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

Fraud, Scams & Financial Crime

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Online scammers target desperate loan seekers using online fraud | TechRadar

• Christmas scams to watch out for this festive season (nationalworld.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Deepfakes

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insurance

• Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)

• Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra

• Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)

Dark Web

• A Look at Key Dark Web Statistics (2023 Data Update) (techreport.com)

Supply Chain and Third Parties

• 500k Irish National Police records exposed by third party • The Register

Software Supply Chain

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

Cloud/SaaS

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)

• Passwords - not all they are cracked up to be | TechRadar

• 'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)

• 10 Bad Password Habits You Need to Break (howtogeek.com)

Social Media

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• Threat actor is selling access to Facebook and Instagram's Police Portal (securityaffairs.com)

Malvertising

• Malvertisers Using Google Ads to Target Users Searching for Popular Software (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

Regulations, Fines and Legislation

• Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• UK government finalises IoT cyber security requirements - Lexology

• Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199 | Baker Donelson - JDSupra

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Models, Frameworks and Standards

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• CMMC 2.0: What You Need to Know - ClearanceJobs

Backup and Recovery

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

Law Enforcement Action and Take Downs

• Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)

• Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• ‘I’m looking for fewer ways to be traceable, not more’ | Financial Times

• Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)

• ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)

Misinformation, Disinformation and Propaganda

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

• ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)

• International Criminal Court attack was targeted and sophisticated (securityaffairs.com)

• Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)

• It's Time to Establish the NATO of Cyber Security (darkreading.com)

• War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360

• International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

Geopolitical Threats/Activity

• Cyber attacks in the Israel-Hamas war (cloudflare.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

China

• MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)

• Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live

• Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)

Russia

• Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg

• Ukraine's IT army is a world first: here's why it is an important part of the war (theconversation.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International

• Pro-Russia group behind today’s mass cyber attack against Czech institutions - Prague, Czech Republic (expats.cz)

• Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)

• Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)

• Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert

• France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Inside Ukraine's Cyber Army (globelynews.com)

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Ex-NSA techie admits to selling state secrets to Russia • The Register

Iran

• Iran APT Targets the Mediterranean With Watering-Hole Attacks (darkreading.com)

North Korea

• US seizes sites that funnel money from North Korean IT workers for illicit activities | SC Media (scmagazine.com)

• Freelance Market Flooded With North Korean IT Actors (darkreading.com)

Vulnerability Management

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

Vulnerabilities

• Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)

• Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly

• Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)

• CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• Cisco hackers likely taking steps to avoid identification | Computer Weekly

• F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week

• Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)

• Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week

• The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Apple Ships Major iOS, macOS Security Updates - Security Week

• Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica

• ServiceNow quietly fixes 8-year-old data exposure flaw • The Register

Tools and Controls

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Cyber attack response plans need to be in place to avoid chaos - FreightWaves

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• What is Network Segmentation? Virtual & Physical Segmentation | UpGuard

• AI-related security fears drive 2024 IT spending - Help Net Security

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)

• Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

• Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)

• Cyber security concerns grow among physical security professionals | Security Magazine

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Other News

• MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online

• UK Parliament Opens Inquiry into Cyber-Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• Strategies to overcome cyber security misconceptions - Help Net Security

• UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online

• 5 important cyber security takeaways for law firms - Lawyers Weekly

• How Cyber Security Has Evolved In The Past 20 Years (forbes.com)

• HMRC annual report triggers cyber red alert | AccountingWEB

• Oops! When tech innovations create new security threats | CSO Online

• Spooky Cyber Statistics And Trends You Need To Know (forbes.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

• Proactively preventing your company from becoming the next cyber attack headline (betanews.com)

• Cyber security trends 2023 | Allianz Commercial

• Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon

• Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review

• OT cyber attacks proliferating despite growing cyber security spend - Help Net Security

• Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)

• What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)

• Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

66 Percent of Businesses Don't Understand Their Cyber Risks

A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.

83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.

Source: [Beta News]

Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.

The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.

Sources [Data Breaches] [UKAuthority]

Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.

As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.

Sources [Dark Reading] [The Record] [Security Magazine]

Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.

There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.

Source: [Law.com]

58% of Malicious Emails Contained Spoofed Content

According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.

The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.

Source: [Security Magazine]

Cyber Attacks Remain a Top Concern for Organisations Across All Industries

Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.

With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.

Source: [Business Wire]

BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.

The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.

Source: [Infosecurity Magazine]

13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.

It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.

Source: [Security Magazine]

Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.

Source: [The Hacker News]

Kroll’s Breach Highlights SIM-Swapping Risk

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.

In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.

Source [Dark Reading]

Reducing The Risk of AI, What Can You Do?

Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.

Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.

Sources: [CSO Online] [UKTech News]

Debunking Popular Cyber Security Myths

At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?

When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.

So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.

Sources: [Forbes] [Trend Micro]

3 Malware Loaders Responsible for 80% of Intrusions

Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.

Sources: [The Register] [Infosecurity Magazine]

MOVEit Hack Shows Attackers Still Use Old Tricks

SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.

The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?

Source: [Dark Reading]

Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.

In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.

Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.

Source: [Ars Technica]

Governance, Risk and Compliance

• Cyber Attacks and Other Threats Remain a Top Concern for Organisations Across All Industries, Finds InformationWeek’s State of Cyber Risk and Resiliency Report | Business Wire

• 66 percent of businesses don't understand their cyber risks (betanews.com)

• Survey of In-House Counsel Finds Cyber Anxiety Skyrocketing | Law.com

• Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report (thehackernews.com)

• SEC Probe Targets SolarWinds Executives - DevX

• Cyber Security Enters Conversation About Executive Pay - WSJ

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• How international cyber security frameworks can help CISOs | CSO Online

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• SEC cyber attack regulations prompt 10 questions for CISOs | TechTarget

• Should Senior IT Professionals Be Accountable for Professional Decisions? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 80% of organisations expect ransomware spending to increase | Security Magazine

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• MOVEit Was a SQL Injection Accident Waiting to Happen (darkreading.com)

• Nearly 1,000 Organisations, 60 Million Individuals Impacted by MOVEit Hack - SecurityWeek

• Ransomware With an Identity Crisis Targets Small Businesses, Individuals (darkreading.com)

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

• LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants (thehackernews.com)

• Deconstructing ransomware, cyber criminals and their modus operandi | TechRadar

• Ransomware Evolution: Smaller Actors, Bigger Impact (govinfosecurity.com)

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Making Sense of Ransomware Attack Statistics in 2023 | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Should Companies Pay After Ransomware Attacks? Is It Illegal? (techtarget.com)

• How Ransomware Groups Respond to External Pressure (inforisktoday.com)

• Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat (trellix.com)

• Rackspace Faces Massive Cleanup Costs After Ransomware Attack (darkreading.com)

• EDITORIAL | Time to Cut Off North Korea from Funding Sources for its Missiles | JAPAN Forward (japan-forward.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

• 8 Types of Ransomware: Examples of Past and Current Attacks (techtarget.com)

• Black Basta Besting Your Network? (securityintelligence.com)

Ransomware Victims

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• St Helens Council still dealing with suspected cyber-attack - BBC News

• Rhysida claims ransomware attack on Prospect Medical, threatens to sell data (bleepingcomputer.com)

• University of Michigan shuts down network after cyber attack (bleepingcomputer.com)

• Social Security Numbers leaked in ransomware attack on Ohio History Connection (malwarebytes.com)

Phishing & Email Based Attacks

• Phishing as a service continues to plague business users - SiliconANGLE

• 58% of malicious emails contained spoof content | Security Magazine

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

• Top 5 most abused brands by hackers

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (thehackernews.com)

• Spain warns of LockBit Locker ransomware phishing attacks (bleepingcomputer.com)

• US govt email servers hacked in Barracuda zero-day attacks (bleepingcomputer.com)

• QR Code' Surge in Popularity Brings Along a Rise in QR-Linked Phishing Scams | Metaverse Post (mpost.io)

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• How to Spot Phishing Emails & Tips to Avoid Them | Proofpoint US

Other Social Engineering; Smishing, Vishing, etc

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - SecurityWeek

Artificial Intelligence

• Cyber security agency gives AI chatbot warning (uktech.news)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• IT leaders alarmed by generative AI's SaaS security implications - Help Net Security

• Is Bias in AI Algorithms a Threat to Cloud Security? (darkreading.com)

• Shifting Cyber Security: The Impact and Implications of LLMs (inforisktoday.com)

• Vendors Training AI With Customer Data is an Enterprise Risk (darkreading.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• Hacking the future: Notes from DEF CON’s Generative Red Team Challenge | CSO Online

• Building cyber resilience in an age of AI (betanews.com)

• How to minimize data risk for generative AI and LLMs in the enterprise | VentureBeat

• Google launches tool to identify AI-generated images - Help Net Security

2FA/MFA

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

AITM/MITM

• Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platform - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• These 3 loaders were behind 80% of intrusions this year • The Register

• 20+ Malware Statistics You Need to Know in 2023 (techreport.com)

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• 'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds (darkreading.com)

• Infamous Raccoon Stealer Malware Returns - DevX

• Top 3 Malware Threatening Businesses in Q2 2023 (cybersecuritynews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research (darkreading.com)

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• Japan's JPCERT warns of new 'MalDoc in PDF' attack technique (securityaffairs.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates (thehackernews.com)

• Hackers are now hiding malicious Word documents in PDFs — how to stay safe | Tom's Guide (tomsguide.com)

• DreamBus malware exploits RocketMQ flaw to infect servers (bleepingcomputer.com)

• Kaspersky malware report for Q2 2023 | Securelist

• Microsoft is using malware-like pop-ups in Windows 11 to get people to ditch Google - The Verge

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

• SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations (thehackernews.com)

• Battling malware in the industrial supply chain

Mobile

• Kroll's Crypto Breach Highlights SIM-Swapping Risk (darkreading.com)

• This new Android malware can unlock your phone and drain your bank accounts | Tom's Guide (tomsguide.com)

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Is Mobile Hacking Still a Big Threat in 2023? (makeuseof.com)

• New Android MMRat malware uses Protobuf protocol to steal your data (bleepingcomputer.com)

• What Are Overlay Attacks? How Do You Protect Against Them? (makeuseof.com)

• New Android Banking Trojan Targets Southeast Asia Region (inforisktoday.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

• 8 Ways To Boost Your Android Phone's Security (slashgear.com)

Botnets

• Online exclusive: Rise of the botnets (securitymiddleeastmag.com)

Denial of Service/DoS/DDOS

• DDoS attacks rise 40% in Q2 2023, affecting banks, gaming & e-commerce | Security Magazine

BYOD

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• The power of passive OS fingerprinting for accurate IoT device identification - Help Net Security

Data Breaches/Leaks

• Metropolitan Police reports supplier cyber breach | UKAuthority

• UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach (databreaches.net)

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• American Express admits APAC employees' data leak, blames a third-party payroll service

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Leaseweb is restoring ‘critical’ systems after security breach (bleepingcomputer.com)

• French employment agency Pôle emploi data breach impacted 10M peopleSecurity Affairs

• Mom’s Meals discloses data breach impacting 1.2 million people (bleepingcomputer.com)

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - Security Week

• Paramount discloses data breach following security incident (bleepingcomputer.com)

• Another data breach at Forever 21 leaks details of 500,000 current and former employees (bitdefender.com)

• Cost of a data breach 2023: Financial industry impacts (securityintelligence.com)

Organised Crime & Criminal Actors

• Moscow helping cyber criminals operate with 'near impunity': report | The Province

• Hacking gangs launch cyber crime syndicate the Five Families (techmonitor.ai)

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• ‘Billion Dollar Heist’: The Wild Story That Should Have Us All Petrified (thedailybeast.com)

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: UN treaty creates 'ideal conditions' for cyber crime (telecomstechnews.com)

• Cyber Criminals use research contests to create new attack methods - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kroll data breach exposes info of FTX, BlockFi, Genesis creditors (bleepingcomputer.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

Fraud, Scams & Financial Crime

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Classiscam Spreads: $64.5M Scheme Targets 79 Countries - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• Top 5 most abused brands by hackers

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Deepfakes

• 4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught (darkreading.com)

Insurance

• Insurers End Tussle Over Ransomware Attack Coverage - Law360 UK

• Delinea Research Reveals a Cyber Insurance Gap (darkreading.com)

• Understand the fine print of your cyber insurance policies - Help Net Security

Supply Chain and Third Parties

• American Express admits APAC employees' data leak, blames a third-party payroll service

• Met should thoroughly investigate cyber security practices, say experts | Evening Standard

Cloud/SaaS

• CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security | TechTarget

• Better SaaS Security Goes Beyond Procurement (darkreading.com)

• How to secure your cloud-based business without cloud-security expertise - Partner Content - Security - iTnews

• Experts Uncover How Cyber Criminals Could Exploit Microsoft Entra ID for Elevated Privilege (thehackernews.com)

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

Hybrid/Remote Working

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

Identity and Access Management

• The Rising Tide of Identity-Based Attacks - GovInfoSecurity

Encryption

• Quantum threats loom in Gartner's 2023 Hype Cycle for data security | VentureBeat

• How Quantum Computing Will Impact Cyber Security - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Four common password mistakes hackers love to exploit (bleepingcomputer.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

Biometrics

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Elon Musk's X to collect biometric data, work and school history - The Japan Times

• Home Office and MoD seeking new facial-recognition tech | Computer Weekly

Social Media

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• How the EU Digital Services Act affects Facebook, Google and others | Technology sector | The Guardian

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• X Plans to Collect Biometric Data, Job and School History (1) (bloomberglaw.com)

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Hackers Are Selling Hacked Police Emails to Try to Grab Personal Data From TikTok, Facebook (404media.co)

Training, Education and Awareness

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• Cyber awareness education is a change-management initiative | CSO Online

Cyber Bullying, Cyber Stalking and Sextortion

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• SEC Probe Targets SolarWinds Executives - DevX

• New law could turn UK into a hacker's playground | Computerworld

• Changes to UK Surveillance Regime May Violate International Law (justsecurity.org)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

• SEC’s New Cyber Security Rule—Including Key Disclosure Requirements | Smith Gambrell Russell - JDSupra

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

Models, Frameworks and Standards

• What are the Cyber Security Standards of Basel III? | UpGuard

• Best practices for MITRE ATT&CK(R) mapping. (thecyberwire.com)

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• How international cyber security frameworks can help CISOs | CSO Online

Data Protection

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• Are you properly protecting your employees' personal information? | Burr & Forman - JDSupra

• Data Protection: One of These Incidents Is Not Like the Other | Troutman Pepper - JDSupra

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

Careers, Working in Cyber and Information Security

• Addressing Cyber Security's Talent Shortage & Its Impact on CISOs (darkreading.com)

• Unfilled Cyber Security Positions Threaten the Future of Businesses Everywhere | Inc.com

• How the Talent Shortage Impacts Cyber Security Leadership (securityintelligence.com)

Law Enforcement Action and Take Downs

• Two Men Arrested Following Poland Railway Hacking - Security Week

Privacy, Surveillance and Mass Monitoring

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Expert shares stark safety warning over Twitter updates | Tech News | Metro News

Misinformation, Disinformation and Propaganda

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• 'Five Eyes' nations release technical details of Sandworm malware 'Infamous Chisel' | CyberScoop

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

• NCSC, SBU reveal overt Russian cyber campaign as cyber war continues to evolve | ITPro

• Czech banks hit by Russian cyber attacks – EURACTIV.com

• Cyber security experts lament west’s failure to learn lessons from Ukraine | Financial Times (ft.com)

• Russian 'hybrid' war threatens NATO's eastern flank, Poles warn - Washington Times

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Russian APT Intensifies Cyber Espionage Activities - Infosecurity Magazine (infosecurity-magazine.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

China

• Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica

• China-Based APT Flies Under Radar in Espionage Attacks | Decipher (duo.com)

• China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors (thehackernews.com)

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Almost a third of compromised Barracuda ESGs were govt owned • The Register

• James Cleverly's China cyber security talks unlikely to spur change (techmonitor.ai)

• Japan’s cyber security agency suffers months-long breach | Financial Times (ft.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

North Korea

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• North Korea’s Lazarus Group hits organisations with two new RATs | CSO Online

• Lazarus Group Debuts Tiny Trojan for Espionage Attacks (databreachtoday.co.uk)

• Cyber Scams Keep North Korean Missiles Flying – Analysis – Eurasia Review

• North Korea’s Lazarus hackers behind recent crypto heists: FBI (therecord.media)

• North Korean hackers behind malicious VMConnect PyPI campaign (bleepingcomputer.com)

Vulnerability Management

• New law could turn UK into a hacker's playground | Computerworld

• 40% of Log4j Downloads Still Vulnerable (securityintelligence.com)

• How did Clop get its hands on the MOVEit zero day? (therecord.media)

Vulnerabilities

• Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks (thehackernews.com)

• Microsoft Teams attack exposes collab platform security gaps | TechTarget

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica

• CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• Exploit released for Juniper firewall bugs allowing RCE attacks (bleepingcomputer.com)

• Google Chrome 116's second point update addresses a security issue - gHacks Tech News

• Forminator WordPress Plugin Vulnerability Affects Up To 400,000+ Websites (searchenginejournal.com)

• Threat actors started exploiting Juniper flaws shortly after PoC release (securityaffairs.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence - Security Week

• This WordPress plugin with 5 million users could have a serious security flaw | TechRadar

• Cyber Attackers Swarm OpenFire Cloud Servers With Takeover Barrage (darkreading.com)

Tools and Controls

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

• Enterprise dark web monitoring: Why it's worth the investment | TechTarget

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• Here's What Your Breach Response Plan Might Be Missing (darkreading.com)

• The Middleware Threats to Microsoft's Monopoly | HackerNoon

• Why Traditional Firewalls Are Not Adequate for Your Network Security (makeuseof.com)

• Combining EPP and EDR tools can boost your endpoint security (securityintelligence.com)

• Automated Threat Hunting: AI Helps Spot Shady Network Activity (readwrite.com)

• Detecting the Undetected: The Risk to Your Info (securityintelligence.com)

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Other News

• Cyber attacks reveal threat to democracy (ukdefencejournal.org.uk)

• Hackers Use $30 Gear To Bring Poland's Railways To A Grinding Halt

• When lives rely on equipment, cyber security is essential | Healthcare IT News

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Rising cyber incidents challenge healthcare organisations - Help Net Security

• Updated Best Practice Playbook for Healthcare Cyber Threats (inforisktoday.com)

• Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success (thehackernews.com)

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• 69% of educational organisations suffered cyber attack in the past year - Netwrix survey

• Claroty's 2023 Global Healthcare Cyber Security Study Exposes Widespread Vulnerabilities And Impact (informationsecuritybuzz.com)

• Out-Of-Office: How To Ensure Cyber Security During Vulnerable Periods (forbes.com)

• Debunking The Top Five Cyber Security Myths (forbes.com)

• Manufacturing firms hit by the worst encryption rate in three years (manufacturing-today.com)

• Cyber Attacks Targeting E-commerce Applications (thehackernews.com)

• Industrial networks need better security as attacks gain scale | ZDNET

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Against Mobile Devices Growing Fast

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year.  The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.

It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/cyber-attacks-against-mobile-devices-growing-fast/

https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

• One Third of Security Breaches Go Unnoticed by Security Professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.

The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

• Cyber Security Experts Have Become Targets for Board Seats

The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.

https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html

• Phishing Attack Prevention as Email Attacks Surge Over 450%

A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.

In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.

https://cybersecuritynews.com/phishing-attack-prevention-checklist/

https://www.msspalert.com/cybersecurity-research/email-cyberattacks-spiked-nearly-500-in-first-half-of-2023-acronis-reports/

• Outsmarting Business Email Compromise (BEC) Scammers

Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.

There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.

https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers

• Small Organisations Face Security Threats on a Limited Budget

Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.

https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/

• Cloud Security: Sometimes the Risks May Outweigh the Rewards

Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.

https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/

https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

• Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.

From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.

https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks

https://techcrunch.com/2023/07/06/more-organizations-confirm-moveit-related-breaches-as-hackers-claim-to-publish-stolen-data

• 75% of Consumers Prepared to Ditch Brands Hit by Ransomware

As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

• Scammers Using AI Voice Technology to Commit Crimes

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.

The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.

https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/

• What are the Causes of Data Loss and What it the Impact on Your Organisation?

In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.

It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.

https://securityaffairs.com/148086/security/impacts-of-data-loss.html

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.

One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/

Governance, Risk and Compliance

• Cyber Security experts have become targets for board seats (cnbc.com)

• The Impacts of Data Loss on Your Organisation -Security Affairs

• One third of security breaches go unnoticed by security professionals - Help Net Security

• Small organisations face security threats on a limited budget - Help Net Security

• How to cultivate a culture of continuous cyber Security improvement - Help Net Security

• CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (darkreading.com)

• Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)

• Cyber Security's Future Hinges on Stronger Public-Private Partnerships (darkreading.com)

• Center for Internet Security, CREST launch new enterprise cyber Security accreditation scheme | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• 75% of consumers prepared to ditch brands hit by ransomware - Help Net Security

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)

• Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks (darkreading.com)

• Encryption-less ransomware: Warning issued over emerging attack method for threat actors | ITPro

• Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)

• 8Base ransomware group leaks data of 67 victim organisations - Help Net Security

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)

• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)

• Seven ways to prepare for double extortion ransomware | SC Media (scmagazine.com)

• The rise in cyber extortion attacks and its impact on business security - Help Net Security

• University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online

• Ransomware Criminals Are Dumping Kids' Private Files Online After School Hacks - SecurityWeek

• Microsoft Can Fix Ransomware Tomorrow (darkreading.com)

• Ransomware accounts for 54% of cyber threats in the health sector- Security Affairs

• Avast released a free decryptor for Windows version of Akira ransomware- Security Affairs

• Dark Web Intelligence Shows Everest Ransomware Group Increasing Initial Access Broker Activity (yahoo.com)

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• Thirty-three US Hospitals Hit By Ransomware This Year - Infosecurity Magazine (infosecurity-magazine.com)

• How ransomware impacts the healthcare industry - Help Net Security

• Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack – Joseph Carson – ESW Vault | SC Media (scmagazine.com)

• June saw flurry of ransomware attacks on education sector | TechTarget

• Decryption tool for Akira ransomware available for free | Tripwire

• Japanese Port of Nagoya Resumes Operations After 2-Day Russian Ransomware Attack - MSSP Alert

• What is WannaCry Ransomware? | Definition from TechTarget

• FBI digital sting against Hive cyber Crime group shows the promise — and limits — of hacking hackers - POLITICO

Ransomware Victims

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• One million NHS patients’ data compromised after cyber Attack on University of Manchester | The Independent

• Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data - SecurityWeek

• Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)

• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead | Tom's Hardware (tomshardware.com)

• Japan’s largest port stops operations after ransomware attack (bleepingcomputer.com)

• TSMC says IT supplier extorted by LockBit • The Register

• Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)

• 8Base ransomware group leaks data of 67 victim organisations - Help Net Security

• Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• TSMC says IT supplier extorted by LockBit • The Register

• MOVEit Hacks Ensnare US Department of Health and Human Services - Bloomberg

• UCLA among victims of worldwide cyber attack – NBC Los Angeles

• BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg

• Chipmaker TSMC says supplier targeted in cyber Attack | Reuters

• MOVEit hack impacts US financial services provider for academics | SC Media (scmagazine.com)

Phishing & Email Based Attacks

• Suspicious Email Reports Up a Third as NCSC Trumpets Active Defence - Infosecurity Magazine (infosecurity-magazine.com)

• Email Cyber Attacks Spiked Nearly 500% in First Half of 2023, Acronis Reports - MSSP Alert

• Phishing Attack Prevention Checklist - A Detailed Guide (cybersecuritynews.com)

• Phishing Trends and Tactics: Q1 of 2023 | Tripwire

• African Nations Face Escalating Phishing & Compromised Password Cyber Attacks (darkreading.com)

BEC – Business Email Compromise

• 6 Steps To Outsmart Business Email Compromise Scammers (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Quishing on the rise: How to prevent QR code phishing | TechTarget

• Why cyberpsychology is such an important part of effective cyber Security | CSO Online

Artificial Intelligence

• AI’s rise is ‘most profound’ tech shift to impact ‘all of our lives’, Google UK chief says | The Independent

• Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register

• Cyber Criminals can break voice authentication with 99% success rate - Help Net Security

• Dutch counterterrorism agency says Generative AI is posing new cyber threats | NL Times

• AI-generated attack vectors cyber Security should watch for (fastcompany.com)

• The EU hasn’t got its AI Act together yet - The Verge

• OpenAI Pauses ChatGPT's 'Browse With Bing' as Users Bypass Paywalls (gizmodo.com)

• Promoting responsible AI: Balancing innovation and regulation - Help Net Security

• GPT-4 is great at infuriating telemarketing scammers • The Register

• UK Citizens Wary of NHS AI Use, Citing Privacy Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)

Malware

• Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)

• Meduza Stealer Targets Windows Users With Advanced Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Fileless attacks increase 1,400% - Help Net Security

• Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs

• Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com)

• Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)

• Cyber agencies warn of new TrueBot malware variants targeting US and Canadian firms (therecord.media)

• CISA: Truebot malware infecting networks in US, Canada | TechTarget

• Mockingjay - A New Injection Technique to Bypass EDR (cybersecuritynews.com)

• Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)

• Mexican Hacker Unleashes Android Malware on Global Banks - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek

• Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

• Mobile Cyber Attacks Soar, Especially Against Android Users (darkreading.com)

• Android users at risk as banking trojan targets more apps | Fox News

• Cyber Attacks Against Mobile Devices Growing Fast - MSSP Alert

• We can’t trust the Government to protect your privacy, says boss of Signal (telegraph.co.uk)

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

• Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)

• Mexican Hacker Unleashes Android Malware on Global Banks - Infosecurity Magazine (infosecurity-magazine.com)

Botnets

• Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)

• Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)

Denial of Service/DoS/DDOS

• CISA issues DDoS warning after attacks hit multiple US orgs (bleepingcomputer.com)

• Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)

• Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics (thehackernews.com)

Data Breaches/Leaks

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• Microsoft denies data breach, theft of 30 million customer accounts (bleepingcomputer.com)

• Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En

• The Impacts of Data Loss on Your Organisation- Security Affairs

• Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone (thehackernews.com)

• Report Reveals Companies Unprepared For Darknet Data Leaks - Infosecurity Magazine (infosecurity-magazine.com)

• Nickelodeon investigates breach after leak of 'decades old’ data (bleepingcomputer.com)

• OpenAI lawsuit reignites privacy debate over data scraping | CyberScoop

• 28,000 Impacted by Data Breach at Pepsi Bottling Ventures - SecurityWeek

Organised Crime & Criminal Actors

• Exploring the Dark Web Job Market (socradar.io)

• INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cyber Crime (thehackernews.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Meduza Stealer targets tens of crypto wallers and pwd managers- Security Affairs

• $7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)

• Hackers stole millions of dollars worth of crypto assets from Poly Network platform- Security Affairs

Insider Risk and Insider Threats

• Human Error the Leading Cause of Cloud Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Why cyberpsychology is such an important part of effective cyber Security | CSO Online

Fraud, Scams & Financial Crime

• Google Searches for 'USPS Package Tracking' Leads to Banking Theft (darkreading.com)

• Support from British businesses crucial in removing over... - NCSC.GOV.UK

• GPT-4 is great at infuriating telemarketing scammers • The Register

• Ex-Amazon manager who stole $9m+ gets 16 years in prison • The Register

• $7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)

• International Police Operation Dismantles Phone Scam Network - Infosecurity Magazine (infosecurity-magazine.com)

• Four Men Face 20 Years For Money Laundering Charges - Infosecurity Magazine (infosecurity-magazine.com)

Deepfakes

• Scammers using AI voice technology to commit crimes - Help Net Security

• Cyber Criminals can break voice authentication with 99% success rate - Help Net Security

AML/CFT/Sanctions

• Four Men Face 20 Years For Money Laundering Charges - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online

• Find A Cyber Insurance Policy That Fits Your Small Business Budget (forbes.com)

• Cyber insurance rates drop 10% in June, report says | Reuters

• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)

• How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)

Dark Web

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)

• Report Reveals Companies Unprepared For Darknet Data Leaks - Infosecurity Magazine (infosecurity-magazine.com)

• Exploring the Dark Web Job Market (socradar.io)

• Deep Web vs Dark Web: What’s the Difference? - Keeper (keepersecurity.com)

Supply Chain and Third Parties

• Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)

• TSMC says IT supplier extorted by LockBit • The Register

• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead | Tom's Hardware (tomshardware.com)

Software Supply Chain

• A CISO's Guide to Paying Down Software Supply Chain Security Debt (darkreading.com)

Cloud/SaaS

• Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)

• Japan rebukes Fujitsu for cloud security fails • The Register

• Cloud security: Sometimes the risks may outweigh the rewards – Cyber Reports Cyber Security News & Information (cyber-reports.com)

• 53% of SaaS licenses remain unused - Help Net Security

• IT leaders believe hybrid cloud solutions are the future of IT - Help Net Security

• Human Error the Leading Cause of Cloud Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Ongoing Incident Prompts JumpCloud to Reset API Keys - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft investigates Outlook.com bug breaking email search (bleepingcomputer.com)

• 11 best practices for securing data in the cloud | Microsoft Security Blog

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)

Attack Surface Management

• Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online

Encryption

• Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)

• Exploring the Dark Web Job Market (socradar.io)

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek

• Online Safety Bill: WhatsApp, Signal, Element issue stark final warning against mass snooping of messages | Evening Standard

• Security Experts Raise Major Concerns With Online Safety Bill - Infosecurity Magazine (infosecurity-magazine.com)

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

API

• Ongoing Incident Prompts JumpCloud to Reset API Keys - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Mission Linux: How the open source software is now a lucrative target for hackers | CSO Online

• Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• High school changes every student’s password to ‘Ch@ngeme!’ | TechCrunch

• Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets (thehackernews.com)

Social Media

• Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)

• EU Court Deals Blow to Meta in German Data Case - SecurityWeek

• Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns (thehackernews.com)

• Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)

Malvertising

• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

Regulations, Fines and Legislation

• France passes bill to allow police remotely activate phone camera, microphone, spy on people (gazettengr.com)

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek

• EU Court Deals Blow to Meta in German Data Case - SecurityWeek

• Promoting responsible AI: Balancing innovation and regulation - Help Net Security

• European companies slam the EU’s incoming AI regulations in open letter - The Verge

• Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines | TechCrunch

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

Models, Frameworks and Standards

• Center for Internet Security, CREST launch new enterprise cyber Security accreditation scheme | CSO Online

Careers, Working in Cyber and Information Security

• Crack the Code: How to Secure Your Dream Cyber Security Career - IT Security Guru

• 3 Ways to Build a More Skilled Cyber Security Workforce (darkreading.com)

• Make Diversity the 'How,' Not the 'What,' of Cyber Security Success (darkreading.com)

• CISO Speaks: Resilience and Avoiding Burnout - IT Security Guru

• Top 5 Free Online Cyber Security Courses in 2023 (analyticsinsight.net)

• ISACA joins ECSO to strengthen cyber Security and digital skills in Europe - Help Net Security

Law Enforcement Action and Take Downs

• INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cyber Crime (thehackernews.com)

• International Police Operation Dismantles Phone Scam Network - Infosecurity Magazine (infosecurity-magazine.com)

• FBI digital sting against Hive cyber Crime group shows the promise — and limits — of hacking hackers - POLITICO

Privacy, Surveillance and Mass Monitoring

• France passes bill to allow police remotely activate phone camera, microphone, spy on people (gazettengr.com)

• Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register

• Online Safety Bill: WhatsApp, Signal, Element issue stark final warning against mass snooping of messages | Evening Standard

• TSA hopes to expand facial recognition over next ten years • The Register

• NJ cops must get wiretap order for real-time Facebook snoop • The Register

• Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns (thehackernews.com)

• UK Citizens Wary of NHS AI Use, Citing Privacy Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines | TechCrunch

• Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• Switzerland’s Security Report: Impact of Russia–Ukraine Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Satellite system used by Russian military is hacked - The Washington Post

• Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)

• Russian railway site allegedly taken down by Ukrainian hackers (therecord.media)

China

• US authorities warn on China’s new counter-espionage la' • The Register

• Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research

• Chinese threat actor attacks diplomats across Europe • The Register

• Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)

Iran

• Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools (darkreading.com)

• Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)

• Iranian hacking group impersonating nuclear experts to gain intel from Western think tanks | SC Media (scmagazine.com)

North Korea

• Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs

• North Korean satellite had no military utility for spying • The Register

Misc/Other/Unknown

• Advanced Persistent Threats: A Wake-Up Call for Cyber Security (ts2.space)

Vulnerability Management

• Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)

• Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)

Vulnerabilities

• CISA warns Samsung handset bugs and D-Link router flaws are being exploited in wild | SC Media (scmagazine.com)

• 300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug (bleepingcomputer.com)

• Microsoft puts out Outlook fire, downplays Teams flaw • The Register

• Critical Flaw Exposes ArcServe Backup to Remote Code Execution - Infosecurity Magazine (infosecurity-magazine.com)

• WordPress plugin lets users become admins – Patch early, patch often! – Naked Security (sophos.com)

• Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)

• Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities - SecurityWeek

• Microsoft fixes bug behind Windows LSA protection warnings, again (bleepingcomputer.com)

• Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

• Cisco warns of bug that lets attackers break traffic encryption (bleepingcomputer.com)

• StackRot Linux Kernel Bug Has Exploit Code on the Way (darkreading.com)

• Cisco warns of a flaw in Nexus 9000 series switches that allows modifying encrypted traffic- Security Affairs

Tools and Controls

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

• Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek

• Small organisations face security threats on a limited budget - Help Net Security

• 11 best practices for securing data in the cloud | Microsoft Security Blog

• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)

• Mitigating Risk With Threat Intelligence (darkreading.com)

• How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)

Reports Published in the Last Week

• Phishing Trends and Tactics: Q1 of 2023 | Tripwire

• How to Use Threat Intelligence to Mitigate Third-Party Risk Free Report (tradepub.com)

Other News

• Foreign spies hacked government 20 years ago (thetimes.co.uk)

• GCHQ Reveals Details of State-Backed Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Police investigate stolen exam papers after cyber attack (schoolsweek.co.uk)

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek

• Why Schools are Low-Hanging Fruit for Cyber Criminals - IT Security Guru

• Hacks targeting British exam boards raise fears of students cheating (therecord.media)

• Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En

• Is your browser betraying you? Emerging threats in 2023 - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month

March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.

Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.

The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.

https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/

• Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces

Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.

The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:

• Keeping up with threat intelligence (70%)

• Allocating cyber security resources and budget (47%)

• Visibility into all assets connected to the network (44%)

• Compliance and regulation (39%)

• Convergence of IT and OT (32%)

The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.

https://www.msspalert.com/cybersecurity-news/organizations-overwhelmed-with-cybersecurity-alerts-threats-and-attack-surfaces-armis-study-shows/

• One in Three Businesses Faced Cyber Attacks Last Year

Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.

Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.

https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html

• Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged

Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.

The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.

https://www.darkreading.com/vulnerabilities-threats/why-your-anti-fraud-identity-cybersecurity-efforts-should-be-merged

• Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security

With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.

Cobalt’s recent report found:

• Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.

• Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.

• Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.

https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/

• Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes

Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.

Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.

https://www.hivesystems.io/blog/are-your-passwords-in-the-green

• 83% of Organisations Paid Up in Ransomware Attacks

A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.

Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.

https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/

• Security is a Revenue Booster, Not a Cost Centre

Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.

For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.

In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.

https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center

• Ex-CEO Gets Prison Sentence for Bad Security

A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.

Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.

The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.

https://nakedsecurity.sophos.com/2023/04/18/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence-for-bad-data-security/

• Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers

There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.

https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/

• KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend

KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.

The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.

Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.

https://www.itsecurityguru.org/2023/04/19/knowbe4-q1-phishing-report-reveals-it-and-online-services-emails-drive-dangerous-attack-trend/

• Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack

Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.

While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.

https://www.theguardian.com/business/2023/apr/20/capita-admits-customer-data-may-have-been-breached-during-cyber-attack

• Outdated Cyber Security Practices Leave Door Open for Criminals

A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.

https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/

• Quantifying Cyber Risk Vital for Business Survival

Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.

https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/

• Recycled Network Devices Exposing Corporate Secrets

Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.

Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.

In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.

The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.

https://www.infosecurity-magazine.com/news/recycled-network-exposing/

Threats

Ransomware, Extortion and Destructive Attacks

• 83% of organisations paid up in ransomware attacks  | VentureBeat

• March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

• Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)

• RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• UK Education Sector Suffered Most from Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs

• Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek

• LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)

• Abuse victims' data stolen in ransomware attack (rte.ie)

• Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch

• Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs

• Black Basta claims it's selling off stolen Capita data • The Register

• An Analysis of the BabLock Ransomware (trendmicro.com)

• Ransomware reinfection and its impact on businesses - Help Net Security

• Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)

• Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)

• Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)

• Medusa ransomware crew boasts of Microsoft code leak • The Register

• New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• New Qbot campaign delivers malware by hijacking business emails | CSO Online

• KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend - IT Security Guru

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET

• UK government employees receive average of 2,246 malicious emails per year - IT Security Guru

BEC – Business Email Compromise

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• US charges three men with six million dollar business email compromise plot | Tripwire

2FA/MFA

• How to Prevent 2 Common Attacks on MFA (darkreading.com)

Malware

• Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)

• New Chameleon banking trojan is stealing account info — what you need to know | Tom's Guide (tomsguide.com)

• US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)

• New QBot campaign delivered hijacking business correspondenceSecurity Affairs

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• MacStealer - newly-discovered malware steals passwords and exfiltrates data from infected Macs • Graham Cluley

• 'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)

• What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)

Mobile

• Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

Botnets

• 'Zaraza' Bot Targets Google Chrome to Extract Login Credentials (darkreading.com)

Internet of Things – IoT

• Military helicopter crash blamed on missing software patch • The Register

• Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

• Five Eye nations release new guidance on smart city cyber security | CSO Online

Data Breaches/Leaks

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)

• Volvo retailer leaks sensitive files - Security Affairs

• Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek

• Cyber attack on Insurance Information Bureau of India; data at risk - The Economic Times (indiatimes.com)

• Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek

Organised Crime & Criminal Actors

• Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• Standardized data collection methods can help fight cyber crime | TechTarget

• Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

Insider Risk and Insider Threats

• Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Top risks and best practices for securely offboarding employees | CSO Online

• Critical Infrastructure Firms Concerned Over Insider Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How to Strengthen your Insider Threat Security - IT Security Guru

Fraud, Scams & Financial Crime

• Pre-pandemic techniques are fueling record fraud rates - Help Net Security

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• Trial and error in Kuwait | CyberScoop

• US extradites Nigerian charged in $6m email fraud scam • The Register

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• Three charged over banking fraud for hire website | Computer Weekly

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

• Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur

• FTC orders payments firm to pay $650k over tech support scam • The Register

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Fraudsters impersonating genuine providers cost £177.6m in 2022, UK Finance data suggests | Business News | Sky News

• Scammers using social media to dupe people into becoming money mules - Help Net Security

AML/CFT/Sanctions

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)

• Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek

• Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online

Dark Web

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

Supply Chain and Third Parties

• Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)

• 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant

• Capita admits customer, supplier or colleague data may have been accessed by hackers | Business News | Sky News

• Lazarus APT group employed Linux Malware in recent attacks-Security Affairs

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

Software Supply Chain

• CISA Introduces Secure-by-design and Secure-by-default Development Principles – Security Week

Cloud/SaaS

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• Is there really a march from the public cloud back on-prem? | TechCrunch

• Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs

Attack Surface Management

• Recycled Core Routers Expose Sensitive Corporate Network Info (darkreading.com)

Shadow IT

• The staying power of shadow IT, and how to combat risks related to it - Help Net Security

Identity and Access Management

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)

• The biggest data security blind spot: Authorization - Help Net Security

Encryption

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

API

• Triple-digit Increase in API and App Attacks on Tech and Retail - Infosecurity Magazine (infosecurity-magazine.com)

• There's Been a 400% Increase in Unique API Attackers - The New Stack

Open Source

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Security beyond software: The open source hardware security evolution - Help Net Security

• Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com

Passwords, Credential Stuffing & Brute Force Attacks

• How Long It Would Take A Hacker To Brute Force Your Password In 2023, Ranked | Digg

Social Media

• LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Scammers using social media to dupe people into becoming money mules - Help Net Security

Regulations, Fines and Legislation

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Brit cops rapped over app that recorded 200k phone calls • The Register

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Governance, Risk and Compliance

• Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)

• Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• 'One in three firms faced cyber attacks last year' (aol.co.uk)

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

• Quantifying cyber risk vital for business survival - Help Net Security

• Wargaming an effective data breach playbook - Help Net Security

• Outdated cyber security practices leave door open for criminals - Help Net Security

• CISOs struggling to protect sensitive data records - Help Net Security

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Gartner Top Strategic Cyber security Trends 2023

• 3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)

• Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-CIO must pay £81k over Total Shambles Bank migration • The Register

• Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security

• Top risks and best practices for securely offboarding employees | CSO Online

• How companies are struggling to build and run effective cyber security programs - Help Net Security

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)

Secure Disposal

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

Backup and Recovery

• CISOs struggling to protect sensitive data records - Help Net Security

Data Protection

• Government reprimanded for serious breaches of data protection law - Jersey Evening Post

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Brit cops rapped over app that recorded 200k phone calls • The Register

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Careers, Working in Cyber and Information Security

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

Law Enforcement Action and Take Downs

• Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes (bitdefender.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• US extradites Nigerian charged in $6m email fraud scam • The Register

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

• Three charged over banking fraud for hire website | Computer Weekly

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Privacy, Surveillance and Mass Monitoring

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• What the Recent Collapse of SVB Means for Privacy (darkreading.com)

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

Artificial Intelligence

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register

• AI-created malware sends shockwaves through cybersecurity world | Fox News

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)

• ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Misinformation, Disinformation and Propaganda

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers targeting UK more frequently (thetimes.co.uk)

• UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure | CSO Online

• Russian hackers want to ‘disrupt or destroy’ UK infrastructure, minister warns | Hacking | The Guardian

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)

• Meet the hacker armies on Ukraine's cyber front line - BBC News

• Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)

• Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• How cyber support to Ukraine can build its democratic future | CyberScoop

• Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)

• Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)

• Britain sounds alarm on spyware, mercenary hacking market | Reuters

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

• The UK will need more than words in this cyber war | Financial Times (ft.com)

• Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)

Nation State Actors

• BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)

• 3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)

• UK security chief’s alert over threat from China (thetimes.co.uk)

• Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites (thehackernews.com)

• APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)

• China starts ‘surgical’ retaliation against foreign companies after US-led tech blockade | Financial Times

• Iranian-Russian cooperation on hack attacks may challenge Israeli cyber supremacy | The Times of Israel

• US charges 44 members of alleged Chinese troll army • The Register

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets - Microsoft Security Blog

• MuddyWater Uses SimpleHelp to Target Critical Infrastructure Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)

• Iranian Nation-State Actor "Mint Sandstorm" Weaponizes N-day Flaws - Infosecurity Magazine (infosecurity-magazine.com)

• Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)

• Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Vulnerability Management

• Military helicopter crash blamed on missing software patch • The Register

• Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

Vulnerabilities

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• CISA: Patch Bug Exploited by Chinese E-commerce App - Infosecurity Magazine (infosecurity-magazine.com)

• Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)

• Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)

• Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs

• VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek

• Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products (thehackernews.com)

• Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)

Tools and Controls

• CISA Asks Manufacturers to Prioritize Cybersecurity in Product Design - Infosecurity Magazine (infosecurity-magazine.com)

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• 7 countries unite to push for secure-by-design development | CSO Online

• Wargaming an effective data breach playbook - Help Net Security

• Where There's No Code, There's No SDLC (darkreading.com)

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)

• Microsoft opens up Defender with file hash, URL search • The Register

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

• How to build a cybersecurity deception program | TechTarget

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

• Threat Posed by 'Irresponsible' Use of Commercial Hacking Tools Increasing, NCSC Warns - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs struggling to protect sensitive data records - Help Net Security

• Generative AI in SecOps and how to prepare | TechTarget

• AI defenders ready to foil AI-armed attackers • The Register

• Newer Authentication Tech a Priority for 2023 (darkreading.com)

Other News

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop

• Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)

• How to defend against TCP port 445 and other SMB exploits | TechTarget

• Criminal Records Service still disrupted 4 weeks after hack - BBC News

• Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)

• Cyberspace Solarium Commission says space systems should be considered critical infrastructure | CyberScoop

• UK Strengthens Cyber security Audits for Government Agencies - Infosecurity Magazine (infosecurity-magazine.com)

• EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com

 Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief

Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC).  Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.

Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject.  When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.

https://www.telegraph.co.uk/news/2023/01/28/business-leaders-need-hands-on-approach-stop-cyber-crime-says/

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks

Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.

"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.

BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.

https://www.darkreading.com/remote-workforce/rising-firebrick-ostrich-bec-group-launches-industrial-scale-cyberattacks

• The Corporate World is Losing its Grip on Cyber Risk

Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.

But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.

But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”

The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.

https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906

• Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks

Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.

Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.

Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.

Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.

https://www.bleepingcomputer.com/news/security/microsoft-over-100-threat-actors-deploy-ransomware-in-attacks/

• Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk

With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.

Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk.  The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.

https://www.itsecurityguru.org/2023/02/02/ransomware-conversations-why-the-cfo-is-pivotal-to-discussing-and-preparing-for-risk

• Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023

Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year. 

In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.

https://www.darkreading.com/attacks-breaches/greater-incident-complexity-a-shift-in-the-way-threat-actors-use-stolen-data-and-a-rise-in-us-class-actions-will-drive-the-cyber-threat-landscape-in-2023-according-to-beazley-report

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside

A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training. 

https://www.darkreading.com/vulnerabilities-threats/the-threat-from-within-71-of-business-leaders-surveyed-think-next-cybersecurity-breach-will-come-from-the-inside

• 98% of Organisations Have a Supply Chain Relationship That Has Been Breached

A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.

https://www.securityweek.com/98-of-firms-have-a-supply-chain-relationship-that-has-been-breached-analysis/

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.

In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.

https://www.darkreading.com/attacks-breaches/new-survey-reveals-40-of-companies-experienced-a-data-leak-in-the-past-year

• Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation

The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.

The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable.  It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.

https://www.euronews.com/2023/01/26/russian-hackers-launch-cyberattack-on-germany-in-leopard-retaliation

• Financial Services Targeted in 28% of UK Cyber Attacks Last Year

Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.

https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/

• Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For

Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.

The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.

https://www.zdnet.com/article/phishing-attacks-are-getting-scarily-sophisticated-heres-what-to-watch-out-for/

• City of London on High Alert After Ransomware Attack

A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.

https://www.infosecurity-magazine.com/news/city-of-london-high-alert/

• JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack

Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.

JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.

https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79

Threats

Ransomware, Extortion and Destructive Attacks

• City Of London Traders Hit By Russia-Linked Cyber Attack (informationsecuritybuzz.com)

• New Nevada Ransomware targets Windows and VMware ESXi systems (bleepingcomputer.com)

• City of London on High Alert After Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk - IT Security Guru

• US puts a $10m bounty on Hive while Russia shuts down access • The Register

• Copycat Criminals mimicking Lockbit gang in northern Europe security affairs

• Ransom-what? Learning from Hacked Hackers (secureworld.io)

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• Council leader 'put her foot down' and refused to pay multi-million pound ransom demand from hackers - Teesside Live (gazettelive.co.uk)

• 6 Ransomware Trends & Evolutions For 2023 (trendmicro.com)

• Cyber Attack Hits Derivatives Unit of Trading Software Firm ION - Bloomberg

• Regulators weigh in on ION attack as LockBit takes credit • The Register

• New Mimic Ransomware Abuses Windows Search Engine (cyber securitynews.com)

• Stratford University discloses ransomware attack — but which ransomware attack? (databreaches.net)

• Schools don't pay, but ransomware attacks still increasing | TechTarget

• Poser Hackers Impersonate LockBit in SMB Cyber attacks (darkreading.com)

• Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget

• Nevada Ransomware Has Released Upgraded Locker security affairs

• LockBit Green ransomware variant borrows code from Conti one security affairs

• Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com)

• Ransomware attacks on public sector persist in January | TechTarget

• Ransomware attack on data firm ION could take days to fix -sources | Reuters

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

Phishing & Email Based Attacks

• Phishing attacks are getting scarily sophisticated. Here's what to watch out for | ZDNET

• BEC Group Uses Open Source Tactics in Hundreds of Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status (darkreading.com)

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• BEC Group Uses Open Source Tactics in Hundreds of Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors - Infosecurity Magazine (infosecurity-magazine.com)

• Long Con Impersonates Financial Advisers to Target Victims (darkreading.com)

2FA/MFA

• Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)

Malware

• How Can Disrupting DNS Communications Thwart a Malware Attack? (darkreading.com)

• Hackers use new IceBreaker malware to breach gaming companies (bleepingcomputer.com)

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)

• PoS malware can block contactless payments to steal credit cards (bleepingcomputer.com)

• Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service (thehackernews.com)

• New APT34 Malware Targets The Middle East (trendmicro.com)

• HeadCrab malware targets Redis to mine cryptocurrency | TechTarget

• Malvertising attacks are distributing .NET malware loaders • The Register

• Hackers weaponize Microsoft Visual Studio add-ins to push malware (bleepingcomputer.com)

Mobile

• Google Fi data breach let hackers carry out SIM swap attacks (bleepingcomputer.com)

• Over 1,800 Android phishing forms for sale on cyber crime market (bleepingcomputer.com)

• Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

Botnets

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)

Denial of Service/DoS/DDOS

• Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)

• New DDoS-as-a-Service platform used in recent attacks on hospitals (bleepingcomputer.com)

Internet of Things – IoT

• IoT, connected devices biggest contributors to expanding application attack surface | CSO Online

• European IoT Manufacturers Lag in Vulnerability Disclosure (databreachtoday.co.uk)

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (thehackernews.com)

• Anker finally comes clean about its Eufy security cameras - The Verge

Data Breaches/Leaks

• JD Sports warns data of 10mn customers put at risk in cyber attack | Financial Times (ft.com)

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)

• Planet Ice hacked! 240,000 skating fans' details stolen (bitdefender.com)

• If a locked filing cabinet is stolen along with its key, can you still say it’s locked? GoTo thinks you can • Graham Cluley

Organised Crime & Criminal Actors

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals (darkreading.com)

• Cyber crime Ecosystem Spawns Lucrative Underground Gig Economy (darkreading.com)

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert

• Report on hackers' salaries shows poor wages for developers • The Register

• 6 Examples of the Evolution of a Scam Site (darkreading.com)

• Cyber Insights 2023: Criminal Gangs - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• ‘Everything is fake’: how global crime gangs are using UK shell companies in multi-million pound crypto scams | Organised crime | The Guardian

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• HeadCrab malware targets Redis to mine cryptocurrency | TechTarget

Insider Risk and Insider Threats

• Insider attacks becoming more frequent, more difficult to detect - Help Net Security

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber security Breach Will Come from the Inside (darkreading.com)

• Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)

• The next cyber threat may come from within - Help Net Security

• Insider threats: The cyber risks lurking in the dark (betanews.com)

• Executives Worry Equally About Insider Cyber Errors, Outsider Threats: How MSSPs Can Help - MSSP Alert

• Former Ubiquiti dev pleads guilty to data theft, extortion • The Register

Fraud, Scams & Financial Crime

• ‘Everything is fake’: how global crime gangs are using UK shell companies in multi-million pound crypto scams | Organised crime | The Guardian

• New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors - Infosecurity Magazine (infosecurity-magazine.com)

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Russian Millionaire on Trial in Hack, Insider Trade Scheme - SecurityWeek

• 6 Examples of the Evolution of a Scam Site (darkreading.com)

• Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank | Tripwire

• Romance Fraudsters Have Stolen £65m From Brits Since 2020 (informationsecuritybuzz.com)

Impersonation Attacks

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 - Infosecurity Magazine (infosecurity-magazine.com)

• Why CISOs Should Care About Brand Impersonation Scam Sites (darkreading.com)

AML/CFT/Sanctions

• As the anti-money laundering perimeter expands, who needs to be compliant, and how? - Help Net Security

Insurance

• 4 Cyber Insurance Requirement Predictions for 2023 (trendmicro.com)

Dark Web

• There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals (darkreading.com)

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert

• Report on hackers' salaries shows poor wages for developers • The Register

Supply Chain and Third Parties

• 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis - SecurityWeek

• Almost all Organisations are Working with Recently Breached Vendors - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of organisations have indirect relationships with 200+ breached fourth-party vendors - Help Net Security

• Cyber attack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? - MSSP Alert

• New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs | CSO Online

• CISA to Open Supply Chain Risk Management Office (darkreading.com)

• Cyber Insights 2023 | Supply Chain Security - SecurityWeek

Cloud/SaaS

• Misconfiguration and vulnerabilities biggest risks in cloud security: Report | CSO Online

• Hybrid cloud storage security challenges - Help Net Security

• Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security

Containers

• Researchers Claim High-Risk Vulnerabilities Found in 87% of All Container Images - Infosecurity Magazine (infosecurity-magazine.com)

Encryption

• Serious Security: The Samba logon bug caused by outdated crypto – Naked Security (sophos.com)

• Encryption Explained: At Rest, In Transit & End-To-End Encryption | Splunk

• Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse - SecurityWeek

API

• The emergence of trinity attacks on APIs - Help Net Security

• API management (APIM): What It Is and Where It’s Going security affairs

Open Source

• Microsoft upgrades Defender to lock down Linux devices • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• Bitwarden Password Manager users are being targeted by phishing ads on Google- gHacks Tech News

• KeePass disputes vulnerability allowing stealthy password theft (bleepingcomputer.com)

Social Media

• Inside TikTok’s proposal to address US national security concerns | CyberScoop

• Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)

Malvertising

• Malvertising attacks are distributing .NET malware loaders • The Register

Training, Education and Awareness

• Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)

Regulations, Fines and Legislation

• Regulators weigh in on ION attack as LockBit takes credit • The Register

• New UN cyber crime convention has a long way to go in a tight timeframe | CSO Online

Governance, Risk and Compliance

• Business leaders need hands-on approach to stop cyber crime, says spy chief (telegraph.co.uk)

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)

• Financial Services Targeted in 28% of UK Cyber-Attacks Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• 70% of CIOs anticipate their involvement in cyber security to increase - Help Net Security

• Cyber security Budgets Are Going Up. So Why Aren't Breaches Going Down? (thehackernews.com)

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk - IT Security Guru

• You Don't Know Where Your Secrets Are (thehackernews.com)

• Inability to prevent bad things from happening seen as the worst part of a security job - Help Net Security

• The corporate world is losing its grip on cyber risk | Financial Times (ft.com)

• IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance (darkreading.com)

Careers, Working in Cyber and Information Security

• Inability to prevent bad things from happening seen as the worst part of a security job - Help Net Security

• Thriving Dark Web Trade in Fake Security Certifications - Infosecurity Magazine (infosecurity-magazine.com)

• The Effect of Cyber security Layoffs on Cyber security Recruitment - SecurityWeek

• Economic headwinds could deepen the cyber security skills shortage | CSO Online

Law Enforcement Action and Take Downs

• 7 Ways Hive Ransomware Gang Caused Chaos Before FBI Hacked It (gizmodo.com)

• US puts a $10m bounty on Hive while Russia shuts down access • The Register

• Hacker accused of having stolen personal data of all Austrians security affairs

• Alleged ShinyHunters gang member in US court • The Register

• Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget

Privacy, Surveillance and Mass Monitoring

• On Data Privacy Day, Organisations Fail Data Privacy Expectations (darkreading.com)

• Hacker accused of having stolen personal data of all Austrians security affairs

• Enterprises Need to Do More to Assure Consumers About Privacy (darkreading.com)

Artificial Intelligence

• Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online

• OpenAI releases tool to detect AI-written text (bleepingcomputer.com)

• Reality check: Is ChatGPT really the next big cyber security threat? | CyberScoop

• Cyber Insights 2023: Artificial Intelligence - SecurityWeek

Misinformation, Disinformation and Propaganda

• Google deletes 50,000 pro-China fake-news vids and blogs • The Register

• Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek

• Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)

• Latvia confirms phishing attack on Ministry of Defence, linking it to Russian hacking group - The Record from Recorded Future News

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

• Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek

• Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)

• Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert

• Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)

• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)

• New APT34 Malware Targets The Middle East (trendmicro.com)

• Lazarus Group Attack Identified After Operational Security Fail - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

• Cyber Insights 2023: The Geopolitical Effect - SecurityWeek

Nation State Actors

Nation State Actors – Russia

• Russian Nuisance Hacking Group KillNet Targets Germany (govinfosecurity.com)

• Russian hackers launch cyber attack on Germany in Leopard retaliation | Euronews

• Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)

• Latvia confirms phishing attack on Ministry of Defence, linking it to Russian hacking group - The Record from Recorded Future News

• A Link to News Site Meduza Can (Technically) Land You in Russian Prison | WIRED

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

• Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek

• Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)

• Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert

• Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)

• Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)

• IT Army of Ukraine gained access to 1.5GB archive from Gazprom security affairs

• There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)

• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)

Nation State Actors – China

• Google deletes 50,000 pro-China fake-news vids and blogs • The Register

• Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign (darkreading.com)

• TikTok CEO to testify before US. Congress over security concerns | Reuters

Nation State Actors – North Korea

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Lazarus Group Attack Identified After Operational Security Fail - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)

Nation State Actors – Iran

• Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

Nation State Actors – Misc

• Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online

• New APT34 Malware Targets The Middle East (trendmicro.com)

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

Vulnerability Management

• The future of vulnerability management and patch compliance - Help Net Security

• What is the CVSS (Common Vulnerability Scoring System)? (techtarget.com)

Vulnerabilities

• Researchers to release VMware vRealize Log RCE exploit, patch now (bleepingcomputer.com)

• Patch management is crucial to protect Exchange servers, Microsoft warns security affairs

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (thehackernews.com)

• QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (thehackernews.com)

• Over 29,000 QNAP devices unpatched against new critical flaw (bleepingcomputer.com)

• Firmware Flaws Could Spell 'Lights Out' for Servers (darkreading.com)

• Why you might not be done with your January Microsoft security patches | CSO Online

• Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’ | The Daily Swig (portswigger.net)

• HPE, NetApp warn of critical open-source bug | SC Media (scmagazine.com)

• High-severity bug in F5 BIG-IP can lead to code execution and DoS security affairs

• Cisco fixes bug allowing backdoor persistence between reboots (bleepingcomputer.com)

• Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability (thehackernews.com)

• CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (thehackernews.com)

• Threat activity increasing around Fortinet VPN vulnerability | TechTarget

• Remote code execution exploit chain available for VMware vRealize Log Insight | CSO Online

Tools and Controls

• Gartner report shows zero trust isn’t a silver bullet | VentureBeat

Other News

• We can't rely on goodwill to protect our critical infrastructure - Help Net Security

• Playing Military Sim War Thunder May Get You Classed as a National Security Risk

• Cyber attacks in space: How safe are our satellites? | Metro News

• Threat Actors Use ClickFunnels to Bypass Security Services - Infosecurity Magazine (infosecurity-magazine.com)

• Massive Microsoft 365 outage caused by WAN router IP change (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Hackers Hit One Third of Organisations Worldwide Multiple Times

Hackers have stolen customer records multiple times from nearly a third of organisations worldwide in the past 12 months, security provider Trend Micro said in its newly released, twice-yearly Cyber Risk Index (CRI) report.

The report features interviews with some 4,100 organisations across North America, Europe, Latin/South America and Asia-Pacific. Respondents stressed that customer records are at increased risk as organisations struggle to profile and defend an expanding attack surface.

Overall, respondents rated the following as the top cyber threats in 1H 2022:

• Business Email Compromise (BEC)

• Clickjacking

• Fileless attacks

• Ransomware

• Login attacks (Credential Theft)

Here are some key findings from the study:

• The CRI calculates the gap between organisational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.

• This is a slight increase in risk from the second half of 2021, when it was -0.04. Organisations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison.

• The number of global organisations experiencing a “successful” cyber-attack increased from 84% to 90% over the same period.

• The number now expected to be compromised over the coming year has also increased from 76% to 85%.

From the business perspective, the biggest concern is the misalignment between CISOs and business executives, Trend Micro said. The answers given by respondents to the question: “My organisation’s IT security objectives are aligned with business objectives,” only made a score of 4.79 out of 10.0

By addressing the shortage of cyber security professionals and improving security processes and technology, organisations will significantly reduce their vulnerability to attacks.

You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organisations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform.

https://www.msspalert.com/cybersecurity-research/hackers-hit-one-third-of-organizations-worldwide-multiple-times/

• Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks

Companies pay an average of $1,197 per employee yearly to address successful cyber incidents against email services, cloud collaboration apps or services and browsers.

Security researchers at Perception Point shared the findings with Infosecurity before publishing them in a new white paper this month.

According to the new data, the above figures exclude compliance fines, ransomware mitigation costs and losses from non-operational processes, all of which can cause further spending.

The survey, conducted in conjunction with Osterman Research in June, considers the responses of 250 security and IT decision-makers at various enterprises and reveals additional discoveries regarding today’s enterprise threat landscape.

These findings demonstrate the urgent need for organisations to find the most accurate and efficient cyber security solutions which provide the necessary protection with streamlined processes and managed services.

Among the findings is that malicious incidents against new cloud-based apps and services occur at 60% of the frequency with which they take place on email-based services.

Additionally, some attacks, like those involving malware installed on an endpoint, happen on cloud collaboration apps at a much higher rate (87%) when compared to email-based services.

The Perception Point report also shows that a successful email-based cyber incident takes security staff an average of 86 hours to address.

In light of these figures, the security company added that one security professional with no additional support can only handle 23 email incidents annually, representing a direct cost of $6452 per incident alone.

Conversely, incidents detected on cloud collaboration apps or services take, on average, 71 hours to resolve. In these cases, one professional can handle just 28 incidents yearly at an average cost of $5305 per incident.

https://www.infosecurity-magazine.com/news/firms-dollar1197-per-employee/

• 90% of Organisations have Microsoft 365 Security Gaps

A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organisations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance?

Research from the study reveals that many common security procedures are not being followed 100% of the time. This leaves gaping holes in most organisations’ security defences. While most companies have strong documented security policies, the research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources:

• 90% of companies had gaps across all four key areas studied – multi-factor authentication (MFA), email security, password policies, and failed logins

• 87% of companies have MFA disabled for some or all their admins (which are the most critical accounts to protect, due to their higher access levels)

• Only 17% of companies had strong password requirements that were being consistently followed.

Overall, nearly every organisation is leaving the door open for cyber security threats due to weak credentials, particularly for administrator accounts.

In addition to security challenges, the study identified key areas for improvement in managing Microsoft 365 licences as well, such as:

• The average company had 21.6% of their licenses unassigned or “sitting on the shelf.” Another 10.2% of licenses were inactive, for an average of 31.9% unused licenses.

• 17% of companies had over 10,000 licenses unassigned or inactive. These cases represent big opportunities to optimise licence spend with better tools.

Overall, the study reveals that reporting challenges make security and licence management incredibly difficult, leading to unnecessary risks and costs.

https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/

• Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors

A callback phishing extortion campaign by Luna Moth (aka Silent Ransom Group) has targeted businesses in multiple sectors, including legal and retail.

The findings come from Palo Alto Network’s security team Unit 42, which described the campaign in a new advisory.

“This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope,” reads the technical write-up. At the same time, Unit 42 said that this type of social engineering attack leaves very few artifacts because it relies on legitimate technology tools to carry out attacks. In fact, callback phishing, also known as telephone-oriented attack delivery (TOAD), is a social engineering method that requires a threat actor to interact with the victim to accomplish their goals.

“This attack style is more resource intensive but less complex than script-based attacks, and it tends to have a much higher success rate,” reads the advisory. According to Unit 42, threat actors associated with the Conti group have extensively used this attack style in BazarCall campaigns. “Early iterations of this attack focused on tricking the victim into downloading the BazarLoader malware using documents with malicious macros,” explained the researchers.

As for the new campaign, which Sygnia security researchers first unveiled in July, it removes the malware portion of the attack. “In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data [...] As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” Unit 42 wrote.

The researchers also said that they expect callback phishing attacks to increase in popularity because of low per-target cost, low risk of detection and fast monetisation factors.

https://www.infosecurity-magazine.com/news/luna-moth-phishing-target-multiple/

• The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For

With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber-attacks not only can affect customers’ data, but they can impact service delivery.

In one of the recent incidents, the UK’s discount retailer The Works has been forced to temporarily shut down some of its stores after a ransomware attack. While the tech team quickly shut down the company’s computers after being alerted to the security breach by the firewall system, the attack caused disruption to deliveries and store functionality including till operations.

A cyber security incident can greatly affect a business due to the consequences associated with cyber-attacks like potential lawsuits, hefty fines and damage payments, insurance rate hikes, criminal investigations and bad publicity. For example, shares of Okta, a major provider of authentication services, fell 9% after the company revealed it was a victim of a major supply chain incident via an attack on a third-party contractor’s laptop, which affected some of its customers.

Another glaring example is a 2021 cyber-attack launched by the Russian-speaking ransomware gang called DarkSide against the operator of one of the US’ largest fuel pipelines Colonial Pipeline, which crippled fuel delivery across the Southeastern United States impacting lives of millions due to supply shortages. Colonial paid the DarkSide hackers a $4.4 million ransom soon after the incident. The attackers also stole nearly 100GB of data from Colonial Pipeline and threatened to leak it if the ransom wasn’t paid. It’s also worth noting that the company is now facing a nearly $1 million penalty for failure “to plan and prepare for a manual restart and shutdown operation, which contributed to the national impacts after the cyber-attack.”

Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).

Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.

For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.

https://informationsecuritybuzz.com/the-real-cost-of-cyber-attacks-what-organizations-should-be-prepared-for-2/

• 34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware

As many as 34 Russian-speaking gangs, distributing information-stealing malware under the stealer-as-a-service model, stole no fewer than 50 million passwords in the first seven months of 2022.

"The underground market value of stolen logs and compromised card details is estimated around $5.8 million" Singapore-headquartered Group-IB said in a report shared with The Hacker News.

Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.

A majority of the victims were located in the US, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, over 890,000 devices in 111 countries were infected during the time frame.

Group-IB said the members of several scam groups who are propagating the information stealers previously participated in the Classiscam operation. These groups, which are active on Telegram and have around 200 members on average, are hierarchical, consisting of administrators and workers (or traffers), the latter of whom are responsible for driving unsuspecting users to info-stealers like RedLine and Raccoon. This is achieved by setting up bait websites that impersonate well-known companies and luring victims into downloading malicious files. Links to such websites are, in turn, embedded into YouTube video reviews for popular games and lotteries on social media, or shared directly with non-fungible token (NFT) artists.

https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html

• “Password” Continues to Be the Most Common Password in 2022

You would think the time spent working from home in the last two years or so helped netizens across the planet figure out how to master the world of WWW in a more efficient manner.

But new research from NordPass shows that despite so many people relying on an Internet connection for their daily activities, few actually care about the security of their data when they go online.

As a result, “password” continues to be the number one password out there, with the aforementioned company claiming that this particular keyword was detected close to 5 million times in a 3TB database. It takes less than one second to crack this password, the company says.

“123456” is currently the second most-used password worldwide, followed by its longer sibling known as “123456789” because, you know, hackers don’t know how to count to 10.

“There’s more than one way to get swindled on Tinder: using “tinder” as your password is more risky than swiping right on a billionaire. In total, this password was used 36,384 times” NordPass says. “The glitziest film industry event of the year – the Oscars ceremony – inspired many to use not-so-glitzy passwords: the password “Oscars” was used 62,983 times.”

Of course, it’s no surprise that Internet users out there turn to movies to get inspiration for their passwords, so unfortunately, “batman” is currently one of the most used keywords supposed to secure Internet accounts.

“Films and shows like Batman, Euphoria, and Encanto were among the most popular releases in 2021/2022. All are also popular passwords: “batman” was used 2,562,776 times, “euphoria” 53,993, and “encanto” 10,808 times,” the company says.

The most common password in the United States is “guest,” while in the United Kingdom, quite a lot of people go for “liverpool” (despite hackers needing just 1 second to crack it).

https://news.softpedia.com/news/password-continues-to-be-the-most-common-password-in-2022-as-well-536503.shtml

• Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers

A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. The same security vulnerability appears to have been exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.

It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression. HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle. A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.

At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but said nothing about anyone exploiting it. Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts.

https://9to5mac.com/2022/11/25/massive-twitter-data-breach/

• European Parliament Declares Russia to be a State Sponsor of Terrorism – Then Gets Attacked

On Wednesday, the European Parliament adopted a resolution on the latest developments in Russia’s brutal war of aggression against Ukraine. MEPs highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes. In light of this, they recognise Russia as a state sponsor of terrorism and as a state that “uses means of terrorism”.

As the EU currently cannot officially designate states as sponsors of terrorism, the European Parliament calls on the EU and its member states to put in place the proper legal framework and consider adding Russia to such a list. This would trigger a number of significant restrictive measures against Moscow and have profound restrictive implications for EU relations with Russia.

In the meantime, MEPs call on the Council to include the Russian paramilitary organisation ‘the Wagner Group’, the 141st Special Motorized Regiment, also known as the “Kadyrovites”, and other Russian-funded armed groups, militias and proxies, on the EU’s terrorist list.

Almost immediately after the vote the European Parliament suffered a sustained denial of service attack that shut down email services and disrupted internet access for more than an hour. A pro-Russian group called KILLNET then claimed responsibility in a Telegram post.

https://www.europarl.europa.eu/news/en/press-room/20221118IPR55707/european-parliament-declares-russia-to-be-a-state-sponsor-of-terrorism

https://informationsecuritybuzz.com/comment-european-parliament-hit-by-cyberattack-after-vote-on-russia/

• The Changing Nature of Nation-State Cyber Warfare

Military conflict is ever shifting from beyond the battlefield and into cyber space. Ever more sophisticated and ruthless groups of nation-state actors and their proxies continue to target critical systems and infrastructure for political and ideological leverage. These criminals’ far-reaching objectives include intelligence gathering, financial gain, destabilising other nations, hindering communications, and the theft of intellectual property.

The risks to individuals and society are clear. Due to its importance to daily life and the economy, the UK’s critical national infrastructure (CNI) is a natural target for malicious nation-state cyber-attacks. We only need look at the Colonial Pipeline ransomware attack in the US – at the hands of the Russia-affiliated DarkSide group – to appreciate the potential for one criminal act to escalate and cause large-scale societal impact: panic and disruption. Even though the pipeline was shut down for less than a week, the havoc caused by suspending fuel supplies gave CNI operators everywhere a worrying taste of things to come.

Closer to home, the recent cyber attack on South Staffordshire Water highlights the need for all utilities providers to take proactive measures and precautions to better secure essential human sustenance supplies. With the risk of coordinated attacks by criminals backed by nation states rising, the potential for human casualties if attacks against CNI go unchecked is becoming starkly clear.

The Russia-Ukraine war has heightened awareness of the cyber threats posed by all nation-state adversaries. Unsurprisingly, challenges and conflicts in the physical world tend to bleed through into the cyber domain. And with relations between Western nations and Russia, China, Iran, and North Korea more fraught than ever, UK organisations can expect to see further increases in cyber threats at the hands of hostile nation-state actors.

https://informationsecuritybuzz.com/the-changing-nature-of-nation-state-cyber-warfare/

• Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question

Cyber crime continues to be a persistent and pressing issue for all sized businesses, particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyber attack shut their doors within six months.

Despite the continuing rise in risk, many small businesses remain vulnerable to cyber attacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.

Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyber attack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.

With the constant – and ever-increasing – threat of potential cyber attacks and the need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.

But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK government’s Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy in place.

Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance.  While all-sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, the time involved in finding a provider, and a lack of understanding of the importance of a cyber insurance policy.

https://informationsecuritybuzz.com/is-your-company-covered-for-a-cybersecurity-attack-thats-the-2-million-question/

Threats

Ransomware and Extortion

• Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)

• Medibank hackers release 1,500 more patient records on dark web, including mental health data | Medibank | The Guardian

• Fake subscription invoices lead to corporate data theft and extortion - Help Net Security

• Ouch! Ransomware gang says it won’t attack AirAsia again due to the “chaotic organisation” and sloppy security of hacked airline’s network • Graham Cluley

• Ransomware gang targets Belgian municipality, hits police instead (bleepingcomputer.com)

• New ransomware encrypts files, then steals your Discord account (bleepingcomputer.com)

• Donut extortion group also targets victims with ransomware (bleepingcomputer.com)

• Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (thehackernews.com)

• Ransomware attacks: Making cyber ransom payments unlawful would help boards (afr.com)

• An aggressive Black Basta Ransomware campaign targets US-based companies - Security Affairs

• Luna Moth ransomware group invests in call centres to target individual victims - SiliconANGLE

• New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)

• Cybereason warns of fast-moving Black Basta campaign (techtarget.com)

• Spate Of Ransomware Targeting Healthcare Cost $92 Billion In Downtime Since 2018, Experts Weigh In - Information Security Buzz

• RansomExx Upgrades to Rust (securityintelligence.com)

• Enterprise healthcare providers warned of Lorenz ransomware threat | SC Media (scmagazine.com)

• Montreal-area city hit by ransomware: Report | IT World Canada News

Phishing & Email Based Attacks

• Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks (darkreading.com)

• World Cup phishing emails spike in Middle Eastern countries • The Register

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs

• SocGholish finds success through novel email techniques | SC Media (scmagazine.com)

BEC – Business Email Compromise

• Ten Charged in $11m Healthcare BEC Plots - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Cyber criminals are increasingly using info-stealing malware to target victims | CSO Online

• A security firm hacked malware operators, locking them out of their own C&C servers | TechSpot

• Emotet is back and delivers payloads like IcedID and Bumblebee - Security Affairs

• All You Need to Know About Emotet in 2022 (thehackernews.com)

• New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)

• Multi-Purpose Botnet and Infostealer 'Aurora' Rising to Fame | SecurityWeek.Com

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Aurora infostealer malware increasingly adopted by cybergangs (bleepingcomputer.com)

• This new malware is able to bypass all of Microsoft's security warnings | TechRadar

• Backdoored Chrome extension installed by 200,000 Roblox players (bleepingcomputer.com)

Mobile

• 'Patch Lag' Leaves Millions of Android Devices Vulnerable (darkreading.com)

• Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws (thehackernews.com)

• Your iPhone may be collecting more personal data than you think | Digital Trends

• This Android File Manager App Infected Thousands of Devices with SharkBot Malware (thehackernews.com)

• Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity

• WhatsApp data leak: 500 million user records for sale | Cybernews

Internet of Things – IoT

• Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog

Data Breaches/Leaks

• Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches - Security Affairs

• WhatsApp data leak: 500 million user records for sale - Security Affairs

• California County Says Personal Information Compromised in Data Breach | SecurityWeek.Com

• Personal data of AirAsia Malaysia, Indonesia and Thailand passengers allegedly leaked due to ransomware - SoyaCincau

Organised Crime & Criminal Actors

• Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)

• How social media scammers buy time to steal your 2FA codes – Naked Security (sophos.com)

• DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads | Cyware Alerts - Hacker News

• Hackers are locking out Mars Stealer operators from their own servers | TechCrunch

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz

• Two Estonians arrested for running $575M crypto Ponzi scheme (bleepingcomputer.com)

• Cyber crooks to ditch BTC as regulation and tracking improves: Kaspersky (cointelegraph.com)

• Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)

• Crypto exchanges’ bundling of services threatens stability, says Bank of England official | Financial Times (ft.com)

• Bahamas SEC Or Hacker? Stolen Funds From FTX Keep On Moving (bitcoinist.com)

Fraud, Scams & Financial Crime

• 'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)

• Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire

• UK Cops Lead Action Against Fraud Site that Made £100m - Infosecurity Magazine (infosecurity-magazine.com)

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Beware - Black Friday online shopping scams are here now | TechRadar

• Online retailers should prepare for a holiday season spike in bot-operated attacks | CSO Online

• Pig butchering domains seized and slaughtered by the Feds • The Register

• Experts Warn Remote Workers of Black Friday Security Threats - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• What cyber insurance really covers - Help Net Security

Software Supply Chain

• CISA, NSA, ODNI Publish Software Supply Chain Guidelines For Customers - Infosecurity Magazine (infosecurity-magazine.com) 

Denial of Service DoS/DDoS

• Out of the blue: Surviving an 18-hour, 39M-request DDoS attack - Help Net Security

Cloud/SaaS

• The impact of inadequate SaaS management - Help Net Security

Hybrid/Remote Working

• How remote working impacts security incident reporting | CSO Online

Identity and Access Management

• Access Rights – Bridging the Gap Between Current and Desired States - Information Security Buzz

Encryption

• Mathematical theorem used to crack US government encryption algorithm (phys.org)

API

• 5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs

• The API Timebomb - Information Security Buzz

• What are different types of APIs? - IT Security Guru

• Three security design principles for public REST APIs - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)

• Guess the most common password. Hint: We just told you • The Register

• World Cup Players Among Most Breached Passwords - IT Security Guru

• Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Hackers steal $300,000 in DraftKings credential stuffing attack (bleepingcomputer.com)

Social Media

• Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches - Security Affairs

• Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts (bleepingcomputer.com)

• Cyber security Pros Put Mastodon Flaws Under the Microscope (darkreading.com)

• Musk to abused Twitter users: Your tormentors will return • The Register

• Facebook sued for collecting personal data to sell adverts | News | The Times

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-US Influence Operation (thehackernews.com)

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop

Cyber Bullying, Cyber Stalking and Sextortion

• Musk to abused Twitter users: Your tormentors will return • The Register

Regulations, Fines and Legislation

• Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz

• UK’s Privacy Tsar Defends Controversial Enforcement Strategy - Infosecurity Magazine (infosecurity-magazine.com)

• How US cyber incident reporting law could finally fix the information sharing problem - CyberScoop

Law Enforcement Action and Take Downs

• UK Cops Lead Action Against Fraud Site that Made £100m - Infosecurity Magazine (infosecurity-magazine.com)

• Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire

• Interpol Seized $130 Million from Cyber criminals in Global "HAECHI-III" Crackdown Operation (thehackernews.com)

• 'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• iPhones are not as privacy-focused as Apple claims, researchers point out - India Today

• Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica

Misinformation, Disinformation and Propaganda

• Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop

• Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-US Influence Operation (thehackernews.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine shows how space is now central to warfare | Financial Times (ft.com)

• New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)

• EU Parliament Putin things back together after cyber attack • The Register

• Opinion | Democracies flirting with spyware like Pegasus raises dangers - The Washington Post

• Scotland's broadband builder linked to Israeli spyware | HeraldScotland

• Bahamut Spyware Group Compromises Android Devices Via Fake VPN Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organisations (thehackernews.com)

Nation State Actors