Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.

https://www.msspalert.com/cybersecurity-research/majority-of-smbs-lack-dedicated-cyber-experts-incident-response-plan/

• Controlling Third-Party Data Risk Should be a Top Cyber Security Priority

Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.

https://www.darkreading.com/attacks-breaches/controlling-third-party-data-risk-should-be-a-top-cybersecurity-priority-

• IT Security Spending to Reach Nearly $300 Billion by 2026

Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.

https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/

• 2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th  globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.

https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

• Board Cyber Shortage: Don’t Get Caught Swimming Naked

The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors. 

https://www.forbes.com/sites/forbestechcouncil/2023/03/20/board-cyber-shortage-dont-get-caught-swimming-naked/?sh=6ea732895af8

• Should your Organisation be Worried about Insider Threats?

Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.

https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/

• UK Ransomware Incident Volumes Surge 17% in 2022

According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.

https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/

• Financial Industry Hit by Rising Ransomware Attacks and BEC

According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.

https://www.bloomberg.com/news/articles/2023-03-21/banks-financial-industry-buffeted-by-rising-ransomware-attacks?

• 55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.

https://www.csoonline.com/article/3691609/55-zero-day-flaws-exploited-last-year-show-the-importance-of-security-risk-management.html#tk.rss_news

• Security Researchers Spot $36m BEC Attack

Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.

https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/

• New Victims Come Forward After Mass Ransomware Attack

Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

• Ransomware Gangs’ Harassment of Victims is Increasing

Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.

https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/

• Wartime Hacktivism is Spilling Over into the Financial Services Industry

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.

https://www.scmagazine.com/analysis/risk-management/report-wartime-hacktivism-is-spilling-over-into-the-financial-services-industry

Threats

Ransomware, Extortion and Destructive Attacks

• LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)

• UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg

• BianLian ransomware crew swaps encryption for extortion • The Register

• New victims come forward after mass-ransomware attack | TechCrunch

• Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)

• LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)

• Free decryptor released for Conti-based ransomware following data leak | Tripwire

• New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek

• Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert

• US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs

• Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK

• CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online

• Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)

• Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)

• Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO

• Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)

• Ransomware Attacks Double in Europe's Transport Sector - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent Ransomware with Cyber security Monitoring (trendmicro.com)

• Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organisations Stop Attacks Before Damage Occurs | CISA

• Ferrari in a spin as crims steal customer data • The Register

• Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)

Phishing & Email Based Attacks

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Security Researchers Spot $36m BEC Attack - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Campaign Targets Social Security Administration - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors are experimenting with QR codes - Help Net Security

• Over 2400 Fake Pages Found Targeting Job Seekers in Middle East, Africa - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Massive Phishing Campaign Bypasses MFA and Mimics Microsoft Office (techrepublic.com)

• How Cyber-Criminals are Circumventing Multifactor Authentication - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)

• Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (thehackernews.com)

• Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)

Mobile

• Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Android apps are spying on you — with no easy way to stop them | Digital Trends

• Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar

• UK emergency alert system launched to warn of life-threatening events - with test set for next month | UK News | Sky News

• Google Pixel phones had a serious data leakage bug – here’s what to do! – Naked Security (sophos.com)

• How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)

Botnets

• New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks (thehackernews.com)

Denial of Service/DoS/DDOS

• New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)

• KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

Internet of Things – IoT

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Google sounds alarm on Samsung modem bugs in Android devices • The Register

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

Data Breaches/Leaks

• Complacency of staff to blame for data breaches (thesundaily.my)

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• Latitude customers are furious: some have had data hacked before through Medibank and Optus - ABC News

• Data breaches cost businesses nearly $6M on average: Mastercard | CTV News

• Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)

• NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs

• Lowe’s Market chain leaves client data up for grabs- Security Affairs

• Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)

• South Korea fines McDonalds for data leak from raw SMB share • The Register

• A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs

Organised Crime & Criminal Actors

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt

• General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Insider Risk and Insider Threats

• Should Your Organisation Be Worried About Insider Threats? - IT Security Guru

• Top 5 Insider Threats to Look Out For in 2023- Security Affairs

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

Fraud, Scams & Financial Crime

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• ‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)

Deepfakes

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

Insurance

• SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET

• Cyber insurance carriers expanding role in incident response | TechTarget

Supply Chain and Third Parties

• Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)

• Companies vulnerable to cyber-attack via suppliers - research | RNZ News

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Software Supply Chain

• Why Business Software Buyers Are Demanding Baked-in Security - MSSP Alert

Cloud/SaaS

• How access management helps protect identities in the cloud | VentureBeat

• Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)

• The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch

• Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)

• 4 cloud API security best practices | TechTarget

• 8 cloud detection and response use cases | TechTarget

• How to Transfer Data Securely When Moving to the Cloud - Infosecurity Magazine (infosecurity-magazine.com)

• The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley

• New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)

• 4 Tips for Better AWS Cloud Workload Security (trendmicro.com)

Hybrid/Remote Working

• Bridging the cyber security readiness gap in a hybrid world - Help Net Security

Identity and Access Management

• How access management helps protect identities in the cloud | VentureBeat

• The impact of AI on the future of ID verification - Help Net Security

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

• CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)

API

• 4 cloud API security best practices | TechTarget

Open Source

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Post-Exploitation Method Exposes User Passwords (darkreading.com)

Social Media

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• TikTok cannot be considered a private company: report • The Register

• TikTok CEO plans rigorous defences in Congress against claims the app is a US security threat | CyberScoop

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Training, Education and Awareness

• Complacency of staff to blame for data breaches (thesundaily.my)

Regulations, Fines and Legislation

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• India’s infosec reporting rules observed by just 15 orgs • The Register

• Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)

Governance, Risk and Compliance

• How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)

• CIOs Build New Bonds With CISOs - WSJ

• How to best allocate IT and cyber security budgets in 2023 - Help Net Security

• IT security spending to reach nearly $300 billion by 2026 - Help Net Security

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• How Your Cyber security Strategy Enables Better Business (trendmicro.com)

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• How Can CISOs Connect With the Board of Directors? (darkreading.com)

• Achieving The Five Levels Of Information Security Governance (forbes.com)

• Enhance security while lowering IT overhead in times of recession - Help Net Security

• Why organisations shouldn't fold to cyber criminal requests - Help Net Security

Models, Frameworks and Standards

• Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Backup and Recovery

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Data Protection

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How training and recognition can reduce cyber security stress and burnout | CSO Online

Law Enforcement Action and Take Downs

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• How to protect online privacy in the age of pixel trackers - Help Net Security

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• French govt clears AI facial scans for Paris Olympics • The Register

Artificial Intelligence

• EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews

• ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg

• ‘We are a little bit scared’: OpenAI CEO warns of risks of artificial intelligence | Artificial intelligence (AI) | The Guardian

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• We need to create guardrails for AI | Financial Times (ft.com)

• GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)

• Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom

• The impact of AI on the future of ID verification - Help Net Security

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• AI news latest: Google lets people talk to ‘Bard’ bot as ChatGPT taken offline after it goes haywire | The Independent

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch

• French govt clears AI facial scans for Paris Olympics • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• TikTok cannot be considered a private company: report • The Register

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• The pressing threat of Chinese-made drones flying above US critical infrastructure  | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online

Vulnerability Management

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

• From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022 (thehackernews.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• 10 Vulnerabilities Types to Focus On This Year (darkreading.com)

• Vulnerability vs. Risk: How MSSPs Can Prioritize Remediating Cyber security Vulnerabilities - MSSP Alert

• What Is the Microsoft Print Spooler Vulnerability? - ReHack

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Vulnerabilities

• Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)

• CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)

• Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)

• Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs

• Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)

• Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs

• WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)

• Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)

• Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar

• Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)

• ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours (securityintelligence.com)

• If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica

• Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

Tools and Controls

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Complacency of staff to blame for data breaches (thesundaily.my)

• How access management helps protect identities in the cloud | VentureBeat

• Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware

• The Ethics of Network and Security Monitoring (darkreading.com)

• Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

• How network perimeters secure enterprise networks | TechTarget

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Reports Published in the Last Week

• State of Cybersecurity for Mid-Sized Businesses in 2023 | Huntress

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

Other News

• Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News

• Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica

• What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)

• Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)

• Top ways attackers are targeting your endpoints - Help Net Security

• What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)

• 5 rules to make security user-friendly - Help Net Security

• Techno-nationalism explained: What you need to know (techtarget.com)

• How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru

• Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime

Norton released its top cyber trends to watch in 2023, emphasising that the economy will have the greatest impact on the spread of cyber crime next year. Experts predict the pressures associated with economic uncertainty and rising costs will create the perfect environment for scammers to take advantage of people when they are more vulnerable.

It’s expected that cyber criminals will trick victims into surrendering personal information, emptying their bank accounts, or spending money for products, services or “lottery winnings” that never arrive. “We anticipate scammers will continue to prey on the vulnerability of people as economic pressures rise in 2023,” said Norton.

“Cyber criminals love to exploit seasonal opportunities, and consumers are facing a perfect storm of rising prices in the middle of the busiest shopping season of the year when scammers are particularly active. Scams are always harder to detect during the holiday season because consumers expect deep discounts and may believe prices that would normally seem too good to be true. This year, inflation and other unfavourable macroeconomic factors are likely to make people particularly eager to find good deals and they may therefore be at greater risk than in previous years. Taking a few proactive steps today could help you to be safer all year long.”

https://www.helpnetsecurity.com/2022/12/06/economic-uncertainty-cybercrime/

• Cyber Security Resilience Emerges as Top Priority, as 62% of Companies Say Security Incidents Impacted Business Operations

Cyber security resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest edition of Cisco's annual Security Outcomes Report.

Resilience has emerged as a top priority as a staggering 62 percent of organisations surveyed said they had experienced a security event that impacted business in the past two years. The leading types of incidents were network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).

These incidents resulted in severe repercussions for the companies that experienced them, along with the ecosystem of organisations they do business with. The leading impacts cited include IT and communications interruption (62.6 percent), supply chain disruption (43 percent), impaired internal operations (41.4 percent) and lasting brand damage (39.7 percent).

With stakes this high, it is no surprise that 96 percent of executives surveyed for the report said that security resilience is high priority for them. The findings further highlight that the main objectives of security resilience for security leaders and their teams are to prevent incidents, and mitigate losses when they occur.

Technology is transforming businesses at a scale and speed never seen before. While this is creating new opportunities, it also brings with it challenges, especially on the security front. To be able to tackle these effectively, companies need the ability to anticipate, identify, and withstand cyber threats, and if breached be able to rapidly recover from one. That is what building resilience is all about.

Security, after all, is a risk business. As companies don't secure everything, everywhere, security resilience allows them to focus their security resources on the pieces of the business that add the most value to an organisation, and ensure that value is protected.

https://www.darkreading.com/vulnerabilities-threats/cybersecurity-resilience-emerges-as-top-priority-as-62-of-companies-say-security-incidents-impacted-business-operations

• Cyber Security Should Focus on Managing Risk

Preventing all data breaches is an unrealistic goal. Instead, focus on finding and minimising the greatest risks.

There is a common misconception that all problems have clear, straightforward solutions — as long as you look hard enough. While this is a bold and ambitious goal, it's misguided when applied to cyber security. Organisations cannot prevent data breaches or cyberattacks altogether, and avoiding a breach or cyber incident is nearly impossible in the modern era. Organisations can, however, take steps to reduce an attack's negative impacts.

Eradicating risk is an impractical goal because you cannot "solve" something that constantly changes. To understand the risks you need to think like an attacker.

Threat actors are, first and foremost, opportunistic. They will always look for the easiest targets to maximise their financial gain. So intimately understanding an organisation's level of risk is the first step to managing and reducing it — and making yourself less of a target.

In line with Verizon’s "Data Breach Investigations Report" (DBIR) the four critical ways that threat actors most frequently use to compromise organisations large and small are credential compromise, phishing, vulnerability exploitation, and botnets, and these are the areas organisations should look reduce risks.

https://www.darkreading.com/edge-articles/cybersecurity-should-focus-on-managing-risk

• Fear of Cyber Attacks Drives SMBs to Spend More on Software

Despite fears of a looming recession, small and medium sized businesses (SMBs) are spending more on software in 2023, according to Capterra’s 2023 SMB Software Buying Trends Survey. 75% of US SMBs estimate they’ll spend more on software in 2023 compared to 2022.

Alongside increased software budgets, Capterra’s survey of over 500 SMBs reveals four other major trends in software buying behaviours and challenges that will impact businesses in 2023:

• Fearful of cyber attacks, US businesses rate security as a top motivator for software purchases

• Implementation concerns are SMBs’ biggest purchase barrier

• Most SMB software purchases are solely handled by IT, disregarding other important stakeholders

• Customer reviews sway purchase decisions, and verified reviews are critical

Despite the expected increase in software investments, many US SMBs regret their technology purchases. 61% of US SMBs say they have buyer’s remorse over a technology purchase in the past 12-18 months. Inadequate support services (39%) and higher-than-anticipated costs (34%) are the top reasons behind such regrets.

https://www.helpnetsecurity.com/2022/12/07/smbs-software-spending-2023/

• Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices

Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cyber security specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages.

“Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads the report. Trustwave further added that scammers typically obtain mobile numbers from data breaches, social media and data brokers, among other methods. After that, attackers ask victims for a wire transfer, send a copy of an aging report or change a payroll account, luring them into paying for something that should be reimbursed later (but never will).

BEC attacks will always be here so long as they remain profitable. Their continued profitability proves that employee cyber security behaviour is neglected and mismanaged by the compliance-based approach to security awareness.

Security culture needs a reformation that begins with transforming the human layer into an asset which, when empowered by the right training and platform, augments the protect-detect-respond pillars of the [National Institute of Standards and Technology] NIST framework.

Trustwave’s findings were also confirmed in SlashNext’s State of Phishing 2022 report, which recently highlighted a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads. The document also suggested 83% of organisations reported that mobile device threats had been growing more quickly than other device threats.

https://www.infosecurity-magazine.com/news/bec-attacks-expand-toward-mobile/

• Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold

Ransomware groups are getting their acts together, growing in sophistication and business acumen while monetising ransomware beyond encryption, including double and triple extortion, as the market for ransomware-as-a-service (RaaS) matures.

In first half of 2022, LockBit, Conti, Alphv, Black Basta, and Vice Society were among the most prolific ransomware gangs, focusing their attack on US-based organisations, according to a LookingGlass report on the topic.

The report confirmed and attributed 1,133 ransomware attacks in the first six months of the year and attributed 207 data leaks across all active threat actor groups throughout the same period. Of the more than 1,300 incidents, the bulk came from the top 15 most active ransomware groups, led by LockBit, Conti, and Alphv.

Ransomware gangs have primarily targeted two sectors during the analysis period: manufacturing and industrial products, followed by engineering and construction and healthcare and life sciences, with the consumer and retail industry rounding out the top five.

The report highlighted the rise of sophisticated software and networks as a principal contributor to the professionalisation of ransomware, with malicious actors now offering RaaS, bug bounties, sales teams, and even customer support.

“This new, more professional ransomware structure can only mean that the problem will continue to grow in the months ahead," the report noted. "We anticipate the adoption of more traditional business practices as the underground economy continues to remain robust”.

https://www.darkreading.com/threat-intelligence/ransomware-professionalization-grows-as-raas-takes-hold

• Automated Dark Web Markets Sell Corporate Email Accounts For $2

Cyber crime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.

Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.

The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organisations.

Typically, these accounts were stolen via password cracking (brute-forcing) or credential stuffing, had their credentials stolen through phishing, or were bought from other cyber criminals.

Hackers use their access to corporate email accounts in targeted attacks like business email compromise (BEC), social engineering, spear-phishing, and deeper network infiltration.

https://www.bleepingcomputer.com/news/security/automated-dark-web-markets-sell-corporate-email-accounts-for-2/

• Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack

Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.

While the company is still investigating the incident and is working on bringing affected systems back online, it says that cyber criminals might also take advantage and exploit this incident for their own purposes.

"If you do receive a message from an individual you do not recognise, do not reply. Please login to your control panel and create a ticket, including details about the message you received," Rackspace said. "We understand that contact such as this may be alarming, but we currently have no evidence to suggest that you are at increased risk as a result of this direct contact."

Rackspace added that customers could easily spot scammers attempting to steal their sensitive information since:

• Emails from Rackspace will be sent from @rackspace.com emails (although attackers might still use a spoofed email address and redirect their targets to a landing phishing page)

• Rackspace support will not ask for login credentials or personal information (e.g., social security number, driver's license) during phone calls

Even though the company is yet to reveal if it has any evidence that the attackers have stolen data from its systems during the breach, customers were advised to remain vigilant and monitor their credit reports and banking account statements for suspicious activity.

Some customers are also reporting an increase in phishing emails impersonating Rackspace since the ransomware attack. Those affected by the Rackspace ransomware attack and outage should not open any suspicious email attachments or click any suspicious links.

https://www.bleepingcomputer.com/news/security/rackspace-warns-of-phishing-risks-following-ransomware-attack/

• Security Concerns Scupper Deals for Two-Thirds of Firms

Two-thirds (67%) of global organisations have admitted to losing out on acquiring potential customers due to concerns about their security posture, according to LogRhythm.

The security vendor polled 1175 security professionals and executives across five continents to compile its latest report, The State of the Security Team 2022. It found that security due diligence among customers and partners is increasingly rigorous.

Some 91% of respondents said that their security strategy must now align with customers’ security policies and standards, while 85% claimed their company must provide proof that they meet partners’ security requirements.

There was more worrying news from the report: 70% of respondents reported an increase in workplace stress for security teams, with nearly a third (30%) citing a “significant” increase. Among the key stress factors highlighted in the study were growing attack sophistication, greater responsibilities and increasing attack frequency.

Two-fifths (41%) claimed that better integrated solutions would help to relieve these pressures, while a similar number (42%) pointed to the need for more experienced security professionals. The latter would seem unlikely, given the coming recession’s likely impact on budgets, and persistent industry skills shortages. The gap is now 3.4 million globally, including 56,800 in the UK, a massive 73% year-on-year increase, according to ISC2.

https://www.infosecurity-magazine.com/news/security-concerns-scupper-deals/

• Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks

Microsoft is gearing up for a slew of Russian cyber attacks this winter, and warns others to stay vigilant. Between missiles, drones, and cyber attacks the onslaught against Ukraine has been a brutal one, and reportedly only set to get worse in the coming months.

"Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support," says Microsoft in a recent blog post. "Recent attacks in Poland suggest that Russian state-sponsored cyber attacks may increasingly be used outside Ukraine in an effort to undermine foreign-based supply chains."

In late October, Russian forces were pushed from formerly occupied territory, retaliating with missile, drone, and cyber strikes that left much of Kyiv in need of simple running water.

The Russian group known to Microsoft as IRIDIUM (aka Sandworm) is thought to be working with the Russian intelligence service, the GRU, in coordinated efforts to inflict suffering on the people of Ukraine. The group has been at large for almost a decade, as Microsoft notes, "Following Russia’s annexation of Crimea in 2014, IRIDIUM launched a series of wintertime operations against Ukrainian electricity providers, cutting power to hundreds of thousands of citizens in 2015 and 2016."

https://www.pcgamer.com/microsoft-encourages-strong-cyber-hygiene-in-light-of-increasing-russian-cyberattacks/

Threats

Ransomware, Extortion and Destructive Attacks

• Rackspace customers rage following ransomware attack, as class-action lawsuits filed (bitdefender.com)

• Ransomware Professionalization Grows as RaaS Takes Hold (darkreading.com)

• Rackspace Admits Security Incident, Helps Customers Migrate to Microsoft 365 Accounts - Infosecurity Magazine (infosecurity-magazine.com)

• Medibank share price slumps ahead of major shutdown and cyber security overhaul (fool.com.au)

• Rackspace confirms ransomware behind days-long email outage • The Register

• Vice Society: Profiling a Persistent Threat to the Education Sector (paloaltonetworks.com)

• Wiper, Disguised as Fake Ransomware, Targets Russian Orgs (darkreading.com)

• Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica

• Rackspace rocked by ‘security incident’ in hosted Exchange • The Register

• Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware (thehackernews.com)

• Understanding NIST CSF to assess your organisation's Ransomware readiness (thehackernews.com)

• New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security

• South Pacific vacations may be wrecked by ransomware • The Register

• Gartner: 5 Considerations for I&O Leaders Planning Against Ransomware Attacks - IT Security Guru

• Intersport Data Posted On Hive Dark Web Blog - Information Security Buzz

• NZ Privacy Commissioner Investigates Mercury IT Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022 (thehackernews.com)

• Education sector hit by Hive ransomware in November | TechTarget

• Ransomware attack forces French hospital to transfer patients (bleepingcomputer.com)

• CommonSpirit Health ransomware attack exposed data of 623,000 patients (bleepingcomputer.com)

• Ransomware Gang Steals Employee and Customer Data From LJ Hooker (vice.com)

Phishing & Email Based Attacks

• Rackspace warns of phishing risks following ransomware attack (bleepingcomputer.com)

• Phishing in the Cloud: We're Gonna Need a Bigger Boat (darkreading.com)

• Phishing scammers impersonate WhatsApp by buying a top ad spot on Google | PC Gamer

• Man who lost $149k after clicking on phishing e-mail among at least 10 victims in Case cyber attack | The Straits Times

• How to Recognize Phishing Emails: Cyber security Experts Give Advice - WSJ

• Investment Fraud Gang May Have Made $500m - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• BEC Attacks Expand Beyond Email and Toward Mobile Devices - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Christmas Warning: Threat Actors Impersonate your Favourite Brands to Attack, Finds CSC - Infosecurity Magazine (infosecurity-magazine.com)

• Infostealer Malware Market Booms, as MFA Fatigue Sets In (darkreading.com)

• Hardening Identities With Phish-Resistant MFA (darkreading.com)

• 'I had £8,000 stolen but Revolut won't refund it' - BBC News

Malware

• Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant (thehackernews.com)

• Infostealer Malware Market Booms, as MFA Fatigue Sets In (darkreading.com)

• Malware Authors Inadvertently Take Down Own Botnet (darkreading.com)

• New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm (thehackernews.com)

• Truebot Malware Activity Increases With Possible Evil Corp Connections - Infosecurity Magazine (infosecurity-magazine.com)

• Newly Discovered Trojan Steals 300,000 Facebook Users Details In 4 Year-Long Campaign - Information Security Buzz

• Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines (darkreading.com)

Mobile

• BEC Attacks Expand Beyond Email and Toward Mobile Devices - Infosecurity Magazine (infosecurity-magazine.com)

• 'Scattered Spider' Cyber crime Group Targets Mobile Carriers via Telecom, BPO Firms | SecurityWeek.Com

• Code of practice for app store operators and app developers - GOV.UK (www.gov.uk)

• Android malware apps with 2 million installs spotted on Google Play (bleepingcomputer.com)

• Privacy changes set Apple at odds with UK government over online safety bill | Apple | The Guardian

• Android malware infected 300,000 devices to steal Facebook accounts (bleepingcomputer.com)

• Researchers Uncover Darknet Service Allowing Hackers to Trojanize Legit Android Apps (thehackernews.com)

• Android December 2022 security updates fix 81 vulnerabilities (bleepingcomputer.com)

• Telcom and BPO Companies Under Attack by SIM Swapping Hackers (thehackernews.com)

• Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide (thehackernews.com)

• Eight Questions to Ask Your Aging Parents (and Yourself) to Keep Their Phones Safe From Hackers - WSJ

• SIM swapper gets 18-months for involvement in $22 million crypto heist (bleepingcomputer.com)

• Compromised Android keys used to sign info-stealing malware • The Register

• Largest mobile malware marketplace identified by Resecurity in the Dark Web - Security Affairs

Internet of Things – IoT

• How IoT is changing the threat landscape for businesses - Help Net Security

• What's the Matter with digital trust in smart home devices? - Help Net Security

• Security Risks Found in Millions of XIoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities | SecurityWeek.Com

• Eufy responds to camera security concerns | ZDNET

Data Breaches/Leaks

• Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED

• Personal data of 10,000 Australians found for sale online | 7NEWS

• Stolen data of 600,000 Indians sold on bot markets so far - study | Reuters

Organised Crime & Criminal Actors

• Of Exploits and Experts: The Professionalization of Cyber Crime (darkreading.com)

• Economic uncertainty will greatly impact the spread of cyber crime - Help Net Security

• Automated dark web markets sell corporate email accounts for $2 (bleepingcomputer.com)

• DHS Cyber Safety Board to review Lapsus$ gang’s hacking tactics (bleepingcomputer.com)

• BlackProxies proxy service increasingly popular among hackers (bleepingcomputer.com)

• Gen Z Internet Users "Normalize" Cyber crime - Report - Infosecurity Magazine (infosecurity-magazine.com)

• Chart: Cyber crime Expected To Skyrocket in Coming Years | Statista

• Metaparasites: The cyber criminals who rip each other off • Graham Cluley

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Bitcoin ‘rarely’ used for legal transactions, on ‘road to irrelevance’, say European Central Bank officials | TechCrunch

• North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps (thehackernews.com)

• Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Threat Actors Use Malicious File Systems to Scale Crypto-Mining Operations - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: Hackers target cryptocurrency firms over Telegram (bleepingcomputer.com)

• UK finalises plans for regulation of ‘wild west’ crypto sector | Financial Times (ft.com)

• North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News

Insider Risk and Insider Threats

• Insights into insider threats: Detecting and monitoring abnormal user activity - Help Net Security

Fraud, Scams & Financial Crime

• Even cyber criminals fall for online scams: $2.5m last year • The Register

• Why are Monzo, Revolut and Starling becoming scam targets? — Startup Europe, The Sifted Podcast | Sifted

• 'I had £8,000 stolen but Revolut won't refund it' - BBC News

• Suspects arrested for hacking US networks to steal employee data (bleepingcomputer.com)

• Credit card skimming – the long and winding road of supply chain failure – Naked Security (sophos.com)

• Australia arrests 'Pig Butchering' suspects for stealing $100 million (bleepingcomputer.com)

• Cyber criminals are scamming each other, tipping off law enforcement - Help Net Security

• Elon Musk "Freedom Giveaway" crypto scam promoted via Twitter lists (bleepingcomputer.com)

• SIM swapper gets 18-months for involvement in $22 million crypto heist (bleepingcomputer.com)

• Metaparasites: The cyber criminals who rip each other off • Graham Cluley

• Investment Fraud Gang May Have Made $500m - Infosecurity Magazine (infosecurity-magazine.com)

Deepfakes

• Thanks to AI, it’s probably time to take your photos off the Internet | Ars Technica

AML/CFT/Sanctions

• Santander UK fined £108m over anti-money laundering failings | Banco Santander | The Guardian

Insurance

• What you should know when considering cyber insurance in 2023 | CSO Online

• Cyber Insurance Policy Underwriting Explained (trendmicro.com)

Dark Web

• Dark web recruiting techniques: Malware, phishing, and carding - Help Net Security

Supply Chain and Third Parties

• Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack (thehackernews.com)

• Antwerp's city services down after hackers attack digital partner (bleepingcomputer.com)

• Credit card skimming – the long and winding road of supply chain failure – Naked Security (sophos.com)

• Transport And Shipping Beware – Supply Chains Under Attack - Information Security Buzz

• Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED

Software Supply Chain

• How Naming Can Change the Game in Software Supply Chain Security (darkreading.com)

Denial of Service DoS/DDoS

• 3 Types Of DDoS Attack Types You Should Care About - Information Security Buzz

• Microsoft warning after DDoS attack disrupts Russian bank • The Register

Cloud/SaaS

• Phishing in the Cloud: We're Gonna Need a Bigger Boat (darkreading.com)

• How to get cloud migration right - Help Net Security

• 3 Ways Attackers Bypass Cloud Security (darkreading.com)

• How to implement least privilege access in the cloud | TechTarget

Hybrid/Remote Working

• Remote workers losing laptops are bigger threat to companies than hackers (telegraph.co.uk)

Encryption

• WhatsApp raises threat of UK shutdown in encryption row (telegraph.co.uk)

• Governments want to avert quantum's encryption apocalypse (axios.com)

API

• 68% of IT leaders are worried about API sprawl - Help Net Security

Open Source

• Ping of death! FreeBSD fixes crashtastic bug in network tool – Naked Security (sophos.com)

• Research reveals where 95% of open source vulnerabilities lie - Help Net Security

• Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)

• Threat Actors Use Malicious File Systems to Scale Crypto-Mining Operations - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Password Reset Calls Are Costing Your Org Big Money (bleepingcomputer.com)

Social Media

• Taiwan bans state-owned devices from running TikTok • The Register

• Critical Vulnerabilities Force Twitter Alternative Hive Social Offline | SecurityWeek.Com

• Does Hive's Security Problem Make It Unsafe to Use? (lifehacker.com)

• Elon Musk "Freedom Giveaway" crypto scam promoted via Twitter lists (bleepingcomputer.com)

• US States label TikTok a malicious and menacing threat • The Register

Training, Education and Awareness

• Making Cyber-awareness Training And Spoofing Protection Mandatory In The Digital Workplace - Information Security Buzz

• Engage your employees with better cyber security training - Help Net Security

• Lack of Cyber security Expertise Poses Threat for Public-Safety Orgs (darkreading.com)

• 4 cyber security predictions for 2023 --- SANS analysts look ahead | VentureBeat

Parental Controls and Child Safety

• US Sues TikTok Over Child Safety and Data Security Claims - Infosecurity Magazine (infosecurity-magazine.com)

• Are Parents Feeding Kids’ Data To Threat Actors? Expert Comments - Information Security Buzz

Regulations, Fines and Legislation

• Five companies fined over £400,000 for targeting over-60s with illegal marketing calls | UK News | Sky News

• UK finalises plans for regulation of ‘wild west’ crypto sector | Financial Times (ft.com)

• What Stricter Data Privacy Laws Mean for Your Cyber security Policies (thehackernews.com)

Governance, Risk and Compliance

• Cyber security Risk Management In The Real World - Information Security Buzz

• Economic uncertainty will greatly impact the spread of cyber crime - Help Net Security

• Cyber security Plan: 3 Keys for CISOs (trendmicro.com)

Models, Frameworks and Standards

• Understanding NIST CSF to assess your organisation's Ransomware readiness (thehackernews.com)

• PCI Secure Software Standard 1.2 released - Help Net Security

• How compliance leaders can encourage employees to report misconduct - Help Net Security

• The changing role of the MITRE ATT@CK framework | CSO Online

• Don't Wait to Become CMMC Compliant - Information Security Buzz

• Three Ways to Improve Defence Readiness Using MITRE D3FEND | SecurityWeek.Com

Data Protection

• Remote workers losing laptops are bigger threat to companies than hackers (telegraph.co.uk)

• How companies time data leak disclosures - Help Net Security

• What Stricter Data Privacy Laws Mean for Your Cyber security Policies (thehackernews.com)

Careers, Working in Cyber and Information Security

• 5 top qualities you need to become a next-gen CISO | CSO Online

Law Enforcement Action and Take Downs

• Suspects arrested for hacking US networks to steal employee data (bleepingcomputer.com)

• Australia arrests 'Pig Butchering' suspects for stealing $100 million (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• The Privacy War Is Coming (darkreading.com)

• Apple Faces Critics Over Its Privacy Policies | SecurityWeek.Com

• Privacy changes set Apple at odds with UK government over online safety bill | Apple | The Guardian

• Apple announces new security and privacy measures amid surge in cyber-attacks | Apple | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• NATO Readies for Cyber War: Simulation Shows Unified Front Against Attack - MSSP Alert

• Microsoft warns of Russian cyber attacks throughout the winter (bleepingcomputer.com)

• Microsoft warning after DDoS attack disrupts Russian bank • The Register

• Lessons from Russia’s cyber-war in Ukraine | The Economist

• Russian Espionage APT Callisto Focuses on Ukraine War Support Organisations | SecurityWeek.Com

• Russian Actors Use Compromised Healthcare Networks Against Ukrainian Orgs (darkreading.com)

• Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict (substack.com)

• Russian Hackers Use Western Networks to Attack Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Pegasus spyware was used to hack reporters’ phones. I’m suing its creators | Nelson Rauda Zablah | The Guardian

Nation State Actors

Nation State Actors – Russia

• Microsoft encourages 'strong cyber hygiene' in light of increasing Russian cyber attacks | PC Gamer

• Russian Hackers Spotted Targeting US Military Weapons and Hardware Supplier (thehackernews.com)

• The surprising ineffectiveness of Russia’s cyber-war | The Economist

Nation State Actors – China

• Chinese Government Linked Hackers Swiped $20M in Targeted Pandemic Funds, Secret Service Says - MSSP Alert

• Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities (thehackernews.com)

• Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks (thehackernews.com)

• Chinese hackers stole millions worth of US COVID relief money, Secret Service says | Reuters

• Amnesty International Canada breached by suspected Chinese hackers (bleepingcomputer.com)

• China Operates More Than 100 Secret 'Police Stations' Globally: Report (businessinsider.com)

• US Congress rolls back proposal to restrict use of Chinese chips | Computerworld

Nation State Actors – North Korea

• North Korean tech freelancers' earnings fund nukes, missiles • The Register

• North Korean Hackers Spread AppleJesus Malware Disguised as Cryptocurrency Apps (thehackernews.com)

• Google Documents IE Browser Zero-Day Exploited by North Korean Hackers | SecurityWeek.Com

• APT37 Uses Internet Explorer Zero-Day to Spread Malware (darkreading.com)

• Google: State hackers still exploiting Internet Explorer zero-days (bleepingcomputer.com)

• North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News

Nation State Actors – Iran

• Iranian APT Targets US With Drokbk Spyware via GitHub (darkreading.com)

• Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack (thehackernews.com)

• Iranian State Hackers Targeting Key Figures in Activism, Journalism, and Politics (thehackernews.com)

• UK lawmakers warned of cyber-attacks and possible harassment from Iranian operatives | CNN

• Iran Arrests News Agency Deputy After Reported Cyber attack | SecurityWeek.Com

Vulnerabilities

• Attackers take over expired domain to deliver web skimming scripts - Help Net Security

• Google discovers Windows exploit framework used to deploy spyware (bleepingcomputer.com)

• Cisco discloses high-severity IP phone bug with exploit code (bleepingcomputer.com)

• Google Chrome emergency update fixes 9th zero-day of the year (bleepingcomputer.com)

• Google Documents IE Browser Zero-Day Exploited by North Korean Hackers | SecurityWeek.Com

• For Cyber attackers, Popular EDR Tools Can Turn into Destructive Data Wipers (darkreading.com)

• A new Linux flaw can be chained with other two bugs to gain full root privileges - Security Affairs

• Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities | SecurityWeek.Com

• Google Chrome Flaw Added to CISA Patch List (darkreading.com)

• Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS | SecurityWeek.Com

• Research reveals where 95% of open source vulnerabilities lie - Help Net Security

• Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)

• Google: State hackers still exploiting Internet Explorer zero-days (bleepingcomputer.com)

• Multiple Zero Days Discovered In Leading Antivirus And Endpoint Solutions (informationsecuritybuzz.com)

• APT37 Uses Internet Explorer Zero-Day to Spread Malware (darkreading.com)

• WAFs of Several Major Vendors Bypassed With Generic Attack Method | SecurityWeek.Com

• Google Chrome zero-day exploited in the wild (CVE-2022-4262) - Help Net Security

• Sophos fixed a critical flaw in its Sophos Firewall version 19.5 - Security Affairs

Tools and Controls

• Security pros feel threat detection and response workloads have increased - Help Net Security

• Single Sign-on: It's Only as Good as Your Ability to Use It (darkreading.com)

• Leveraging the full potential of zero trust - Help Net Security

• Understanding malware analysis and its challenges | TechTarget

• Using XDR to Consolidate and Optimize Cyber security Technology (thehackernews.com)

Reports Published in the Last Week

• The promise of Open Everything (axway.com)

• Security Outcomes Report, Volume 3 - Cisco

• ENISA Threat Landscape 2022 — ENISA (europa.eu)

Other News

• Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet | SecurityWeek.Com

• Where Advanced Cyber attackers Are Heading Next: Disruptive Hits, New Tech (darkreading.com)

• 43 Trillion Security Data Points Illuminate Our Most Pressing Threats (darkreading.com)

• 7 reasons why you must embed trust into the core of your business - Help Net Security

• Most convicted terrorists radicalised online, finds MoJ-backed study | UK security and counter-terrorism | The Guardian

• Risky online behaviour ‘almost normalised’ among young people, says study | Internet | The Guardian

• Top 7 factors boosting enterprise cyber security resilience - Help Net Security

• Machine Learning Models: A Dangerous New Attack Vector (darkreading.com)

• Microsoft's rough 2022 security year in review | CSO Online

• Consumers want convenience without sacrificing security - Help Net Security

• 4 cyber security predictions for 2023 --- SANS analysts look ahead | VentureBeat

• 3 of the Worst Data Breaches in the World That Could Have Been Prevented  - Security Affairs

• Removing the Barriers to Security Automation Implementation | SecurityWeek.Com

• Cyber security Should Focus on Managing Risk (darkreading.com)

• Deal with sophisticated bot attacks: Learn, adapt, improve - Help Net Security

• Want to detect Cobalt Strike? Look to process memory • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Research Finds Organisations Lack Tools and Teams to Address Cyber Security Threats

In research conducted in the summer of 2022 by BlackBerry, the findings describe the situation facing organisations regardless of size or vertical.

The survey of 405 senior IT, networking, and security decision-makers in the US, Canada, and the UK revealed 83% of organisations agreed building cyber security programs is expensive due to required tools, licenses, and personnel, and 80% agreed it’s challenging to fill specialised security roles. Most organisations (78%) have an incident management process, but about half (49%) agree they lack the teams and tools to be effective 24x7x365. Evolving security threats (53%) and the task of integrating new technology (53%) are cited as top challenges in maintaining security posture.

While it’s likely these findings surprise no one, they do reveal the challenges facing organisations who are caught between limited resources and increased risk. The urgency increases if we look at the critical infrastructure that keeps things running–like utilities, banks, transportation, key suppliers, industrial controls, and more.

https://www.msspalert.com/cybersecurity-guests/research-finds-organizations-lack-tools-and-teams-to-address-cybersecurity-threats/

• Some 98% of Global Firms Suffer Supply Chain Breach in 2021

Just 2% of global organisations didn’t suffer a supply chain breach last year, with visibility into cyber risk getting harder as these ecosystems expand, according to BlueVoyant.

The security firm polled 2100 C-level execs with responsibility for supply chain and cyber risk management from companies with 1000+ employees to compile its study, The State of Supply Chain Defense: Annual Global Insights Report 2022.

It found the top challenges listed by respondents were:

• Awareness internally that third-party suppliers are part of their cyber security posture

• Meeting regulatory requirements and ensuring third-party cyber security compliance

• Working with third-party suppliers to improve their posture.

Supply chains are growing: the number of firms with over 1000 suppliers increased from 38% in 2021’s report to 50%. Although 53% of organisations audited or reported on supplier security more than twice annually, 40% still rely on suppliers to ensure security levels are sufficient. That means they have no way of knowing if an issue arises with a supplier.

Worse, 42% admitted that if they do discover an issue in their supply chain and inform their supplier, they cannot verify that the issue was resolved. Just 3% monitor their supply chain daily, although the number of respondents using security ratings services to enhance visibility and reduce cyber risk increased from 36% last year to 39% in this year’s report.

With the escalating threat landscape and number of high-profile incidents being reported, firms should focus more strategically on addressing supply chain cyber security risk. In the current volatile economic climate, the last thing any business needs is any further disruption to their operations, any unexpected costs, or negative impact on their brand.

https://www.infosecurity-magazine.com/news/98-global-firms-supply-chain/

• Only 30% of Cyber Insurance Holders Say Ransomware is Covered

Cyber insurance providers appear to be limiting policy coverage due to surging costs from claimants, according to a new study from Delinea.

The security vendor polled 300 US-based IT decision makers to compile its latest report, Cyber insurance: if you get it be ready to use it.

Although 93% were approved for specialised cyber insurance cover by their provider, just 30% said their policy covered “critical risks” including ransomware, ransom negotiations and payments. Around half (48%) said their policy covers data recovery, while just a third indicated it covers incident response, regulatory fines and third-party damages.

That may be because many organisations are regularly being breached and look to their providers for pay-outs, driving up costs for carriers. Some 80% of those surveyed said they’ve had to call on their insurance, and half of these have submitted claims multiple times, the study noted.

As a result, many insurers are demanding that prospective policyholders implement more comprehensive security controls before they’re allowed to sign up.

Half (51%) of respondents said that security awareness training was a requirement, while (47%) said the same about malware protection, AV software, multi-factor authentication (MFA) and data backups.

However, high-level checks may not be enough to protect insurers from surging losses, as they can’t guarantee customers are properly deploying security controls.

Cyber insurance providers need to start advancing beyond simple checklists for security controls. They must require their customers to validate that their security controls work as designed and expected. They need their customers to simulate their adversaries to ensure that when they are attacked, the attack will not result in a breach. In fact, we're already starting to see government regulations and guidance that includes adversary simulation as part of their proactive response to threats.

https://www.infosecurity-magazine.com/news/cyberinsurance-ransomware-cover/

• Companies Hit by Ransomware Often Targeted Again, Research Says

It has been reported that more than a third of companies who paid a ransom to cyber criminals after being hit by a ransomware attack went on to be targeted for a second time, according to a new report.

The Hiscox Cyber Readiness Report found that 36% of companies that made the ransom payment were hit again, while 41% who paid failed to recover all of their data.

The head of the UK’s National Cyber Security Centre (NCSC), Lindy Cameron, said last year that ransomware attacks were the “most immediate danger” to the UK and urged companies to take more steps to protect themselves and their data.

The NCSC urges firms not to pay ransoms as it not only helps fund further crime but offers no guarantee that criminals will return the stolen or locked data. The Hiscox report appeared to back up the NCSC’s warnings, with 43% of the businesses who paid a ransom saying they still had to rebuild their systems while 29% said that despite making the payment their stolen data was still leaked. A further 26% said a ransomware attack had had a significant financial impact on their business.

https://informationsecuritybuzz.com/companies-hit-by-ransomware-often-targeted-again-research-says-and-expert-comments/

• Ransomware Remains Top Cyber Risk for Organisations Globally, Says Allianz

According to an Allianz Global Corporate & Specialty cyber report, ransomware remains a top cyber risk for organisations globally, while the threat of state-sponsored cyber attacks grows.

There were a record 623 million attacks in 2021, which was double that of 2020, says Allianz.

It also notes that despite the frequency reducing 23% globally during H1 of 2022, the year-to-date total still exceeds that of the full years of 2017, 2018 and 2019, while Europe saw attacks surge over this period. Allianz suggests that ransomware is forecast to cause $30bn in damages to organisations globally by 2023.

It adds that from an Allianz perspective, the value of ransomware claims the company was involved in together with other insurers, accounted for well over 50% of all cyber claims costs during 2020 and 2021.

The cyber risk landscape doesn’t allow for any resting on laurels. Ransomware and phishing scams are as active as ever and on top of that there is the prospect of a hybrid cyber war.

Most companies will not be able to evade a cyber threat. However, it is clear that organisations with good cyber maturity are better equipped to deal with incidents. Even when they are attacked, losses are typically less severe due to established identification and response mechanisms.

Many companies still need to strengthen their cyber controls, particularly around IT security trainings, better network segmentation for critical environments and cyber incident response plans and security governance.

Allianz observes that geopolitical tensions, such as the war in Ukraine, are a major factor reshaping the cyber threat landscape as the risks of espionage, sabotage, and destructive cyber-attacks against companies with ties to Russia and Ukraine increase, as well as allies and those in neighbouring countries.

https://www.reinsurancene.ws/ransomware-remains-top-cyber-risk-for-organisations-globally-says-allianz/

• How Geopolitical Turmoil Changed the Cyber Security Threat Landscape

ENISA, EU’s Agency for Cybersecurity, released its annual Threat Landscape report, covering the period from July 2021 up to July 2022.

With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks. The other threats to rank highest along ransomware are attacks against availability also called Distributed Denial of Service (DDoS) attacks.

However, the geopolitical situations particularly the Russian invasion of Ukraine have acted as a game changer over the reporting period for the global cyber domain. While we still observe an increase of the number of threats, we also see a wider range of vectors emerge such as zero-day exploits and AI-enabled disinformation and deepfakes. As a result, more malicious and widespread attacks emerge having more damaging impact.

EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “Today’s global context is inevitably driving major changes in the cyber security threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens.”

State sponsored, cyber crime, hacker-for-hire actors and hacktivists remain the prominent threat actors during the reporting period of July 2021 to July 2022.

ENISA sorted threats into 8 groups. Frequency and impact determine how prominent all of these threats still are.

• Ransomware: 60% of affected organisations may have paid ransom demands

• Malware: 66 disclosures of zero-day vulnerabilities observed in 2021

• Social engineering: Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing

• Threats against data: Increasing in proportionally to the total of data produced

• Disinformation – misinformation: Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service

• Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020

• Threats against availability:

  • Largest denial of service (DDoS) attack ever was launched in Europe in July 2022

  • Internet: destruction of infrastructure, outages and rerouting of internet traffic.

https://www.helpnetsecurity.com/2022/11/08/cybersecurity-threat-landscape-2022/

• Swiss Re Wants Government Bail Out as Cyber Crime Insurance Costs Spike

As insurance companies struggle to stay afloat amid rising cyber claims, Swiss Re has recommended a public-private partnership insurance scheme with one option being a government-backed fund to help fill the coverage gap.

Global cyber insurance premiums hit $10 billion in 2021, according to Swiss Re's estimates. In a study published this week, the insurance giant forecasted 20 percent annual growth to 2025, with premiums rising to $23 billion over the next few years.

Meanwhile, annual cyber attack-related losses total about $945 billion globally, and about 90% of that risk remains uninsured, according to insurance researchers at the Geneva Association.

While Forrester estimates a typical data breach costs an average $2.4 million for investigation and recovery, only 55 percent of companies currently have cyber insurance policies. Additionally, less than 20 percent have coverage limits in excess of $600,000, which the analyst firm cites as the median ransomware demand in 2021.

https://www.theregister.com/2022/11/08/government_cyber_insurance/

• Extortion Economics: Ransomware's New Business Model

Ransomware-as-a-service lowers the barriers to entry, hides attackers’ identities, and creates multitier, specialised roles in service of ill-gotten gains.

Did you know that more than 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cyber criminals have become emboldened by the underground ransomware economy.

And yet many threat actors work within a relatively small and interconnected ecosystem of players. This pool of cyber criminals has created specialised roles and consolidated the cyber crime economy, fuelling ransomware-as-a-service (RaaS) to become the dominant business model. In doing so, they've enabled a wider range of criminals to deploy ransomware regardless of their technical expertise and forced all of us to become cyber security defenders in the process.

Ransomware takes advantage of existing security compromises to gain access to internal networks. In the same way businesses hire gig workers to cut costs, cyber criminals have turned to renting or selling their ransomware tools for a portion of the profits rather than performing the attacks themselves.

This flourishing RaaS economy allows cyber criminals to purchase access to ransomware payloads and data leakage, as well as payment infrastructure. What we think of as ransomware gangs are actually RaaS programs like Conti or REvil, used by the many different actors who switch between RaaS programs and payloads.

RaaS lowers the barrier to entry and obfuscates the identity of the attackers behind the ransoming. Some programs can have 50 or more "affiliates," as they refer to their users, with varying tools, tradecraft, and objectives. Anyone with a laptop and credit card who is willing to search the Dark Web for penetration-testing tools or out-of-the-box malware can join this maximum efficiency economy.

https://www.darkreading.com/microsoft/extortion-economics-ransomware-s-new-business-model

• Confidence in Data Recovery Tools Low

A recent IDC and Druva survey asked 505 respondents across 10 industries about their ransomware experiences and found that many organisations struggle to recover after an attack. In the survey, 85% of the respondents said their organisations had a ransomware recovery plan. The challenge seems to lie in effectively executing that plan.

"A majority of organisations suffered significant consequences from ransomware attacks including long recoveries and unrecoverable data despite paying a ransom," states the "You Think Ransomware Is Your Only Problem? Think Again" report.

Data resiliency is such an important element of cyber security that 96% of respondents considered it a top priority for their organisations, with a full 77% placing it in the top 3. What's striking about the survey results is that only 14% of respondents said they were "extremely confident" in their tools, even though 92% called their data resiliency tools "efficient" or "highly efficient."

When data is spread across hybrid, cloud, and edge environments, data resiliency becomes much more complicated. A plan might seem to cover everything, but then you realise that you lost your backup or can't find the latest restore point.

The ability to recover from an attack is vital, since the growth in ransomware makes it likely that your organisation will get hit. This is why agencies like NIST recommend preparing for when an attacker pierces your defences rather than trying to keep out every intruder. That mindset also shifts the priority to preparation and planning; you need to create a disaster recovery plan that includes policy on restore points and recovery tools — and you need to practice implementing that plan before disaster strikes.

The report lists three key performance indicators that reveal the success of an organisation's recovery from a cyber attack:

• The ability to fully recover encrypted or deleted data without paying a ransom.

• Zero data loss in the process of recovering the data.

• Rapid recovery as defined by applicable service-level requirements.

When a recovery fails to meet these criteria, then the organisation may suffer financial loss, loss of reputation, permanently lost customers, and reduced employee productivity.

https://www.darkreading.com/tech-trends/confidence-in-data-recovery-tools-low

• Russia’s Sway Over Criminal Ransomware Gangs Is Coming into Focus

Russia-based ransomware gangs are some of the most prolific and aggressive, in part thanks to an apparent safe harbour the Russian government extends to them. The Kremlin doesn't cooperate with international ransomware investigations and typically declines to prosecute cyber criminals operating in the country so long as they don't attack domestic targets. A long-standing question, though, is whether these financially motivated hackers ever receive directives from the Russian government and to what extent the gangs are connected to the Kremlin's offensive hacking. The answer is starting to become clearer.

New research presented at the Cyberwarcon security conference in Arlington, Virginia, this week looked at the frequency and targeting of ransomware attacks against organisations based in the United States, Canada, the United Kingdom, Germany, Italy, and France in the lead-up to these countries' national elections. The findings suggest a loose but visible alignment between Russian government priorities and activities and ransomware attacks leading up to elections in the six countries.

The project analysed a data set of over 4,000 ransomware attacks perpetrated against victims in 102 countries between May 2019 and May 2022. The analysis showed a statistically significant increase in ransomware attacks from Russia-based gangs against organisations in the six victim countries ahead of their national elections. These nations suffered the most total ransomware attacks per year in the data set, about three-quarters of all the attacks.

The data was used to compare the timing of attacks for groups believed to be based out of Russia and groups based everywhere else. They looked at the number of attacks on any given day, and what they found was an interesting relationship where for these Russia-based groups, there was an increase in the number of attacks starting four months before an election and moving three, two, one month in, up to the event.

The findings showed broadly that non-Russian ransomware gangs didn't have a statistically significant increase in attacks in the lead-up to elections. Whereas two months out from a national election, for example, the researchers found that organisations in the six top victim countries were at a 41 percent greater chance of having a ransomware attack from a Russia-based gang on a given day, compared to the baseline.

https://www.wired.com/story/russia-ransomware-gang-connections/

• Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs

Twelve percent of all employees take sensitive intellectual property (IP) with them when they leave an organisation.

The data comes from workforce cyber intelligence and security company Dtex, which published a report about top insider risk trends for 2022. “Customer data, employee data, health records, sales contacts, and the list goes on,” reads the document. “More and more applications are providing new features that make data exfiltration easier. For example, many now provide the ability to maintain clipboard history and sync across multiple devices.”

Case in point, the report also suggests a 55% increase in unsanctioned application usage, including those making data exfiltration easier by allowing users to maintain clipboard history and sync IP across multiple devices. “Bring Your Own Applications (BYOA) or Shadow IT can be a source of intelligence for business innovation,” Dtex wrote. “Still, they pose a major risk if the security team has not tested these tools thoroughly.”

Further, the new data highlight a 20% increase in resignation letter research and creation from employees taking advantage of the tight labour market to switch positions for higher wages.

“In most cases, an individual planning to leave the business is not pleased with the company’s product, co-workers, work environment, or compensation,” reads the report. “Disgruntled employees are usually jaded by a business that has not shown any steps to alleviate concerns, even after communication attempts.”

Finally, the Dtex report says the industry has witnessed a 200% increase in unsanctioned third-party work on corporate devices from a high prevalence of employees engaged in side gigs.

https://www.infosecurity-magazine.com/news/12-of-employees-take-ip-when/

• Why a Clear Cyber Policy is Critical for Companies

In October, Joe Sullivan, Uber’s former head of security, was convicted of covering up a 2016 data breach at the ride hailing giant by hiding details from US regulators and then paying off the hackers.

It was a trial followed nervously by cyber security professionals around the world — coming eight years after an incident that had compromised the personal information of more than 57mn people.

“Any news about another company dealing with a data security incident can strike a bit of fear across industries,” notes Mary Pothos, chief privacy officer at digital travel company Booking.com. She adds that incidents like these cause “many companies to pause, rethink or revisit their internal processes to make sure that they are operating effectively”.

These incidents, and threats, are growing at lightning speed, too. War in Ukraine is now being played out as much in cyber space as on the battlefield. The Covid pandemic has forced businesses to rethink where their employees work, and handle or access data. At the same time, the sheer number of web-connected devices is multiplying.

“We need to be people who can predict what is coming along the line, predict the future, almost” said Victor Shadare, head of cyber security at media company Condé Nast, at a recent FT event on cyber security.

Palo Alto Networks, a specialist security company, found that cyber extortion grew rapidly in 2021. Some 35 new ransomware gangs emerged, the average ransom demand increasing 144 per cent that year to $2.2mn, and the average payment rose by 78 per cent to $541,010.

Meanwhile, cyber security personnel have found themselves hemmed in by increasingly onerous regulations. These include threats of legal action if the right people are not informed about breaches, or if products come to market that are not safe enough. On September 15, for example, the European Commission presented a proposal for a new Cyber Resilience Act to protect consumers from products with inadequate security features.

“New domains of security have sprung up over the past years, so it’s not just an information technology problem any more, it’s really a full company risk issue,” says Kevin Tierney, vice-president of global cyber security at automotive group General Motors. He warns that automated and connected vehicles have thrown up additional threats to be addressed.

“You have to start out with the right governance structure and the right policies and procedures — that’s step one of really getting the company to understand what it needs to do,” he says. These include clear rules on how to disable access to tech equipment, on data protection and storage, on transferring and disposing of data, on using corporate networks, and on reporting any data breaches.

Security experts also tend to agree that there need to be robust systems of governance and accountability, to prevent the sort of trouble that befell Sullivan at Uber. Perhaps most crucially, staff across the organisation, from C-suite to assistants, need to know how to spot and manage a threat.

https://www.ft.com/content/0bb6df09-7d77-4605-aac3-89443ed65a18

Threats

Ransomware and Extortion

• Medibank: Hackers release abortion data after stealing Australian medical records - BBC News

• Medical data hacked from 10m Australians begins to appear on dark web | World news | The Guardian

• HSE cyber attack: More than 100,000 people whose personal data stolen to be contacted – The Irish Times

• How ransomware gangs and malware campaigns are changing - Help Net Security

• Thales confirms hackers have released its data on the dark web | Reuters

• More NHS dentists could be forced to close after major cyber attack leaves some nearing financial ruin (inews.co.uk)

• Most SMBs Fear Ransomware Attack Amid Heightened Geopolitical Tensions - MSSP Alert

• Australia to consider banning paying of ransoms to cyber criminals | Reuters

• LockBit gang claims to have stolen data from Kearney & Company - Security Affairs

• Azov Ransomware is a wiper, destroying data 666 bytes at a time (bleepingcomputer.com)

• Ransomware Gang Offers to Sell Files Stolen From Continental for $50 Million | SecurityWeek.Com

• Canadian food retail giant Sobeys hit by Black Basta ransomware (bleepingcomputer.com)

• LockBit affiliate uses Amadey Bot malware to deploy ransomware (bleepingcomputer.com)

• Man Arrested in Ontario For Alleged LockBit Ransomware Involvement - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs

• Conti Affiliates Black Basta, BlackByte Continue to Attack Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• US Health Dept warns of Venus ransomware targeting healthcare orgs (bleepingcomputer.com)

• Ransomware attacks on hospitals take toll on patients (nbcnews.com)

• Hackers post Hereford schoolchildren's data records on dark web | Hereford Times

• CISA and Spain Partnership to Develop Tool to Help Countries Combat Ransomware - MSSP Alert

Phishing & Email Based Attacks

• What is no-hook phishing? | IT PRO

• Phishing threats are increasingly convincing and evasive - Help Net Security

• Robin Banks phishing-as-a-service platform continues to evolve - Security Affairs

• Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com)

• Massive Phishing Campaigns Target India Banks’ Clients (trendmicro.com)

BEC – Business Email Compromise

• Instagram star gets 11 years for $300m BEC conspiracy • The Register

Malware

• Advanced RAT AgentTesla Most Prolific Malware in October - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com)

• Cloud9 Malware Offers a Paradise of Cyber attack Methods (darkreading.com)

• More malware is being hidden in PNG images, so watch out | TechRadar

• Attackers Using IPFS for Distributed, Bulletproof Malware Hosting | SecurityWeek.Com

• Malicious extension lets attackers control Google Chrome remotely (bleepingcomputer.com)

• New hacking group uses custom 'Symatic' Cobalt Strike loaders (bleepingcomputer.com)

• New StrelaStealer malware steals your Outlook, Thunderbird accounts (bleepingcomputer.com)

Mobile

• 5 Common Smartphone Security Myths, Debunked (makeuseof.com)

• Oh, look: More malware in the Google Play store • The Register

• Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan - Security Affairs

• Malicious droppers on Google Play deliver banking malware to victims - Help Net Security

• Samsung phones are being targeted by some seriously shady zero-days | TechRadar

• Vultur Android Banking Trojan Reaches 100,000+ Downloads on Google Play Store - Infosecurity Magazine (infosecurity-magazine.com)

• New BadBazaar Android malware linked to Chinese cyber spies (bleepingcomputer.com)

• Worok hackers hide new malware in PNGs using steganography (bleepingcomputer.com)

Internet of Things – IoT

• Cyber security 'Nutrition' Labels Still a Work in Progress (darkreading.com)

• Knock, Knock: Aiphone Bug Allows Cyber attackers to Literally Open (Physical) Doors (darkreading.com)

Organised Crime & Criminal Actors

• Cyberwar and Cyber crime Go Hand in Hand (darkreading.com)

• An initial access broker claims to have hacked Deutsche Bank - Security Affairs

• Cyber crime costs to hit $10.5tn by 2025 hears Saudi forum - Arabian Business

• 4 Types of Cyber Crime Groups (trendmicro.com)

• Cyber crime Group OPERA1ER Stole $11M From 16 African Businesses (darkreading.com)

• Instagram star gets 11 years for $300m BEC conspiracy • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX says it is probing ‘abnormal transactions’ after potential hack | Financial Times

• Kraken's CSO Claims To Have Identified The $600 Million FTX Hacker (coingape.com)

Insider Risk and Insider Threats

• The 'Great Resignation' Caused Insider Threats to Peak in Q3 2022, Kroll Finds - Infosecurity Magazine (infosecurity-magazine.com)

Fraud, Scams & Financial Crime

• Fifth Of 18 To 34-year-olds Have Fallen Victim To Financial Scams – Information Security Buzz

• Ukrainian Cyber Cops Bust $200m Fraud Ring - Infosecurity Magazine (infosecurity-magazine.com)

• Retail Sector Prepares for Annual Holiday Cyber crime Onslaught (darkreading.com)

• Online payment fraud is evolving - Help Net Security

• US seized 18 web domains used for recruiting money mules (bleepingcomputer.com)

Insurance

• Rising cost of cyber attacks sends insurance policy charges soaring | Financial Times (ft.com)

• Just 25% of businesses are insured against cyber attacks. Here's why (theconversation.com)

• Re-Focusing Cyber Insurance with Security Validation (thehackernews.com)

• Swiss Re: Cyber-Insurance Industry Must Reform - Infosecurity Magazine (infosecurity-magazine.com)

Dark Web

• DoJ seizes $3.36B Bitcoin from Silk Road hacker - Security Affairs

• Silk Road drugs market hacker pleads guilty, faces 20 years inside – Naked Security (sophos.com)

Supply Chain and Third Parties

• Evolving From Third-Party Risk Management To The Extended Enterprise – Information Security Buzz

Hybrid Working

• Remote work pushes video conferencing security to the fore - Help Net Security

Attack Surface Management

• Managing and Mitigating Risk From Unknown Unknowns (darkreading.com)

Identity and Access Management

• A Better Way to Resist Identity-Based Cyber Threats (darkreading.com)

API

• Top 5 API Security Myths That Are Crushing Your Business (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Microsoft Password Hacking Increase – Information Security Buzz

• False sense of safety undermines good password hygiene - Help Net Security

• Password-hacking attacks are on the rise. Here's how to stop your accounts from being stolen | ZDNET

Social Media

• Twitter C-Level Resignations Continue As Blue Program Creates New Cyber-Risks - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter blue check unavailable after impostor accounts erupt on platform | Twitter | The Guardian

• Twitter chief information security officer Lea Kissner departs | TechCrunch

Privacy, Surveillance and Mass Monitoring

• World Cup apps pose a data security and privacy nightmare • The Register

• Surveillance 'Existential' Danger of Tech: Signal Boss | SecurityWeek.Com

Regulations, Fines and Legislation

• SEC Announces 'Enforcement Action' For SolarWinds Over 2020 Hack - Infosecurity Magazine (infosecurity-magazine.com)

• Experian, T-Mobile fined $16m for spilling 18m people's data • The Register

Careers, Working in Cyber and Information Security

• Three million empty seats: What can we do about the cyber skills shortage? (computerweekly.com)

• Cyber security, cloud and coding: Why these three skills will lead demand in 2023 | ZDNET

• Cyber security leaders want to quit. Here's what is pushing them to leave | ZDNET

Law Enforcement Action and Take Downs

• DoJ seizes $3.36B Bitcoin from Silk Road hacker - Security Affairs

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyberwar and Cyber crime Go Hand in Hand (darkreading.com)

• Red Cross seeks digital equivalent of its emblems • The Register

• Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless | WIRED

• EU calls for joint cyber defence in response to Russia • The Register

• Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft | SecurityWeek.Com

• What Ukraine’s cyber defence tactics can teach other nations | Financial Times (ft.com)

• Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs

• APT29 abused Windows Credential Roaming in attacks - Security Affairs

• Android RAT Group Targets Indian Defence Personnel - Infosecurity Magazine (infosecurity-magazine.com)

• Dutch MEP says illegal spyware ‘a grave threat to democracy’ | European Commission | The Guardian

• Greece Is Banning Spyware After Predator Phone-Tapping Scandal (gizmodo.com)

• British embassy security guard David Smith admits spying for Russia - BBC News

Nation State Actors

Nation State Actors – Russia

• EU calls for joint cyber defence in response to Russia • The Register

• Ukraine war: Russians kept in the dark by internet search - BBC News

• Microsoft links Russia’s military to cyber attacks in Poland and Ukraine | Ars Technica

• Putin ally Yevgeny Prigozhin admits interfering in US elections | Russia | The Guardian

• Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs

Nation State Actors – China

• New BadBazaar Android malware linked to Chinese cyber spies (bleepingcomputer.com)

Nation State Actors – Misc

• Microsoft: Nation-state threats, zero-day attacks increasing (techtarget.com)

Vulnerability Management

• Why CVE Management as a Primary Strategy Doesn't Work (darkreading.com)

• Why it's time to review your Microsoft patch management options | CSO Online

• Risk-Based Vulnerability Management: Understanding the RBVM Trend (darkreading.com)

• How can CISOs catch up with the security demands of their ever-growing networks? - Help Net Security

• Microsoft: Nation-state threats, zero-day attacks increasing (techtarget.com)

• Types of vulnerability scanning and when to use each (techtarget.com)

Vulnerabilities

• Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws (bleepingcomputer.com)

• VMware fixes three critical auth bypass bugs in remote access tool (bleepingcomputer.com)

• Citrix ADC and Citrix Gateway are affected by a critical auth bypass - Security Affairs

• Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products | SecurityWeek.Com

• Microsoft Patches MotW Zero-Day Exploited for Malware Delivery | SecurityWeek.Com

• Apple out-of-band patches fix RCE bugs in iOS and macOS - Security Affairs

• Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks (bleepingcomputer.com)

• SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5 | SecurityWeek.Com

• Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica

• Foxit Patches Several Code Execution Vulnerabilities in PDF Reader | SecurityWeek.Com

• LiteSpeed Vulnerabilities Can Lead to Complete Web Server Takeover | SecurityWeek.Com

Reports Published in the Last Week

• 2022 Cloud Data Security Report - Help Net Security

• Report on DDoS attacks in Q3 2022 | Securelist

• Cyber security Trends Report: Check Point Software Predicts Hikes in Hacking and Exploits - MSSP Alert

• Data Security Trust is Down, Anxiety is Up, Rubrik Zero Labs Reports - MSSP Alert

Other News

• Majority of Security Managers Lack Threat Intelligence Skills - Infosecurity Magazine (infosecurity-magazine.com)

• What Is Threat Hunting? A Definition for MSPs and Channel Partners - MSSP Alert

• Cyber security: These are the new things to worry about in 2023 | ZDNET

• Cyber Professionals Now Tasked with Securing Society, Says Mikko Hyppönen - Infosecurity Magazine (infosecurity-magazine.com)

• Corporations Confident in Data Protection Programs but Scrutiny is Lacking, New Report Finds - MSSP Alert

• What We Really Mean When We Talk About ‘Cyber security’ (darkreading.com)

• Personal cyber security is now a company problem - Help Net Security

• History of Computer Viruses & Malware | What Was Their Impact? (esecurityplanet.com)

• 5 Reasons to Consolidate Your Tech Stack (thehackernews.com)

• Attacks on Microsoft SQL have seen a huge rise | TechRadar

• Cookies for MFA Bypass Gain Traction Among Cyber attackers (darkreading.com)

• 2FA, 3FA, MFA… What does it all mean? - Help Net Security

• Qatar World Cup Firms Urged to Upgrade Cyber-Threat Model - Infosecurity Magazine (infosecurity-magazine.com)

• Common lateral movement techniques and how to prevent them (techtarget.com)

• Beyond the Pen Test: How to Protect Against Sophisticated Cyber criminals (darkreading.com)

• Red, purple, or blue? When it comes to offensive security operations, it’s not just about picking one colour - Help Net Security

• 5 ways to overcome multifactor authentication vulnerabilities (techtarget.com)

• The security dilemma of data sprawl - Help Net Security

• 15,000 sites hacked for massive Google SEO poisoning campaign (bleepingcomputer.com)

• Unencrypted Traffic Still Undermining Wi-Fi Security (darkreading.com)

• Researchers Devise Wi-Peep Drone That Can 'See Through Walls' (gizmodo.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.