Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 11 August 2023
Black Arrow Cyber Threat Intelligence Briefing 11 August 2023:
-75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
-How an Eight-Character Password Could be Cracked in Just a Few Minutes
-Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
-How Executives’ Personal Devices Threaten Business Security
-77% of Financial Firms Saw an Increase in Cyber Attack Frequency
-Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
-Managing Human Cyber Risks Matters Now More Than Ever
-Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
-UK Shaken by Major Data Breaches
-Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
-Mac Users are Facing More Dangerous Security Threats Than Ever Before
-Cyber Attack to Cost Outsourcing Firm Capita up to £25m
-Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.
Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.
Source: [Dark Reading]
How an Eight-Character Password Could be Cracked in Just a Few Minutes
Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.
Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.
Source: [Techrepublic]
Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.
In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.
The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.
Source: [Dark Reading]
How Executives’ Personal Devices Threaten Business Security
Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.
A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.
Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.
Sources: [Help Net Security] [Security Affairs]
77% of Financial Firms Saw an Increase in Cyber Attack Frequency
According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).
Source: [SecurityMagazine]
Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.
Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.
Source: [Forbes]
Managing Human Cyber Risks Matters Now More Than Ever
As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.
A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.
Source: [Help Net Security]
Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.
The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.
Sources: [Help Net Security] [Security Affairs]
UK Shaken by Major Data Breaches
Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.
Sources: [Telegraph] [Tech Crunch]
Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.
Sources: [ITPro] [Infosecurity Magazine]
Mac Users are Facing More Dangerous Security Threats Than Ever Before
Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.
In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.
Source: [Techradar]
Cyber Attack to Cost Outsourcing Firm Capita up to £25m
Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.
The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.
Source: [Guardian]
Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.
Source: [Financial Express]
Governance, Risk and Compliance
Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)
Managing human cyber risks matters now more than ever - Help Net Security
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian
9 common risk management failures and how to avoid them | TechTarget
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
What happens if cyber insurance becomes unviable? - Raconteur
NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro
Cyber Security Must Focus on the Goals of Criminals (informationweek.com)
Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)
Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)
Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network
It's Time for Cyber security to Talk About Climate Change (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert
Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online
Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro
Data exfiltration is now the go-to cyber extortion strategy - Help Net Security
Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)
Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)
Recent ransomware attacks share curiously similar tactics - Help Net Security
Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)
Navigating the gray zone of ransomware payment practices - Help Net Security
Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)
Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
Best practices for reporting ransomware attacks | TechTarget
Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)
Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com
Ransomware Victims
Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)
Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)
Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)
Phishing & Email Based Attacks
Hackers are targeting top executives to steal their work logins | TechRadar
Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security
9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar
RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online
Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)
How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
White House offers prize money for hacker-thwarting AI (techxplore.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)
In the age of ChatGPT, Macs are under malware assault | Digital Trends
AI can now steal your passwords with almost 100% accuracy | Digital Trends
Microsoft AI Red Team building future of safer AI | Microsoft Security Blog
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
AI hacking gets White House backing; some already go rogue (9to5mac.com)
OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
2FA/MFA
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News
Malware
In the age of ChatGPT, Macs are under malware assault | Digital Trends
Mac users are facing more dangerous security threats than ever before | TechRadar
Threat intelligence's key role in mitigating malware threats - Help Net Security
This PowerPoint could help hackers empty your bank account | Digital Trends
Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)
Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)
CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)
Mobile
Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)
Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International
Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)
How executives' personal devices threaten business security - Help Net Security
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week
Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)
Botnets
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)
How to accelerate and access DDoS protection services using GRE - Help Net Security
Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica
Internet of Things – IoT
Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED
Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)
The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)
Data Breaches/Leaks
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)
UK Electoral Commission hacked by 'hostile actors' | Reuters
PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)
Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Organised Crime & Criminal Actors
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)
Cyber security Must Focus on the Goals of Criminals (informationweek.com)
How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
BlackBerry Discloses Major Crypto-Based Malware - The Tech Report
FBI warns of phishing scams and social media account hijackers (cointelegraph.com)
Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)
Insider Risk and Insider Threats
Managing human cyber risks matters now more than ever - Help Net Security
US Navy sailors charged with stealing secret info for China • The Register
Get consent before you monitor your staff, UK MPs suggest • The Register
Fraud, Scams & Financial Crime
Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly
Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Impersonation Attacks
Insurance
What happens if cyber insurance becomes unviable? - Raconteur
Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
Dark Web
Dark web activity targeting the financial sector - Help Net Security
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
Supply Chain and Third Parties
Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)
37% of third-party applications have high-risk permissions - Help Net Security
Software Supply Chain
Unravelling the importance of software supply chain security - Help Net Security
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
37% of third-party applications have high-risk permissions - Help Net Security
Cloud/SaaS
Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Managing and Securing Distributed Cloud Environments - Security Week
Microsoft 365 guests + Power Apps = security nightmare • The Register
Containers
Identity and Access Management
CrowdStrike observes massive spike in identity-based attacks | TechTarget
Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)
Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)
91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Encryption
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)
Open Source
Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Kemba Walden: We need to secure open source software | TechTarget
Passwords, Credential Stuffing & Brute Force Attacks
How an 8-character password could be cracked in just a few minutes (techrepublic.com)
AI can now steal your passwords with almost 100% accuracy | Digital Trends
US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)
Biometrics
Social Media
Malvertising
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News
Training, Education and Awareness
Managing human cyber risks matters now more than ever - Help Net Security
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Travel
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro
The Problem With Cyber security (and AI Security) Regulation (darkreading.com)
CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week
The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)
America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Models, Frameworks and Standards
NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST
Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru
5 steps to ensure HIPAA compliance on mobile devices | TechTarget
Data Protection
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Careers, Working in Cyber and Information Security
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)
Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security
Law Enforcement Action and Take Downs
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
Privacy, Surveillance and Mass Monitoring
Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update
China drafts rules for using facial recognition data - Japan Today
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
SpaceX's private control of satellite internet concerns military leaders | Space
Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR
Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop
Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)
Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop
US, Ukraine cyber leaders talk resilience, collaboration | TechTarget
Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
China
China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)
Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)
UK security must not be sacrificed to net zero (telegraph.co.uk)
Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia
China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget
Why the China cyber threat demands an airtight public-private response (federaltimes.com)
China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW
China drafts rules for using facial recognition data - Japan Today
US Navy sailors charged with stealing secret info for China • The Register
RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)
US Navy sailors charged with stealing secret info for China • The Register
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Iran
North Korea
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
Misc/Other/Unknown
Vulnerability Management
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week
Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online
Microsoft hits back at Tenable’s criticism of its infosec • The Register
The Four Pillars of Vulnerability Management - GovInfoSecurity
Has Microsoft cut security corners once too often? | Computerworld
Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)
The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)
Vulnerabilities
Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs
Microsoft, Intel lead this month's security fix emissions • The Register
Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)
Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register
Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)
New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)
Google Chrome will get weekly security updates - gHacks Tech News
Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week
Adobe Releases Security Updates for Multiple Products | CISA
New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week
Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)
Tools and Controls
Managing human cyber risks matters now more than ever - Help Net Security
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)
MDR: Empowering Organisations with Enhanced Security (thehackernews.com)
9 common risk management failures and how to avoid them | TechTarget
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)
Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)
Managing and Securing Distributed Cloud Environments - Security Week
How to handle API sprawl and the security threat it poses - Help Net Security
Threat intelligence's key role in mitigating malware threats - Help Net Security
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)
Other News
UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)
Budget constraints threaten cybersecurity in government bodies - Help Net Security
Threat of cyber attacks to national security compared to that of chemical weapons | ITPro
Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News
Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore
Cyber Security Threats From Online Gaming – Analysis – Eurasia Review
Cyber attack cost Interserve more than £11m | News | Building
Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28 April 2023
Black Arrow Cyber Threat Briefing 28 April 2023:
- Navigating The Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation Are Key
- Shadow IT, SaaS Pose Security Liability for Enterprises
- The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection
- Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks
- Over 70 billion Unprotected Files Available on Unsecured Web Servers
- Cyber Thieves Are Getting More Creative
- Modernising Vulnerability Management: The Move Toward Exposure Management
- Almost Three-quarters of Cyber Attacks Involve Ransomware
- Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts
- NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities
- Email Threat Report 2023: Key Takeaways
- 5 Most Dangerous New Attack Techniques
- Many Public Salesforce Sites are Leaking Private Data
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Navigating the Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation are Key
Cyber investments have become table stakes for businesses around the world. Cyber crime is increasing, with 91% of organisations reporting at least one cyber incident in the past year. Not only are they growing in numbers, but they are becoming more sophisticated and diverse, with new threats constantly emerging. According to the 2023 Deloitte Global Future of Cyber survey, business leaders are changing how they think of cyber, and it’s emerging as a larger strategic discussion tied to an organisation’s long-term success.
Cyber is about more than protecting information—risk management, incident response planning, threat intelligence and training can often be directly correlated to increasing trust within businesses.
Cyber security training is essential for employees to ensure the safety and security of a business. Employees are often the first line of defence against cyber-attacks and frequently the weakest link in an organisation's security posture. Cyber security training can help employees recognise and avoid common cyber threats, such as phishing attacks, malware, and social engineering. 89% of organisations cited as high-performing cyber organisations have implemented annual cyber awareness training among all employees. With increased digital dependency year over year—effective employee training can raise awareness, reduce risk, improve security posture, and support compliance.
Shadow IT, SaaS Pose Security Liability for Enterprises
There's no denying that software-as-a-service (SaaS) has entered its golden age. Software tools have now become essential to modern business operations and continuity. However, not enough organisations have implemented the proper procurement processes to ensure they're protecting themselves from potential data breaches and reputational harm.
A critical component contributing to concerns around SaaS management is the rising trend of shadow IT, which is when employees download and use software tools without notifying their internal IT teams. A recent study shows that 77% of IT professionals believe that shadow IT is becoming a major concern in 2023, with more than 65% saying their SaaS tools aren't being approved. Organisations are beginning to struggle with maintaining security as their SaaS usage continues to sprawl.
To combat shadow IT and the high risks that come along with it, organisations must gain greater visibility over their SaaS stacks and institute an effective procurement process when bringing on new software solutions.
https://www.darkreading.com/edge-articles/shadow-it-saas-pose-security-liability-for-enterprises
The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection
While indicators of compromise and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence needs have grown over the past few years, driven by things like digital transformation, cloud computing and remote working. In fact, these changes have led to a cyber threat intelligence (CTI) subcategory focused on digital risk protection (DRP). DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets”.
According to research provider ESG, the most important functions of DRP as part of a mature CTI programme are: vulnerability exploit intelligence, takedown services, leaked data monitoring, malicious mobile application monitoring, brand protection and attack surface management. It should be noted that a mature CTI programme can utilise service providers to help carry out threat intelligence, it doesn’t have to be spun up by the organisation from nothing. Regardless, an organisation employing these DRP functions as part of a CTI programme will be increasing its cyber resilience and reducing the chance of a cyber incident.
Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks
Threat actors are getting more adept at exploiting common everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments according to a recent report. The report, conducted by UNIT 42 analysed the workload of 210,000 cloud accounts across 1,300 organisations.
The report’s findings echoed similarities from the previous year, finding almost all cloud users, roles, services and resources grant excessive permissions. Some of the other key findings include as many as 83% of organisations having hard-coded credentials in their source control management systems, 53% of cloud accounts allowing weak password usage and 44% allowing password reuse and 71% of high or critical vulnerabilities exposed were at least two years old.
Over 70 Billion Unprotected Files Available on Unsecured Web Servers
A recent report found that more than 70 billion files, including intellectual property and financial information, are freely available and unprotected on unsecured web servers. Other key findings of the report included almost 1 in 10 of all detected internet-facing assets having an unpatched vulnerability, with the top 10 vulnerabilities found unpatched at least 12 million times each.
The report predicted that there will be a significant rise in information stealing malware; the report had found that 50% of emails associated with customers were plaintext and unencrypted. Additionally, there will be more incidents due to an increase in assets which are not known to IT, known as shadow IT.
Organisations should look to employ efficient patch management, have an up to date asset register, and use encryption to better increase their cyber defences.
https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/
Cyber Thieves Are Getting More Creative
Cyber criminals are constantly changing their tactics and finding new ways to steal money from organisations. An example of this can be seen where criminals are breaking into systems to learn who is authorised to send payments and what the procedures are. Eventually, this leads to the criminal instructing payment to their own account.
Unfortunately, it is only after such events that some organisations are taking actions, such as verifying payments through phone calls. Whilst it is important for organisations to learn from attacks, it is beneficial to take a pro-active approach and employ procedures such as call back procedures before an incident has occurred.
https://hbr.org/2023/04/cyber-thieves-are-getting-more-creative
Modernising Vulnerability Management: The Move Toward Exposure Management
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritisation, and understanding of attackers' motivations, opportunities and means. Vulnerabilities only represent a small part of the attack surface that attackers can leverage.
Exposures are broader and can encompass more than just vulnerabilities. Exposures can result from various factors, such as human error, improperly defined security controls, and poorly designed and unsecured architecture. Organisations should consider that an attacker doesn’t just look at one exposure; attackers will often use a combination of vulnerabilities, misconfigurations, permissions and other exposures to move across systems and reach valuable assets.
As such, organisations looking to improve their cyber resiliency should consider their vulnerability management system and assess both whether it is taking into account exposures and the context in relation to the organisation.
https://thehackernews.com/2023/04/modernizing-vulnerability-management.html
Two-thirds of Cyber Attacks Involve Ransomware
A report from Sophos focusing on recent incident response cases, found that 68.4% of incidents resulted from ransomware. This was followed by network breaches, accounting for 18.4%. Regarding threat actor access, the report found that unpatched vulnerabilities were the single most common access method, followed by compromised credentials.
Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts
A recent report found that the top challenges when implementing an effective cyber/IT risk management programme include an increase in the quantity (49%) and severity (49%) of cyber threats, a lack of funding (37%) and a lack of staffing/cyber risk talent (36%).
Cyber attacks have been increasing for several years now and resulting data breaches cost businesses an average of $4.35 million in 2022, according to the annual IBM ‘Cost of a Data Breach’ report. Given the financial and reputational consequences of cyber attacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.
When it came to reporting to the board, 30% of CIO and CISO respondents say they do not communicate risk around specific business initiatives to other company leaders, indicating they may not know how to share that information in a constructive way.
https://www.helpnetsecurity.com/2023/04/26/effective-it-risk-management/
NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities
According to the US National Security Agency (NSA), Russian hackers could be looking to attack logistics targets more broadly. The NSA have noted a significant amount of intelligence gathering into western countries, including the UK and the US.
Although there is no indication yet regarding attacks from Russia in connection with the logistics related to Ukraine, organisations should be aware and look to improve their cyber security practices to be best prepared.
https://cyberscoop.com/nsa-russian-ukraine-supply-chain-ransomware/
Email Threat Report 2023: Key Takeaways
According to a recent report, email phishing made up 24% of all spam types in 2022, a significant increase in proportion from 11% in 2021. The finance industry was the most targeted by far, accounting for 48% of phishing incidents. It is followed by the construction sector at 17%, overtaking 2021’s second-place industry, e-commerce. Both the finance and construction industries saw an increase in phishing since last year. Of all the emails analysed in 2022, an enormous 90% were spam emails.
With phishing as prevalent as ever, organisations should look to implement training for their staff to not only be able to spot phishing emails, but to be able to report these and aid in improving the cyber security culture of their organisation.
https://www.itsecurityguru.org/2023/04/27/email-threat-report-2023-key-takeaways/
5 Most Dangerous New Attack Techniques
Experts from security training provider SANS Institute have revealed the 5 most dangerous new attack techniques: adversarial AI, ChatGPT-powered social engineering, third-party developer attacks (also known as software supply chain attacks), SEO, and paid advertising attacks.
The new techniques highlight the ever changing environment of the attack environment. SEO and paid advertising attacks are leveraging fundamental marketing strategies to gain initial access, heightening the importance for organisations to incorporate scalable user awareness training programmes, tailored to new threats.
https://www.csoonline.com/article/3694892/5-most-dangerous-new-attack-techniques.html
Many Public Salesforce Sites are Leaking Private Data
A shocking number of organisations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.
This included the US State of Vermont who had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance programme that exposed the applicant’s full name, social security number, address, phone number, email, and bank account number. Similar information was leaked by TCF Bank on their Salesforce Community Website.
It's not just Salesforce though; misconfigurations in general are responsible for a number of leaked documents and or exposures relating to an organisation.
https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
Threats
Ransomware, Extortion and Destructive Attacks
New coercive tactics used to extort ransomware payments - Help Net Security
Almost three-quarters of cyber attacks involve ransomware | Computer Weekly
Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)
Effects of the Hive Ransomware Group Takedown (darkreading.com)
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (thehackernews.com)
Tank storage company Vopak hacked, Ransomware groups report | NL Times
Health insurer Point32Health suffered a ransomware attack-Security Affairs
Hacker demands ransom after 'taking control' of Wiltshire school's IT | Swindon Advertiser
RSAC speaker offers ransomware victims unconventional advice | TechTarget
How ransomware victims can make the best of a bad situation | TechTarget
Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse (gizmodo.com)
Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
CommScope employees left in the dark after ransomware attack | TechCrunch
Phishing & Email Based Attacks
How Dangerous Is Phishing in 2023? - Duo Blog | Duo Security
The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioural AI (darkreading.com)
BEC – Business Email Compromise
2FA/MFA
CrowdStrike details new MFA bypass, credential theft attack | TechTarget
Phishing-resistant MFA shapes the future of authentication forms - Help Net Security
Malware
Malware-Free Cyber attacks Are On the Rise; Here's How to Detect Them (darkreading.com)
Ex-Conti and FIN7 Actors Collaborate with New Backdoor (securityintelligence.com)
EvilExtractor malware activity spikes in Europe and the US (bleepingcomputer.com)
Zaraza Malware Exploits Web Browsers To Steal Stored Passwords (latesthackingnews.com)
This evil malware disables your security software, then goes in for the kill | TechRadar
Decoy Dog malware toolkit found after analysing 70 billion DNS queries (bleepingcomputer.com)
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)
A Security Team Is Turning This Malware Gang’s Tricks Against It | WIRED
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)
Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek
Chinese hackers launch Linux variant of PingPull malware | CSO Online
Mobile
WhatsApp used in BEC scam to pilfer $6.4M | SC Media (scmagazine.com)
35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)
Botnets
Denial of Service/DoS/DDOS
New SLP bug can lead to massive 2,200x DDoS amplification attacks (bleepingcomputer.com)
'Anonymous Sudan' Claims Responsibility for DDoS Attacks Against Israel (darkreading.com)
Internet of Things – IoT
Data Breaches/Leaks
Over 70 billion unprotected files available on unsecured web servers - Help Net Security
Many Public Salesforce Sites are Leaking Private Data – Krebs on Security
American Bar Association data breach hits 1.4 million members (bleepingcomputer.com)
American Bar Association (ABA) suffered a data breach-Security Affairs
Shields Health Breach Exposes 2.3M Users' Data (darkreading.com)
Serving UK Armed Forces member charged under Official Secrets Act (telegraph.co.uk)
Yellow Pages Canada confirms cyber attack as Black Basta leaks data (bleepingcomputer.com)
Vantage Travel Experiences Data Security Incident (darkreading.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
The IRS is sending four investigators across the world to fight cyber crime | TechCrunch
US deploys more cyber forces abroad to help fight hackers | Reuters
The ‘Your computer was locked’ scam is gaining traction (consumeraffairs.com)
Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)
Deepfakes
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks | WIRED
That 3CX supply chain attack keeps getting worse • The Register
NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop
North Korean hackers breach software firm in significant cyber attack | CNN Politics
SD Worx hack: Payroll firm for M&S hit by cyber attack (thetimes.co.uk)
A third-party’s perspective on third-party InfoSec risk management - Help Net Security
Software Supply Chain
Cloud/SaaS
Shadow IT, SaaS Pose Security Liability for Enterprises (darkreading.com)
14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)
Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform (thehackernews.com)
Saas Security: The Need For Continuous Sustenance (informationsecuritybuzz.com)
How CISOs navigate security and compliance in a multi-cloud world - Help Net Security
Security experts found a major bug in Google Cloud | TechRadar
Most SaaS adopters exposed to browser-borne attacks - Help Net Security
Exposed Artifacts Seen In Misconfigured Cloud Software Registries (informationsecuritybuzz.com)
Google accounts attacked and hijacked by this devious security flaw | TechRadar
Containers
Kubernetes RBAC abused to create persistent cluster backdoors (bleepingcomputer.com)
Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC-Security Affairs
Combating Kubernetes — the Newest IAM Challenge (darkreading.com)
Attack Surface Management
Over 70 billion unprotected files available on unsecured web servers - Help Net Security
Study of past cyber attacks can improve organisations' defence strategies - Help Net Security
Shadow IT
Identity and Access Management
Rethinking the effectiveness of current authentication initiatives - Help Net Security
Combating Kubernetes — the Newest IAM Challenge (darkreading.com)
Open Source
The double-edged sword of open-source software - Help Net Security
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)
Chinese hackers launch Linux variant of PingPull malware | CSO Online
Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Password reset woes could cost FTSE 100 companies $156 million each month - Help Net Security
A '!password20231#' password may not be as complex as you think (bleepingcomputer.com)
Social Media
Malvertising
Google ads push BumbleBee malware used by ransomware gangs (bleepingcomputer.com)
35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)
Training, Education and Awareness
Digital Transformation
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
Is your bank account safe? Mass layoffs weaken cyber security across finance sector | Fox Business
The strong link between cyber threat intelligence and digital risk protection | CSO Online
Organisations are stepping up their game against cyber threats - Help Net Security
CISOs: unsupported, unheard, and invisible - Help Net Security
The Relationship Between Security Maturity and Business Enablement | CSO Online
CISOs Rethink Data Security with Info-Centric Framework (darkreading.com)
UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)
Good, Better And Best Security (informationsecuritybuzz.com)
SANS Reveals Top 5 Most Dangerous Cyber attacks for 2023 (darkreading.com)
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)
How to Begin a Career in Ethical Hacking in the Year 2023? (analyticsinsight.net)
Law Enforcement Action and Take Downs
To combat cyber crime, US law enforcement increasingly prioritizes disruption | CyberScoop
US to focus on stifling cyber attacks, not convictions • The Register
US deploys more cyber forces abroad to help fight hackers | Reuters
Effects of the Hive Ransomware Group Takedown (darkreading.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
The Growing Need for Cyber Security in an Age of AI Disruption (analyticsinsight.net)
Cyber security Survival: Hide From Adversarial AI (darkreading.com)
AI Experts: Account for AI/ML Resilience & Risk While There's Still Time (darkreading.com)
NSA Cyber security Director Says ‘Buckle Up’ for Generative AI | WIRED
From ChatGPT to HackGPT: Meeting the Cyber security Threat of Generative AI (mit.edu)
ChatGPT fans need 'defensive mindset' to avoid scammers • The Register
DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)
The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioral AI (darkreading.com)
Nvidia releases a toolkit to make text-generating AI ‘safer’ | TechCrunch
Artificial intelligence takes RSA Conference by storm | SC Media (scmagazine.com)
Secureworks CEO weighs in on XDR landscape, AI concerns | TechTarget
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
FBI aiding Ukraine in collection of digital and physical war crime evidence | CyberScoop
NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop
UK undersea cables worth £7.4 trillion a day under ‘real threat’ from Russia | The Independent
Eurocontrol says website 'under attack' by pro-Russia crew • The Register
Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering (thehackernews.com)
CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert
Nation State Actors
Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek
North Korean hackers breach software firm in significant cyber attack | CNN Politics
China building cyber weapons to hijack enemy satellites, says US leak | Financial Times (ft.com)
NCSC raises alert on cyber threat to infrastructure | UKAuthority
Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online
DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)
North Korea's Kimsuky APT Keeps Growing, Despite Public Outing (darkreading.com)
APT 'Mint Sandstorm' quickly exploits new PoC hacks | SC Media (scmagazine.com)
Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (thehackernews.com)
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)
US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt - SecurityWeek
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)
Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks (thehackernews.com)
Iranian cyber spies deploy new malware implant on Microsoft Exchange Servers | CSO Online
Ukrainian arrested for selling data of 300M people to Russians (bleepingcomputer.com)
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek
Chinese hackers launch Linux variant of PingPull malware | CSO Online
CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert
Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive (darkreading.com)
Vulnerabilities
New Google Chrome Zero-Day Bug Actively Exploited in Wide (gbhackers.com)
Flaw in Microsoft Process Explorer under active attack • The Register
APC warns of critical unauthenticated RCE flaws in UPS software (bleepingcomputer.com)
Double zero-day in Chrome and Edge – check your versions now! – Naked Security (sophos.com)
Security experts found a major bug in Google Cloud | TechRadar
TP-Link Archer WiFi router flaw exploited by Mirai malware (bleepingcomputer.com)
SolarWinds Platform Update Patches High-Severity Vulnerabilities - SecurityWeek
VMware Releases Critical Patches for Workstation and Fusion Software (thehackernews.com)
Cisco discloses XSS zero-day flaw in server management tool (bleepingcomputer.com)
Microsoft removes LSA Protection from Windows settings to fix bug (bleepingcomputer.com)
PaperCut says hackers are exploiting ‘critical’ security flaws in unpatched servers | TechCrunch
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek
Tools and Controls
Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security
14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)
Six Key Considerations When Choosing a Web Application Firewall - Security Boulevard
The Complexities of Cyber Insurance | Cyber Risk Management (telos.com)
Unified Endpoint Management: A Powerful Tool for Your Cyber security Arsenal | CSO Online
GitLab’s new security feature uses AI to explain vulnerabilities to developers | TechCrunch
Google Authenticator finally, mercifully adds account syncing for two-factor codes - The Verge
The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)
Rethinking the effectiveness of current authentication initiatives - Help Net Security
Google will add End-to-End encryption to Google Authenticator (bleepingcomputer.com)
Google 2FA Syncing Feature Could Put Your Privacy at Risk (darkreading.com)
CISOs struggle to manage risk due to DevSecOps inefficiencies - Help Net Security
Generative AI and security: Balancing performance and risk - Help Net Security
CISA aims to reduce email threats with serial CDR prototype | TechTarget
Threat Actor Names Proliferate, Adding Confusion (darkreading.com)
Reports Published in the Last Week
Other News
The threat from commercial cyber proliferation - NCSC.GOV.UK
Hackers could learn how to send fake terror threats on YouTube, warn experts (telegraph.co.uk)
Government launches new cyber security measures to tackle ever growing threats - GOV.UK (www.gov.uk)
Attackers are logging in instead of breaking in - Help Net Security
38 Countries Take Part in NATO's 2023 Locked Shields Cyber Exercise - SecurityWeek
The White House National Cyber security Strategy Has a Fatal Flaw (darkreading.com)
Threat Actor Names Proliferate, Adding Confusion (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 31 March 2023
Black Arrow Cyber Threat Briefing 31 March 2023:
-Phishing Emails Up a Whopping 569% in 2022
-The End User Password Mistakes Putting Your Organisation at Risk
-Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse
-71% of Employees Keep Work Passwords on Personal Devices
-Cyber Crime Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe
-Security Flaws Cost Fifth of Executive’s Businesses
-Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats
-Only 10% of Workers Remember All Their Cyber Security Training
-Silence Gets You Nowhere in a Data Breach
-Just 1% of Cloud Permissions are Actively Used
-Dangerous Misconceptions About Emerging Cyber Threats
-‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Phishing Emails Up a Whopping 569% in 2022
The volume of phishing emails sent in 2022 spiked by a jaw-dropping 569% according to a new report. Based on data from 35 million users, the report details the astronomical rise of email phishing as a tactic among threat actors in 2022. Key findings from the report include the number of credential phishing emails sent spiked by 478% and, for the eighth consecutive year, business email compromise (BEC) ranked as the top cyber crime.
https://www.darkreading.com/attacks-breaches/phishing-emails-up-whopping-569-percent-2022
The End User Password Mistakes Putting Your Organisation at Risk
Businesses rely on their end users, but those same users often don't follow the best security practices. Without the right password security policies, a single end user password mistake can be a costly breach of your organisation's defences. End users want to do their work quickly and efficiently, but sharing, reusing and weak passwords can put your organisation at risk so having the right policies in place is essential for security.
Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse
The risk score for the average company worsened in the past year as companies fail to adapt to data exfiltration techniques and adequately protect web applications. Companies' effective data-exfiltration risk increased to 44 out of 100 (with 100 indicating the riskiest posture) in 2022, from an average score of 30 in the previous year, indicating that the overall risk of data being compromised has increased. That's according to rankings by Cymulate, who crunched data on 1.7 million hours of offensive cyber security testing. The research noted that while many companies are improving the adoption of strict network and group policies, attackers are adapting to sidestep such protections. They also found that four of the top-10 CVEs (known vulnerabilities) identified in customer environments were more than two years old.
https://www.darkreading.com/cloud/millions-pen-tests-companies-security-posture-getting-worse
71% of Employees Keep Work Passwords on Personal Devices
71% of employees store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work, according to a new mobile bring your own device (BYOD) security report this week, with the report also suggesting 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps. With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information. The use of personal devices and personal apps was the direct cause of many high-profile corporate breaches and this is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals as threat actors know there are fewer security controls on personal mobile devices than on corporate ones.
https://www.infosecurity-magazine.com/news/70-employees-keep-work-passwords/
Cyber Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe
More than a year into the war in Ukraine, hackers have extended the cyber battleground to Eastern and Northern Europe with the number of incidents in those geographies spiking noticeably. A new report shows that cyber warfare inside the conflict has “clearly moved on” from the beginnings of the war. Over the last 12 months, the research reports that the majority of incidents only affecting Ukraine in the first quarter of 2022 (50.4%) sank to 28.6% in the third period. But European Union countries have seen a spike in incidents related to the war in the past six months from 9.8% to 46.5%. Indeed, the number of attacks on EU countries in the third quarter of 2022 totalled just slightly less than those in the Ukraine. And, in the first quarter of this year, more than 80% of incidents occurred inside the European Union. Cyber is now a crucial weapon in the arsenal of new instruments of war, alongside disinformation, manipulation of public opinion, economic warfare, sabotage and guerrilla tactics. With the lateralisation of the conflict from Ukraine to the rest of Europe, Western Europe should be wary of possible attacks on critical infrastructure in the short term if the conflict continues to accelerate.
Security Flaws Cost Fifth of Executives New Business
Boards continue to under-appreciate the value of cyber security to the business, despite acknowledging its critical role in winning new business and talent, according to Trend Micro. The security giant polled 2,718 business decision makers globally to compile its Risky Rewards study and it found that half (51%) believe cyber security is a necessary cost but not a revenue contributor. 48% argue that its value is limited to threat prevention and two-fifths (38%) see security as a barrier rather than a business enabler. That’s despite a fifth (19%) acknowledging that poor security posture has already impacted their ability to win new business, and 57% thinking there is a strong connection between cyber and client acquisition.
https://www.infosecurity-magazine.com/news/fifth-execs-security-flaws-cost/
Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats
Insider risk is emerging as one of the most challenging threats for organisations to detect, mitigate and manage, Code42 Software said in its annual Data Exposure Report for 2023. To compile data for the study they surveyed some 700 cyber security leaders, managers and practitioners and whilst more than 72% of companies indicated they have an insider risk management (IRM) program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%. 71% of respondees expect data loss from insider events to increase in the next 12 months. Insider incidents are costing organisations $16 million per incident on average, and chief information security officers (CISOs) say that insider risks are the most challenging type of threat to detect. Data loss from insiders is not a new problem but it has become more complex with workforce turnover and cloud adoption.
Only 10% of Workers Remember All Their Cyber Security Training
New research has found that only 10% of workers remember all their cyber security training. Furthermore, only half of employees are undergoing regular training, and a quarter aren’t receiving any training at all. Organisations should look to carry out effective and regular training that is tailored to their employees to increase the chance of training content being retained, with a programme of ongoing continual reinforcement.
Silence Gets You Nowhere in a Data Breach
In cyber security, the phrase “what they don’t know won’t hurt them” is not only wrong, it’s dangerous. Despite this, it’s a motto that remains in many organisations’ PR playbooks, as demonstrated by the recent LastPass and Fortra data breaches. Smaller companies, too, are employing a silent-treatment approach to data breaches, and cyber attacks are now a fact of doing business with almost half of US organisations having suffered a cyber attack in 2022. Attackers are increasingly targeting smaller businesses due to the fact they are seen as easier targets than large companies.
https://techcrunch.com/2023/03/29/silence-gets-you-nowhere-in-a-data-breach/
Just 1% of Cloud Permissions are Actively Used
According to Microsoft, a surge in workload identities, super admins and “over-permissioning” is driving the increase in cyber risk for organisations. Just 1% of users are using the permissions granted to them for day-to-day work. Worryingly, this leaves a significant number of unnecessary permissions which could be used by an attacker to elevate their privileges.
https://www.infosecurity-magazine.com/news/just-1-of-cloud-permissions-used/
Dangerous Misconceptions About Emerging Cyber Threats
Organisations are leaving common attack paths exposed in their quest to combat emergent threats, according to a new report that delves into the efficacy of different security controls, the most concerning threats as tested by organisations worldwide, and top cyber security best practices for 2023. One of the key findings of the report is that many organisations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats, and whilst this is good, it should not take away from assessing threats and exposures that are more likely actively targeting the business.
https://www.helpnetsecurity.com/2023/03/30/misconceptions-emerging-cyber-threats/
‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
Europol has warned that criminals are set to take advantage of artificial intelligence to commit fraud and other crimes. Europol highlighted that ChatGPT could be used to speed up criminal research, impersonate speech styles for phishing and write code. Furthermore, despite ChatGPT having safeguards, Europol note that these can be circumvented.
https://www.securityweek.com/grim-criminal-abuse-of-chatgpt-is-coming-europol-warns/
Threats
Ransomware, Extortion and Destructive Attacks
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO
Clop Keeps Racking Up Ransomware Victims With GoAnywhere Flaw (darkreading.com)
New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)
Publicly disclosed US ransomware attacks in 2023 | TechTarget
Virgin Group added to Cl0p gang’s victim leak site | Cybernews
New York law firm coughs up $200k after hospital data stolen • The Register
Telecom giant Lumen suffered a ransomware attack-Security Affairs
Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity | Ars Technica
DarkBit puts data from Israel’s Technion university on sale | CSO Online
Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News
Children’s data feared stolen in Fortra ransomware attack | TechCrunch
Phishing & Email Based Attacks
Phishing Emails Up a Whopping 569% in 2022 (darkreading.com)
IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)
These next-level phishing scams use PayPal or Google Docs to steal your data | TechRadar
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)
BEC – Business Email Compromise
BEC scammers are after physical goods, the FBI warns - Help Net Security
Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)
New BEC Tactics Enable Fake Asset Purchases - Infosecurity Magazine (infosecurity-magazine.com)
FBI: Business email compromise tactics used to defraud US vendors (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)
MacStealer macOS malware appears in cyber crime underground--Security Affairs
Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert
Microsoft confirms Defender has gone rogue as it's flagging legit links as malware - Neowin
North Korean malware-spreading, crypto-stealing gang named • The Register
Malware disguised as Tor browser steals $400k in cryptocash • The Register
NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)
Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Realtek and Cacti flaws now actively exploited by malware botnets (bleepingcomputer.com)
AlienFox malware caught in the cloud hen house • The Register
Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)
IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)
Mobile
Android-based banking Trojan Nexus now available as malware-as-a-service | CSO Online
Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)
Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)
Android app from China executed 0-day exploit on millions of devices | Ars Technica
Google again accused of destroying evidence in Android case • The Register
Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)
Samsung keeps ignoring a huge security flaw in millions of Galaxy phones - SamMobile
iOS Vs. Android – Which Is The More Secure Platform? (informationsecuritybuzz.com)
Botnets
Denial of Service/DoS/DDOS
Internet of Things – IoT
Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)
This devious cyber attack can target all your smart speakers without you realizing | TechRadar
Gone in 120 seconds: Tesla Model 3 child's play for hackers • The Register
Data Breaches/Leaks
Fortra told breached companies their data was safe | TechCrunch
Procter & Gamble confirms data theft via GoAnywhere zero-day (bleepingcomputer.com)
New York law firm coughs up $200k after hospital data stolen • The Register
Toyota scrambles to patch customer data leak-Security Affairs
500k Impacted by Data Breach at Debt Buyer NCB - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Malware disguised as Tor browser steals $400k in cryptocash • The Register
NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)
Insider Risk and Insider Threats
Only 10% of workers remember all their cyber security training - IT Security Guru
Data loss from insider events increase despite IRM programs, says study | CSO Online
Stop Blaming the End User for Security Risk (darkreading.com)
Fraud, Scams & Financial Crime
Visa fraud expert outlines the many faces of payment ecosystem fraud - Help Net Security
Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert
Deepfakes
AML/CFT/Sanctions
Insurance
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)
Supply Chain and Third Parties
Hackers compromise 3CX desktop app in a supply chain attack (bleepingcomputer.com)
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)
Cloud/SaaS
Just 1% of Cloud Permissions Are Actively Used - Infosecurity Magazine (infosecurity-magazine.com)
Where SSO Falls Short in Protecting SaaS (thehackernews.com)
CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)
Balancing security risks and innovation potential of shadow IT teams - Help Net Security
AlienFox malware caught in the cloud hen house • The Register
Hybrid/Remote Working
Cyber security focus in second Digital Europe work programme – EURACTIV.com
More companies are watching their remote workers WFH on camera | Fortune
Shadow IT
Identity and Access Management
Encryption
API
Passwords, Credential Stuffing & Brute Force Attacks
The End-User Password Mistakes Putting Your Organisation at Risk (bleepingcomputer.com)
New Research Examines Traffers and the Business of Stolen Credentials - IT Security Guru
Social Media
Training, Education and Awareness
The era of passive cyber security awareness training is over - Help Net Security
Only 10% of workers remember all their cyber security training - IT Security Guru
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
Cyber security vs. Everyone: From Conflict to Collaboration (darkreading.com)
Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)
How cyber security decision-makers perceive cyber resilience - Help Net Security
NCSC issues revised security Board Toolkit for business leaders | Computer Weekly
The CISO Mantra: Get Ready to Do More With Less (darkreading.com)
Models, Frameworks and Standards
Backup and Recovery
Law Enforcement Action and Take Downs
FBI confirms access to Breached cyber crime forum database (bleepingcomputer.com)
UK creates fake DDoS-for-hire sites to identify cyber criminals (bleepingcomputer.com)
Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)
20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison (thehackernews.com)
Privacy, Surveillance and Mass Monitoring
UK Introduces Mass Surveillance With Online Safety Bill - SecurityWeek
FBI Spent Tens of Thousands of Dollars on Bulk Data Collection (gizmodo.com)
Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News
More companies are watching their remote workers WFH on camera | Fortune
Artificial Intelligence
'Grim' Criminal Abuse of ChatGPT is Coming, Europol Warns - SecurityWeek
In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT | WIRED
Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT - SecurityWeek
AI-fuelled search gives more power to the bad guys | CSO Online
Hacker demonstrates security flaws in GPT-4 just one day after launch | VentureBeat
Godfather of AI Says There's a Minor Risk It'll Eliminate Humanity (futurism.com)
Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News
AI has figured out how to draw deepfake hands | The Independent
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Putin and Xi’s plot to control the internet will leave the West in the dust (telegraph.co.uk)
In A Surprise, China-Linked TikTok Grabs Power Norway Needs To Make Ammo (forbes.com)
Cyber crime Front Lines in Russia-Ukraine War Move to Eastern and Northern Europe - MSSP Alert
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
'Bitter' espionage hackers target Chinese nuclear energy orgs (bleepingcomputer.com)
Earth Preta’s Cyber Espionage Campaign Hits Over 200 (trendmicro.com)
Biden White House Issues Executive Order on Commercial Spyware (gizmodo.com)
North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations (thehackernews.com)
Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)
Over 200 Organisations Targeted in Chinese Cyber Espionage Campaign - SecurityWeek
Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits (darkreading.com)
Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Pro-Russian hackers target elected US officials supporting Ukraine | Ars Technica
Russian spies more effective than army, say experts - BBC News
Cyber warfare leaks show Russian army is adopting mindset of secret police | Cyberwar | The Guardian
Nation State Actors
Uncle Sam sent cyber-soldiers to Albania to combat Iran • The Register
Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)
Android app from China executed 0-day exploit on millions of devices | Ars Technica
China urges Apple to improve security and privacy • The Register
North Korean malware-spreading, crypto-stealing gang named • The Register
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Vulnerability Management
What you need before the next vulnerability hits - Help Net Security
Vulnerability management vs. risk management, compared | TechTarget
Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report - SecurityWeek
Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)
Ignoring network automation is a ticking time bomb for security - Help Net Security
Vulnerabilities
Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April - SecurityWeek
Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)
Apple patches everything, including a zero-day fix for iOS 15 users – Naked Security (sophos.com)
QNAP fixed Sudo privilege escalation bug in NAS devices-Security Affairs
Patch Now: Cyber criminals Set Sights on Critical IBM File Transfer Bug (darkreading.com)
Super FabriXss flaw in Microsoft Azure SFX could lead to RCE-Security Affairs
OpenAI quickly fixed account takeover bugs in ChatGPT-Security Affairs
Tools and Controls
Even with defence tools, CISOs say cyber attacks are ‘inevitable’ (techrepublic.com)
The era of passive cyber security awareness training is over - Help Net Security
Only 10% of workers remember all their cyber security training - IT Security Guru
Prioritizing data security amid workforce disruptions - Help Net Security
Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)
For database security it's down to people, not tech fixes • The Register
Known unknowns: Refining your approach to uncategorized web traffic - Help Net Security
Understanding adversaries through dark web intelligence - Help Net Security
Where SSO Falls Short in Protecting SaaS (thehackernews.com)
How Does Data Literacy Enhance Data Security? (darkreading.com)
CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)
With Security Copilot, Microsoft brings the power of AI to cyber defence - Stories
Compare breach and attack simulation vs. penetration testing | TechTarget
Ignoring network automation is a ticking time bomb for security - Help Net Security
Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches | WIRED
Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo (thehackernews.com)
Diagnose your SME’s Cyber security and Scan for Recommendations — ENISA (europa.eu)
Protect your entire business with the right authentication method - Help Net Security
Microsoft Defender is flagging legit URLs as malicious • The Register
Managing security in the cloud through Microsoft Intune | CSO Online
Top 5 SD-WAN Challenges and How to Prepare for Them | TechTarget
Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)
The best defence against cyber threats for lean security teams - Help Net Security
Overcoming obstacles to introduce zero-trust security in established systems - Help Net Security
The foundation of a holistic identity security strategy - Help Net Security
The CISO Mantra: Get Ready to Do More With Less (darkreading.com)
Other News
Hackers changed tactics, went cross-platform in 2022, says Trend Micro | CSO Online
WiFi protocol flaw allows attackers to hijack network traffic (bleepingcomputer.com)
Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)
How CISOs Can Reduce the Danger of Using Data Brokers (darkreading.com)
How Does Data Literacy Enhance Data Security? (darkreading.com)
Microsoft uses carrot and stick with Exchange Online admins • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 September 2022
Black Arrow Cyber Threat Briefing 30 September 2022:
-UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia
-Cyber Criminals See Allure in BEC Attacks Over Ransomware
-Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments
-Global Firms Deal with 51 Security Incidents Each Day
-Phishing Attacks Crushed Records Last Quarter, Driven by Mobile
-Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack?
-Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months
-More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise
-How To Outsmart Increasingly Complex Cyber Attacks
-Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks
-Cyber Threats Top Business Leaders' Biggest Concerns
-Fired Admin Cripples Former Employer's Network Using Old Credentials
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia
The head of the UK National Cyber Security Centre (NCSC) Lindy Cameron has given an update on Russia’s cyber activity amid its war with Ukraine. Her speech at Chatham House last week came just a few days after Ukraine’s military intelligence agency issued a warning that Russia was “preparing massive cyber attacks on the critical infrastructure of Ukraine and its allies.” This coincides with a new Forrester report that reveals the extent to which the cyber impact of the Russia-Ukraine conflict has expanded beyond the conflict zone with malware attacks propagating into European entities.
Addressing Russian cyber activity this year, Cameron stated that, while we have not seen the “cyber-Armageddon” some predicted, there has been a “very significant conflict in cyber space – probably the most sustained and intensive cyber campaign on record – with the Russian State launching a series of major cyber attacks in support of their illegal invasion in February.”
Russian cyber forces from their intelligence and military branches have been busy launching a huge number of attacks in support of immediate military objectives.
Since the start of the year, the NCSC has been advising UK organisations to take a more proactive approach to cyber security in light of the situation in Ukraine. “There may be organisations that are beginning to think ‘is this still necessary?’ as in the UK we haven’t experienced a major incident related to the war in Ukraine. My answer is an emphatic yes,” Cameron said.
In response to significant recent battlefield set-backs, Putin has been reacting in unpredictable ways, and so we shouldn’t assume that just because the conflict has played out in one way to date, it will continue to go the same way, Cameron added. “There is still a real possibility that Russia could change its approach in the cyber domain and take more risks – which could cause more significant impacts in the UK.” UK organisations and their network defenders should therefore be prepared for this period of elevated alert with a focus on building long-term resilience, which is a “marathon not a sprint,” she said.
Cyber Criminals See Allure in BEC Attacks Over Ransomware
While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organisations.
BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17% in the first quarter of 2022. That's according to Arctic Wolf's "1H 2022 Incident Response Insights" report, published on 29 September, which found that specific industries — including financial, insurance, business services, and law firms, as well as government agencies — experienced more than double their previous number of cases, the company said.
Overall, the number of BEC attacks encountered per email box has grown by 84% in the first half of 2022, according to data from cyber security firm Abnormal Security.
Meanwhile, so far this year, threat reports released by organisations have revealed contradictory trends for ransomware. Arctic Wolf and the Identity Theft Resource Center (ITRC) have seen drops in the number of successful ransomware attacks, while business customers seem to be encountering ransomware less often, according to security firm Trellix. At the same time, network security firm WatchGuard had a contrary take, noting that its detection of ransomware attacks skyrocketed 80% in the first quarter of 2022, compared with all of last year.
The surging state of BEC landscape is unsurprising because BEC attacks offer cyber criminals advantages over ransomware. Specifically, BEC gains do not rely on the value of cryptocurrency, and attacks are often more successful at escaping notice while in progress. Threat actors are unfortunately very opportunistic.
For that reason, BEC — which uses social engineering and internal systems to steal funds from businesses — continues to be a stronger source of revenue for cyber criminals. In 2021, BEC attacks accounted for 35%, or $2.4 billion, of the $6.9 billion in potential losses tracked by the FBI's Internet Crime Complaint Center (IC3), while ransomware remained a small fraction (0.7%) of the total.
https://www.darkreading.com/threat-intelligence/cybercriminals-see-allure-bec-attacks-ransomware
Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments
A new survey of 300 ethical hackers provides insight into not only the most common means of initial access, but how a complete end-to-end attack happens.
Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.
The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organisations, with different levels of experience and specialisations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.
The survey highlights the need for organisations to improve their mean time-to-detect and mean-time-to-contain, especially when considering that ethical hackers are restricted in the techniques they're allowed to use during penetration testing or red team engagements. Using black hat techniques, like criminals do, would significantly improve the success rate and speed of attack.
When asked how much time they typically need to identify a weakness in an environment, 57% of the polled hackers indicated ten or fewer hours: 16% responded six to ten hours, 25% three to five hours, 11% one to two hours and 5% less than an hour.
Global Firms Deal with 51 Security Incidents Each Day
Security operations (SecOps) teams are struggling to respond to dozens of cyber security incidents every single day, according to a new report from Trellix.
The security vendor polled 9000 security decision makers from organisations with 500+ employees across 15 markets to compile its latest study, ‘XDR: Redefining the future of cyber security’.
It found that the average SecOps team has to manage 51 incidents per day, with 36% of respondents claiming they deal with 50 to 200 daily incidents. Around half (46%) agreed that they are “inundated by a never-ending stream of cyber-attacks.”
Part of the problem is the siloed nature of security and detection and response systems, the study claimed. Some 60% of respondents argued that poorly integrated products mean teams can’t work efficiently, while a third (34%) admitted they have blind spots. It’s perhaps no surprise, therefore, that 60% admitted they can’t keep pace with the rapid evolution of security threats.
This could be having a major impact on the bottom line. The vast majority (84%) of security decision makers that Trellix spoke to estimated that their organisation lost up to 10% of revenue from security breaches in the past year.
Medium size businesses ($50–$100m in revenue) lost an average of 8% in revenue, versus 5% for large businesses with a turnover of $10bn–$25bn. That could mean hundreds of millions of dollars are being thrown away each year due to inadequate SecOps.
https://www.infosecurity-magazine.com/news/global-firms-51-security-incidents/
Phishing Attacks Crushed Records Last Quarter, Driven by Mobile
Last quarter saw a record-shattering number of observed phishing attacks, fuelled in large part by attempts to target users on their mobile devices.
The latest Anti-Phishing Working Group (APWG) "Phishing Activity Trends Report" for the second quarter of 2022 found 1,097,811 observed phishing attacks, the most the group has ever measured in its history.
The financial sector remained the top target for phishing lures (27.6%), along with other bombarded sectors, including webmail and software-as-a-service providers, social media sites, and cryptocurrency.
But much of the rise in phishing volume is due to a new threat actor focus on mobile devices, specifically vishing (voice phishing) and smishing (SMS phishing) attacks, the report noted.
https://www.darkreading.com/attacks-breaches/phishing-attacks-crushed-records-last-quarter
Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack
According to new data from Databarracks, 44% of the organisations who experienced a ransomware assault paid the demanded ransom. 22% made use of ransomware decryption software, while 34% restored data from backups.
The Databarracks 2022 Data Health Check produced the results. The annual report has been collecting data on ransomware, cyber, backup, disaster recovery, and business continuity from more than 400 UK IT decision-makers since 2008.
From the victim’s standpoint, it’s logical why you may pay a ransom. You are unable to handle orders or provide customer support, and losses mount swiftly. Downtime expenses can easily surpass the ransom.
Organisations may believe that paying the ransom will solve the issue more quickly, allowing them to resume operations as usual. This strategy is faulty for a number of causes.
First of all, there is no assurance that your data will be returned. Second, once criminals know an organisation is an easy target, they frequently attack it again. Finally, it conveys the incorrect message. By paying, you are assisting the crooks by demonstrating that their strategies are effective.
Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to a latest annual report from cyber security specialist Hornetsecurity.
The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with one in five (20%) attacks happening in the last year.
Cyber attacks are happening more frequently. Last year's ransomware survey revealed one in five (21%) companies experienced an attack; this year it rose by three percent to 24%.
Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. The survey shows that many in the IT community have a false sense of security as bad actors develop new techniques.
The 2022 Ransomware Report highlighted a lack of knowledge on the security available to businesses. A quarter (25%) of IT professionals either don't know or don't think that Microsoft 365 data can be impacted by a ransomware attack.
Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.
Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks.
Industry responses showed the widespread lack of preparedness from IT professionals and businesses. There has been an increase in businesses not having a disaster recovery plan in place if they do succumb to the heightened threat of a cyber attack.
In 2021, 16% of respondents reported having no disaster recovery plan in place. In 2022, this grew to 19%, despite the rise in attacks.
More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise
A recent survey from machine identity solutions provider Venafi aimed to explore the complexity of cloud environments and the resulting impact on cyber security.
Venafi surveyed 1,101 security decision makers (SDMs) in firms with more than 1,000 employees and found that eighty-one percent of companies have experienced a cloud security incident in the last year. Forty-five percent have suffered at least four security incidents in the same period. More than half of security decision makers believe that security risks are higher in the cloud than on-premise.
Twenty-four percent of the firms have more than 10,000 employees. Ninety-two percent of the SDMs are at manager level or above, with 49% at c-suite level or higher.
Most of the firms surveyed believe the underlying issue is the increasing complexity of their cloud deployments. Since these companies already host 41% of their applications in the cloud, and expect to increase this to 57% over the next 18 months, the problem is only likely to worsen in the future.
The ripest target of attack in the cloud is identity management, especially machine identities. Each of these cloud services, containers, Kubernetes clusters and microservices needs an authenticated machine identity – such as a TLS certificate – to communicate securely. If any of these identities is compromised or misconfigured, it dramatically increases security and operational risks.
Respondents reported that the most common cloud incidents are security incidents during runtime (34%), unauthorised access (33%), misconfigurations (32%), vulnerabilities that have not been remediated (24%), and failed audits (19%).
Their primary operational concerns are hijacking of accounts, services or traffic (35%), malware or ransomware (31%), privacy/data access issues such as those from GDPR (31%), unauthorised access (28%), and nation state attacks (26%).
https://www.securityweek.com/more-half-security-pros-say-risks-higher-cloud-premise
How To Outsmart Increasingly Complex Cyber Attacks
Threat detection is harder today than it was two years ago. Next year will be harder than this year. Why? It’s a compounding effect from skills shortages and threat varieties that’s making it more challenging for any one product to handle key security wins. And cyber security is a constantly evolving sector with 2022 a devastating year for cyber security. Both hackers and security experts are always in a battle to outsmart each other.
Even for businesses with good IT departments, data protection can too quickly become an afterthought. Today’s threat landscape is growing, not just in the frequency of attacks (and the number of high-profile breaches recorded in the media) but so is the complexity of any given threat. A recent piece of research found that in 93 percent of cases, an external attacker can breach an organisation’s network perimeter and gain access to local network resources. Following increasing levels of cyber-attacks, it’s a case of “not if I will be hit by a ransomware attack,” but “when…” Organisations need to do something to mitigate the risk and protect their businesses, and they need to do it now.
Planning and executing a better defence to outsmart attackers and win more security battles doesn’t have to feel like a military operation – but it does require the right service coverage to remove blind spots and reduce emerging risks before they escalate.
https://informationsecuritybuzz.com/articles/how-to-outsmart-increasingly-complex-cyber-attacks/
Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks
Fortifying cyber security defences remains a work in progress for many organisations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, according to new research from CompTIA.
While a majority of respondents in each of seven geographic regions feels that their company’s cyber security is satisfactory, CompTIA’s “State of Cybersecurity” shows that a much smaller number rank the situation as “completely satisfactory.” Nearly everyone feels that there is room for improvement.
“Companies are aware of the threats they face and the potential consequences of an attack or breach,” said Seth Robinson, VP of industry research, CompTIA. “But they may be underestimating their exposure and how much they need to invest in cyber security. Risk mitigation is the key, the filter through which everything should be viewed.”
Two of the top three issues driving cyber security considerations are the growing volume of cyber criminals, cited by 48% of respondents, and the growing variety of cyber attacks (45%). Additionally, ransomware and phishing have quickly become major areas of concern as digital operations have increased and human error has proven more costly.
“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cyber security, but this poses significant challenges, both tactically and financially,” Robinson said. “As IT operations and strategy have grown more complex, so has the management of cyber security.”
As cyber security is more tightly integrated with business objectives, zero trust is the overarching policy that should be guiding modern efforts, though its adoption will not take place overnight because it requires a drastically different way of thinking and acting. The report suggests there is small progress in recognising a holistic zero trust approach, but better progress in adopting some elements that are part of an overarching zero trust policy.
https://www.helpnetsecurity.com/2022/09/30/top-issues-driving-cybersecurity/
Cyber Threats Top Business Leaders' Biggest Concerns
Cyber threats are the number one concern for business decision makers, beating worries over economic uncertainty, rising energy costs and hiring, according to insurance provider Travelers. The firm polled over 1200 business leaders to compile its 2022 Travelers Risk Index report.
This is the third time in four years that cyber has emerged as the top concern, with more than half (57%) of respondents believing a future cyber-attack on their organisation is inevitable. A quarter (26%) said their company had already been a breach victim, the seventh successive year this figure has risen.
The top two cyber-related concerns were suffering a security breach (57%), and a system glitch causing computers to crash (55%). Becoming a cyber-extortion victim rose from eighth position to third this year.
However, despite general concern about cyber-threats, business decision-makers may also be guilty of overconfidence in their organisation’s security posture.
Nearly all respondents (93%) said they’re confident their company has implemented best practices to prevent or mitigate a cyber event. Yet most have not deployed endpoint detection and response tools (64%), they haven’t conducted a vendor cyber-assessment (59%), and don’t have an incident response plan (53%). Further, while 90% said they’re familiar with multi-factor authentication (MFA), only 52% had implemented it for remote access. This increasingly matters, not only to mitigate cyber-risk but also to reduce insurance premium costs and increase coverage.
Cyber attacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions.
Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber-event.
https://www.infosecurity-magazine.com/news/cyberthreats-top-business-big/
Fired Admin Cripples Former Employer's Network Using Old Credentials
After being laid off, an IT system administrator disrupted the operations of his former employer, a high-profile financial company in Hawaii, hoping to get his job back.
Casey K Umetsu, aged 40, worked as a network admin for the company between 2017 and 2019, when his employer terminated his contract. The US Department of Justice says in a press release that the defendant pled guilty to accessing his former employer's website and making configuration changes to redirect web and email traffic to external computers.
To prolong the business disruption for several more days, Umetsu performed additional actions that essentially locked out the firm's IT team from the website administration panel. In the end, the victimised company learned who was responsible for the sabotage after reporting the cyber security incident to the FBI.
Umetsu is awaiting sentence for his wrongdoings on January 19, 2023. He faces a maximum of 10 years of prison time and a fine of up to $250,000.
While Umetsu's actions are condemnable, the company's security practices cannot be overlooked since Umetsu used credentials that should have been invalidated the moment he got fired.
Threats
Ransomware and Extortion
Ransomware data theft tool may show a shift in extortion tactics (bleepingcomputer.com)
The various ways ransomware impacts your organization - Help Net Security
New Royal Ransomware emerges in multi-million dollar attacks (bleepingcomputer.com)
Research: 20% of All Reported Ransomware Attacks Occurred in the Last 12 Months - MSSP Alert
BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal (thehackernews.com)
Noberus ransomware gets info-stealing upgrades • The Register
SQL Server admins warned to watch for Fargo ransomware • The Register
BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic (darkreading.com)
Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks (bleepingcomputer.com)
NCC Group: IceFire ransomware gang ramping up attacks (techtarget.com)
MS SQL servers are getting hacked to deliver ransomware to orgs - Help Net Security
Hackers Leak French Hospital Patient Data in Ransom Fight | SecurityWeek.Com
Oxford Health: Cyber attack continues to hit NHS trust's services - BBC News
LA School District Ransomware Attackers Now Threaten to Leak Stolen Data (darkreading.com)
Phishing & Email Based Attacks
Fake US govt job offers push Cobalt Strike in phishing attacks (bleepingcomputer.com)
Germany arrests hacker for stealing €4 million via phishing attacks (bleepingcomputer.com)
Capital One Phish Showcases Growing Bank-Brand Targeting Trend (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
How cyber criminals use public online and offline data to target employees | CSO Online
Beware Revolut frozen card scams sent via SMS text • Graham Cluley
IRS warns Americans of massive rise in SMS phishing attacks (bleepingcomputer.com)
Malware
Office exploits continue to spread more than any other category of malware - Help Net Security
This credit card-stealing malware is spreading like wildfire | Digital Trends
Hacking group hides backdoor malware inside Windows logo image (bleepingcomputer.com)
Hackers now sharing cracked Brute Ratel post-exploitation kit online (bleepingcomputer.com)
Cobalt Strike malware campaign targets job seekers (techtarget.com)
New Botnet 'Chaos' Targeting Linux, Windows Systems (informationsecuritybuzz.com)
Malware targets VMware users for espionage, Mandiant says • The Register
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Quantum Builder tool helps criminals spread Windows RATs • The Register
Unit 42 finds polyglot files delivering IcedID malware (techtarget.com)
Hackers use PowerPoint files for 'mouseover' malware delivery (bleepingcomputer.com)
Does AI-powered malware exist in the wild? Not yet (techtarget.com)
New Erbium password-stealing malware spreads as game cracks, cheats (bleepingcomputer.com)
Lazarus APT continues to target job seekers with macOS malware - Security Affairs
APT28 relies on PowerPoint Mouseover to deliver Graphite malware - Security Affairs
Mobile
WhatsApp 0-Day Bug Let Hackers Execute an Arbitary Code Remotely (gbhackers.com)
Adware on Google Play and Apple Store installed 13 million times (bleepingcomputer.com)
Samsung facing class action suit after customer data leak • The Register
Inside a cyber attack method that targets your cellphone - The Washington Post
Internet of Things – IoT
Data Breaches/Leaks
Watchfinder warns customers that hackers stole their data • Graham Cluley
Shangri-La hotels Customer Database Hacked | SecurityWeek.Com
Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme (thehackernews.com)
Australia government wants Optus to pay for data breach | ZDNET
Organised Crime & Criminal Actors
Ukraine Arrests Cyber Crime Group for Selling Data of 30 Million Accounts (thehackernews.com)
New hacking group ‘Metador’ lurking in ISP networks for months (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Scams targeting crypto enthusiasts are becoming increasingly common - Help Net Security
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Cyber sleuth alleges $160M Wintermute hack was an inside job (cointelegraph.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Identities Stolen From 1 In 4 Internet Users (informationsecuritybuzz.com)
Fake Sites Siphon Millions of Dollars in 3-Year Scam (darkreading.com)
Here’s how crooks are using deepfakes to scam your biz • The Register
Deepfakes
Reshaping the Threat Landscape: Deepfake Cyber attacks Are Here (darkreading.com)
The deepfake danger: When it wasn’t you on that Zoom call | CSO Online
Software Supply Chain
Denial of Service DoS/DDoS
Hackers are making DDoS attacks sneakier and harder to protect against | ZDNET
UK's MI5 website briefly hit by denial of service attack - BBC | Reuters
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Cloud/SaaS
Cloud security trends: What makes cloud infrastructure vulnerable to threats? - Help Net Security
81% of Companies Suffered A Cloud Security Incident Last Year – (informationsecuritybuzz.com)
What Lurks in the Shadows of Cloud Security? (darkreading.com)
Open Source
Open source projects under attack, with enterprises as the ultimate targets - Help Net Security
Microsoft: Lazarus hackers are weaponizing open-source software (bleepingcomputer.com)
Numerous orgs hacked after installing weaponized open source apps | Ars Technica
Passwords, Credential Stuffing & Brute Force Attacks
The Country Where You Live Impacts Password Choices (darkreading.com)
Five Steps to Mitigate the Risk of Credential Exposure (thehackernews.com)
Social Media
Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security
Ofcom chair says tech firms must prioritise safety alongside clicks | Ofcom | The Guardian
UK may fine TikTok $29 million for failing to protect children's privacy | Reuters
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows | SecurityWeek.Com
Mystery hackers are “hyperjacking” targets for insidious spying | Ars Technica
Cyber espionage group developed backdoors tailored for VMware ESXi hypervisors | CSO Online
Taiwanese citizens prepare for possible cyber war (axios.com)
Malware targets VMware users for espionage, Mandiant says • The Register
Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange (darkreading.com)
Nation State Actors
Nation State Actors – Russia
Researchers Identify 3 Hacktivist Groups Supporting Russian Interests (thehackernews.com)
APT28 relies on PowerPoint Mouseover to deliver Graphite malware - Security Affairs
Meta dismantles massive Russian network spoofing Western news sites (bleepingcomputer.com)
Nation State Actors – China
Chinese Cyberespionage Group 'Witchetty' Updates Toolset in Recent Attacks | SecurityWeek.Com
China’s infosec researchers may have dodged vuln report ban` • The Register
Nation State Actors – North Korea
Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings (darkreading.com)
Microsoft: Lazarus hackers are weaponizing open-source software (bleepingcomputer.com)
Lazarus APT continues to target job seekers with macOS malware - Security Affairs
Lazarus hackers abuse Dell driver bug using new FudModule rootkit (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerabilities
Exchange Server zero-day being actively exploited • The Register
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet (darkreading.com)
Cisco Patches High-Severity Vulnerabilities in Networking Software | SecurityWeek.Com
Sophos fixes critical code injection bug under exploit • The Register
Zoho ManageEngine flaw is actively exploited, CISA warns | CSO Online
Lazarus hackers abuse Dell driver bug using new FudModule rootkit (bleepingcomputer.com)
Google Quashes 5 High-Severity Bugs With Chrome 106 Update (darkreading.com)
Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely (thehackernews.com)
Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws | WIRED
Reports Published in the Last Week
Other News
High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks | SecurityWeek.Com
Poll Of IT Security Pros Suggests Gaps In UK Cyber Defence (informationsecuritybuzz.com)
Why Organisations Need Both EDR and NDR for Complete Network Protection (thehackernews.com)
Lessons From the GitHub Cyber Security Breach (darkreading.com)
Data security trends: 7 statistics you need to know - Help Net Security
Why does a Legacy WAF Fail to “Catch” Sophisticated Attacks? (informationsecuritybuzz.com)
Akamai finds 13 million malicious newly observed domains a month | SC Media (scmagazine.com)
Opinion | The Uber Hack Exposes More Than Failed Data Security - The New York Times (nytimes.com)
Cyber security Study Sees “Siloed” Security As Organisational Weak Spot - MSSP Alert
3 types of attack paths in Microsoft Active Directory environments - Help Net Security
97% of enterprises say VPNs are prone to cyber attacks: Study | CSO Online
65% of companies are considering adopting VPN alternatives - Help Net Security
Spoofing cyber attack can make cameras see things that aren’t there | New Scientist
Zero Trust is the Goal But Much Ground Yet to Cover, CompTIA Reports - MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 09 September 2022
Black Arrow Cyber Threat Briefing 09 September 2022
-Why It’s Mission-critical That All-sized Businesses Stay Cyber Secure
-Half of Firms Report Supply Chain Ransomware Compromise
-Vulnerability Exploits, Not Phishing, Are the Top Cyber Attack Vector for Initial Compromise
-Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users
-Over 10% of Enterprise IT Assets Found Missing Endpoint Protection
-Some Employees Aren't Just Leaving Companies — They're Defrauding Them
-Ransomware Gangs Switching to New Intermittent Encryption Tactic
-How Posting Personal and Business Photos Can Be a Security Risk
-Your Vendors Are Likely Your Biggest Cyber Security Risk
-A Recent Chinese Hack Is a Wake-up Call for the Security of the World’s Software Supply Chain
-Massive Hotels Group IHG Struck by Cyber Attack Which Disrupts Booking Systems
-London's Biggest Bus Operator Hit by Cyber "Incident"
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Why It’s Mission-Critical That All-Sized Businesses Stay Cyber Secure
A study analysing millions of emails across thousands of companies found that on average, employees of small businesses with less than 100 employees experience 350% more social engineering attacks than employees of larger enterprises. 57% of these are phishing attacks – the most prevalent social engineering attack of 2021.
Add to the mix that the global average cost of a data breach for businesses has skyrocketed. According to IBM Security’s annual Cost of a Data Breach Report, the average global cost is now a phenomenal $4.35 million.
Generally, larger corporations tend to have bigger security budgets, making them less of a target than smaller businesses with lesser budgets, and as such, more attractive to cyber criminals. This means that for small and medium-sized enterprises (SMEs) – with fewer resources and money – protection from cyber-attacks is now a matter of survival.
Ease of attack is not the only reason why criminals attack SMEs either. SMEs are often an entry point to target bigger organisations within the same supply chain. These larger corporations can either be crucial partners, suppliers, or customers, making SMEs prime targets.
But with efficient cyber security measures, every business regardless of size can keep themselves and their network safe.
Half of Firms Report Supply Chain Ransomware Compromise
Over half (52%) of global organisations know a partner that has been compromised by ransomware, yet few are doing anything to improve the security of their supply chain, according to Trend Micro.
The security vendor polled nearly 3,000 IT decision makers across 26 countries to produce its latest report, ‘Everything is connected: Uncovering the ransomware threat from global supply chains’.
It revealed that 90% of global IT leaders believe their partners and customers are making their own organisation a more attractive ransomware target.
That might be down in part to the fact that SMBs comprise a significant chunk of the supply chain for 52% of respondents. The security of SMBs is generally thought to be less effective than protection in larger, better resourced companies.
However, despite their concerns, less than half (47%) of respondents said they share knowledge about ransomware attacks with their suppliers, while a quarter (25%) claimed they don’t share potentially useful threat information with partners.
https://www.infosecurity-magazine.com/news/half-firms-supply-chain-ransomware/
Vulnerability Exploits, Not Phishing, Are the Top Cyber Attack Vector for Initial Compromise
Breaches involving phishing and credential compromise have received a lot of attention in recent years because of how frequently threat actors have employed the tactics in executing both targeted and opportunistic attacks. But that doesn't mean that enterprise organisations can afford to lessen their focus on vulnerability patching one bit.
A report from Kaspersky this week identified more initial intrusions last year resulting from exploitation of vulnerabilities in Internet-facing applications than breaches involving malicious emails and compromised accounts combined. And data that the company has collected through the second quarter of 2022 suggests the same trend might be playing out this year as well.
Kaspersky's analysis of its 2021 incident-response data showed that breaches involving vulnerability exploits surged from 31.5% of all incidents in 2020 to 53.6% in 2021. Over the same period, attacks associated with the use of compromised accounts to gain initial access declined from 31.6% in 2020 to 17.9% last year. Initial intrusions resulting from phishing emails decreased from 23.7% to 14.3% during the same period.
Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users
Uber’s former security officer, Joe Sullivan, is standing trial this week in what is believed to be the first case of an executive facing criminal charges in relation to a data breach.
The US district court in San Francisco will start hearing arguments on whether Sullivan, the former head of security at the ride-share giant, failed to properly disclose a 2016 data breach affecting 57 million Uber riders and drivers around the world.
At a time when reports of ransomware attacks have surged and cyber security insurance premiums have risen, the case could set an important precedent regarding the culpability of US security staffers and executives for the way the companies they work for handle cyber security incidents.
The breach first came to light in November 2017, when Uber’s chief executive, Dara Khosrowshahi, revealed that hackers had gained access to the driver’s licence numbers of 600,000 US Uber drivers as well as the names, email addresses and phone numbers of as many as 57 million Uber riders and drivers.
Public disclosures like Khosrowshahi’s are required by law in many US states, with most regulations mandating that the notification be made “in the most expedient time possible and without unreasonable delay”.
But Khosrowshahi’s announcement came with an admission: a whole year had passed since the information had been breached.
https://www.theguardian.com/technology/2022/sep/06/uber-joe-sullivan-trial-security-data-breach
Over 10% of Enterprise IT Assets Found With Missing Endpoint Protection
More than 10% of enterprise IT assets are missing endpoint protection and roughly 5% are not covered by enterprise patch management solutions.
The figures come from new research by Sevco Security, which the company has compiled in the State of the Cybersecurity Attack Surface report.
"Attackers are very adept at exploiting enterprise vulnerabilities. Security and IT teams already have their hands full mitigating the vulnerabilities that they know about, and our data confirms that this is just the tip of the iceberg," Sevco told Infosecurity Magazine.
The document analyses data aggregated from visibility into more than 500,000 IT assets, and underlines existential and underreported cyber security issues in relation to securing enterprises’ assets.
“The uncertainty of enterprise inventory – the elements that make up an organisation’s cyber security attack surface – upends the foundation of every major security framework and presents a challenge to security teams: it’s impossible to protect what you can’t see,” they said.
For instance, the data found that roughly 3% of all IT assets are “stale” in endpoint protection, while 1% are stale from the perspective of patch management coverage.
https://www.infosecurity-magazine.com/news/enterprise-assets-miss-endpoint/
Some Employees Aren't Just Leaving Companies — They're Defrauding Them
Since the Great Resignation in 2021, millions of employees have left their roles with current employers in search of better ones. According to Microsoft, 40% of employees reported they are considering leaving their current roles by the end of 2022. With many still working in remote or hybrid positions due to the pandemic, larger businesses have started implementing measures to gain a better understanding of employee morale and sentiment to prevent turnover.
While most employees leave companies on good terms, some may become extremely unhappy or disgruntled prior to their departure and are more likely to defraud the company either before leaving or on their way out the door. The unfortunate reality is that no business is immune to fraud, but luckily, there are several steps you can take to prevent it from happening.
According to the Cressey Fraud Triangle, fraudulent behaviour often occurs due to three contributing factors. These include pressure or motive to commit a fraud (usually a personal financial problem), perceived opportunity within the organisation to commit a fraud (poor oversight or internal controls), and rationalisation (the ability to justify the crime to make it seem acceptable).
Very often, a fraudster needs all three sides of the triangle to successfully commit a crime. Therefore, it is extremely important for organisations to do their best to create controls and understand the risk associated with each of these areas. For example, an employee may be disgruntled and also have personal financial issues. However, if internal controls are robust and the employee doesn't have access to financial instruments, valuable assets or software systems, their ability to defraud the company is extremely limited or will get identified immediately.
Ransomware Gangs Switching to New Intermittent Encryption Tactic
A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims' systems faster while reducing the chances of being detected and stopped.
This tactic is called intermittent encryption, and it consists of encrypting only parts of the targeted files' content, which would still render the data unrecoverable without using a valid decryption key.
For example, by skipping every other 16 bytes of a file, the encryption process takes almost half of the time required for full encryption but still locks the contents for good.
Additionally, because the encryption is milder, automated detection tools that rely on detecting signs of trouble in the form of intense file IO operations are more likely to fail.
SentinelLabs has posted a report examining a trend started by LockFile in mid-2021 and now adopted by the likes of Black Basta, ALPHV (BlackCat), PLAY, Agenda, and Qyick.
These groups actively promote the presence of intermittent encryption features in their ransomware family to entice affiliates to join the RaaS operation.
"Notably, Qyick features intermittent encryption, which is what the cool kids are using as you read this. Combined with the fact that is written in Go, the speed is unmatched," describes a Qyick advertisement on hacking forums.
How Posting Personal and Business Photos Can Be a Security Risk
Image geotags, metadata, and location information can allow competitors, cyber criminals, and even nation-state threat actors to gain knowledge they can use against organisations.
Marketers in every industry enjoy evidencing their reach to their superiors and providing tangible examples of their width and breadth of influence via social networks, media, and other means of engagement. Photos of both customers and employees engaging at hosted social events, trade shows, conferences, and direct one-on-one encounters are often viewed as gold. Couple this with the individual employee’s or customer’s photos working their way onto social network platforms for others to see and admire, and the value of that gold increases, success being quantified by impressions, views and individual engagements.
The value of that gold doubles when not only does the company harvest data and call it a success, but their competitors also analyse such photos capturing a plethora of useful data points, including geotagged data, metadata of the photo, and identity of the individuals caught in the frame. They, too, call it a success. Yes, the digital engagement involving location data and or location hints within photos is a double-edged sword.
It isn’t just competitors who harvest the data. Criminal elements and nation-state intelligence and security elements do as well. Francis Bacon’s adage, “Knowledge itself is power,” applies. With location, time and place, and identity, competitors, criminals, and nation-states are given their initial tidbits of openly acquired information from which to begin to build their mosaic.
Your Vendors Are Likely Your Biggest Cyber Security Risk
As speed of business increases, more and more organisations are looking to either buy companies or outsource more services to gain market advantage. With organisations expanding their vendor base, there is a critical need for holistic third-party risk management (TPRM) and comprehensive cyber security measures to assess how much risk vendors pose.
While organisations assess and manage risk on a multitude of layers, none present bigger threats to business resiliency than third-party risk and a lack of robust cyber security controls. Breaches and service interruptions tied to these risk areas have brought down critical systems of major organisations. In 2021, 53% of CISOs surveyed by Black Kite reported being hit by at least one ransomware attack.
It bears repeating: Cyber security and third-party risk are the two biggest problems facing your long-term viability. Businesses need to be able to tackle these risk vectors individually to gain a complete view of their risk profile. A cross-functional process is essential to managing the overlap between these risk areas to better protect your organisation and increase workflow efficiency.
Ensuring that the cyber security practices of your vendors align with your organisation’s standards is critical to safeguarding your systems and data. In fact, it is just as important as how stable the business is or how well it delivers products and services.
https://www.helpnetsecurity.com/2022/09/05/vendors-cybersecurity-risk/
A Recent Chinese Hack Is a Wake-up Call for the Security of the World’s Software Supply Chain
It’s perhaps only a coincidence that there’s a famous Chinese saying ‘No one knows, not even the ghosts’ that neatly summarises a recent hack on MiMi, a Chinese messaging app. According to recent reports, a Chinese state-backed hacking group inserted malicious code into this messaging app, essentially pulling off the equivalent of the infamous SolarWinds hack. Users of MiMi were served a version of the app with malicious code added, thanks to attackers taking control of the servers that delivered the app. In short, this was a software supply chain attack in which the software delivery pipeline was compromised.
Observers could be forgiven for thinking that this is just another hack. Chinese hacking groups, and those of Western countries too, have developed a reputation over the past two decades for spying, surveillance, and sabotage. But this attack is different than typical hacking fare because the attackers rode in on the back of a trusted piece of software. This is a software supply chain attack, where the attackers tamper with either source code, the software build system, or the software publishing pipeline, all of which have become essential to the functioning of the world’s digital economy.
Software supply chain attacks have been rapidly growing in frequency. Twenty years ago, there might have been one or two a year. These days, depending on the methodology, there are either hundreds or thousands a year, and that’s only counting the reported attacks. And increasingly anybody who depends upon software (read: everybody) is or shortly will be a victim: the U.S. government, Microsoft, thousands of other companies and, apparently in this MiMi attack, individuals.
Massive Hotels Group IHG Struck by Cyber Attack Which Disrupts Booking Systems
InterContinental Hotels Group (IHG), which owns brands such as InterContinental, Crowne Plaza, Holiday Inn, and many others, has had its IT systems breached by malicious hackers.
In a filing with the London Stock Exchange, the multinational hospitality company reported that "parts of the company's technology systems have been subject to unauthorised activity."
As a result, the company said, "IHG's booking channels and other applications have been significantly disrupted since [Monday], and this is ongoing."
The first indication that the company was experiencing problems appeared early on Monday morning UK time, when anyone who tried to book a hotel room via the company's website or app, or access their IHG One Rewards account was greeted by a maintenance message.
Although it has made no declaration regarding the nature of the security breach, in its filing with the London Stock Exchange, IHG mentioned they were "working to fully restore all systems". This would fit into the scenario of IHG having hit been hit with ransomware, which may not only have encrypted data - locking the company out of its systems and demanding a ransom be paid - but could have also caused even more problems.
London's Biggest Bus Operator Hit by Cyber "Incident"
Travellers in London were braced for more delays last week after the city’s largest bus operator revealed it has been hit by a “cyber security incident,” according to reports.
Newcastle-based transportation group Go-Ahead shared a statement with the London Stock Exchange indicating “unauthorised activity” had been discovered on its network yesterday.
“Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans,” it stated. “Go-Ahead will continue to assess the potential impact of the incident but confirms that there is no impact on UK or International rail services which are operating normally.”
However, the same may not be true of its bus services. Sky News reported that bus and driver rosters may have been impacted by the attack, which could disrupt operations.
Go-Ahead operates multiple services in the South, South West, London, North West, East Anglia, East Yorkshire and its native North East. It is London’s largest bus company, operating over 2400 buses in the capital and employing more than 7000 staff.
https://www.infosecurity-magazine.com/news/londons-biggest-bus-operator-hit/
Threats
Ransomware and Extortion
Interpol dismantles sextortion ring, warns of increased attacks (bleepingcomputer.com)
Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa (trendmicro.com)
Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks (thehackernews.com)
How to Improve Mean Time to Detect for Ransomware | SecurityWeek.Com
Google: Former Conti ransomware members attacking Ukraine (techtarget.com)
Hackers Are Using NASA Telescope Images To Push Ransomware (informationsecuritybuzz.com)
Ransomware gang's Cobalt Strike servers DDoSed with anti-Russia messages (bleepingcomputer.com)
Everything You Need To Know About BlackCat (AlphaV) (darkreading.com)
Microsoft: Iranian hackers encrypt Windows systems using BitLocker (bleepingcomputer.com)
Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group (thehackernews.com)
Clarion Housing: Anger over landlord silence since cyber attack - BBC News
New Ransomware Hits Windows, Linux Servers Of Chile Govt Agency (informationsecuritybuzz.com)
QNAP warns new Deadbolt ransomware attacks exploiting 0day - Security Affairs
Second largest U.S. school district LAUSD hit by ransomware (bleepingcomputer.com)
Windows Defender identified Chromium, Electron apps as Hive Ransomware - Security Affairs
Phishing & Email Based Attacks
EvilProxy Commodifies Reverse-Proxy Tactic for Phishing, Bypassing 2FA (darkreading.com)
Criminals harvest users' PI by impersonating popular brands - Help Net Security
Lampion malware returns in phishing attacks abusing WeTransfer (bleepingcomputer.com)
A new phishing scam targets American Express cardholders - Security Affairs
EvilProxy phishing-as-a-service with MFA bypass emerged on the dark web - Help Net Security
GIFShell attack creates reverse shell using Microsoft Teams GIFs (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
Cyber criminals targeting Minecraft fans with malware • The Register
Next-Gen Linux Malware Takes Over Devices With Unique Tool Set (darkreading.com)
TeslaGun Primed to Blast a New Wave of Backdoor Cyber attacks (darkreading.com)
New Linux malware evades detection using multi-stage deployment (bleepingcomputer.com)
Bumblebee malware adds post-exploitation tool for stealthy infections (bleepingcomputer.com)
North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (thehackernews.com)
Mobile
Internet of Things – IoT
Data Breaches/Leaks
NATO docs sold on darkweb after they were stolen from Portugal - Security Affairs
Criminals claim they've stolen NATO missile plans • The Register
TikTok denies data breach following leak of user data - Security Affairs
IRS mistakenly published confidential info for roughly 120K taxpayers - Security Affairs
Samsung US Says Customer Data Compromised in July Data Breach | SecurityWeek.Com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Scammers live-streamed on YouTube a fake Apple crypto event - Security Affairs
FBI: Crooks are using these DeFi flaws to steal your money | ZDNET
Feds freeze $30m in cryptocurrency stolen from Axie Infinity • The Register
Fraud, Scams & Financial Crime
62% of consumers see fraud as an inevitable risk of online shopping - Help Net Security
Islanders in Jersey lose nearly £400,000 to romance fraud | ITV News Channel
The Advantages of Threat Intelligence for Combating Fraud | SecurityWeek.Com
AML/CFT/Sanctions
UK forces crypto exchanges to report suspected sanction breaches | Cryptocurrencies | The Guardian
US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyber attack - Security Affairs
Insurance
Supply Chain and Third Parties
Supply chain risk is a top security priority as confidence in partners wanes - Help Net Security
KeyBank: Hackers of third-party provider stole customer data | The Seattle Times
Government guide for supply chain security: The good, the bad and the ugly - Help Net Security
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
Defenders Be Prepared: Cyber attacks Surge Against Linux Amid Cloud Migration (darkreading.com)
Hybrid Cloud Security Challenges & Solutions (trendmicro.com)
Identity and Access Management
Encryption
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Are Default Passwords Hiding in Your Active Directory? Here's how to check (bleepingcomputer.com)
200,000 North Face accounts hacked in credential stuffing attack (bleepingcomputer.com)
Social Media
TikTok denies security breach after hackers leak user data, source code (bleepingcomputer.com)
Facebook Engineers Admit They Don’t Know What They Do With Your Data (vice.com)
Privacy
Parental Controls and Child Safety
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Google Details Recent Ukraine Cyber attacks | SecurityWeek.Com
Ukraine dismantles more bot farms spreading Russian disinformation (bleepingcomputer.com)
Ukraine is under attack by hacking tools repurposed from Conti cyber crime group | Ars Technica
Newly discovered cyber spy group targets Asia • The Register
New Iranian hacking group APT42 deploys custom Android spyware (bleepingcomputer.com)
Israeli Defence Minister's Cleaner Sentenced for Spying Attempt | SecurityWeek.Com
Researchers Find New Android Spyware Campaign Targeting Uyghur Community (thehackernews.com)
Anonymous hacked Yandex taxi causing a traffic jam in Moscow - Security Affairs
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
Nation State Actors – North Korea
North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (thehackernews.com)
North Korea's Lazarus Targets Energy Firms With Three RATs | SecurityWeek.Com
Nation State Actors – Iran
Microsoft: Iranian hackers encrypt Windows systems using BitLocker (bleepingcomputer.com)
UK condemns Iran for reckless cyber attack against Albania - GOV.UK (www.gov.uk)
US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyber attack - Security Affairs
NATO Condemns Alleged Iranian Cyber attack on Albania | SecurityWeek.Com
New Iranian hacking group APT42 deploys custom Android spyware (bleepingcomputer.com)
Microsoft investigates Iranian attacks against the Albanian government - Microsoft Security Blog
Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group (thehackernews.com)
Nation State Actors – Misc
Vulnerabilities
CISA adds 12 new flaws to Known Exploited Vulnerabilities Catalog - Security Affairs
September 2022 Patch Tuesday forecast: No sign of cooling off - Help Net Security
High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP - Help Net Security
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts (thehackernews.com)
Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities (thehackernews.com)
Cisco won’t fix authentication bypass zero-day in EoL routers (bleepingcomputer.com)
Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released (thehackernews.com)
Chrome and Edge fix zero-day security hole – update now! – Naked Security (sophos.com)
Google Patches Sixth Chrome Zero-Day of 2022 | SecurityWeek.Com
QNAP patches zero-day used in new Deadbolt ransomware attacks (bleepingcomputer.com)
HP fixes severe bug in pre-installed Support Assistant tool (bleepingcomputer.com)
Other News
The Heartbleed bug: How a flaw in OpenSSL caused a security crisis | CSO Online
Cyber Security - the More Things Change, the More They Are The Same | SecurityWeek.Com
CISOs say stress and burnout are their top personal risks (cnbc.com)
How to deal with unprecedented levels of regulatory change - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.