Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

66 Percent of Businesses Don't Understand Their Cyber Risks

A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.

83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.

Source: [Beta News]

Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.

The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.

Sources [Data Breaches] [UKAuthority]

Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.

As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.

Sources [Dark Reading] [The Record] [Security Magazine]

Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.

There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.

Source: [Law.com]

58% of Malicious Emails Contained Spoofed Content

According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.

The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.

Source: [Security Magazine]

Cyber Attacks Remain a Top Concern for Organisations Across All Industries

Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.

With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.

Source: [Business Wire]

BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.

The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.

Source: [Infosecurity Magazine]

13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.

It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.

Source: [Security Magazine]

Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.

Source: [The Hacker News]

Kroll’s Breach Highlights SIM-Swapping Risk

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.

In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.

Source [Dark Reading]

Reducing The Risk of AI, What Can You Do?

Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.

Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.

Sources: [CSO Online] [UKTech News]

Debunking Popular Cyber Security Myths

At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?

When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.

So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.

Sources: [Forbes] [Trend Micro]

3 Malware Loaders Responsible for 80% of Intrusions

Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.

Sources: [The Register] [Infosecurity Magazine]

MOVEit Hack Shows Attackers Still Use Old Tricks

SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.

The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?

Source: [Dark Reading]

Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.

In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.

Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.

Source: [Ars Technica]

Governance, Risk and Compliance

• Cyber Attacks and Other Threats Remain a Top Concern for Organisations Across All Industries, Finds InformationWeek’s State of Cyber Risk and Resiliency Report | Business Wire

• 66 percent of businesses don't understand their cyber risks (betanews.com)

• Survey of In-House Counsel Finds Cyber Anxiety Skyrocketing | Law.com

• Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report (thehackernews.com)

• SEC Probe Targets SolarWinds Executives - DevX

• Cyber Security Enters Conversation About Executive Pay - WSJ

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• How international cyber security frameworks can help CISOs | CSO Online

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• SEC cyber attack regulations prompt 10 questions for CISOs | TechTarget

• Should Senior IT Professionals Be Accountable for Professional Decisions? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 80% of organisations expect ransomware spending to increase | Security Magazine

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• MOVEit Was a SQL Injection Accident Waiting to Happen (darkreading.com)

• Nearly 1,000 Organisations, 60 Million Individuals Impacted by MOVEit Hack - SecurityWeek

• Ransomware With an Identity Crisis Targets Small Businesses, Individuals (darkreading.com)

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

• LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants (thehackernews.com)

• Deconstructing ransomware, cyber criminals and their modus operandi | TechRadar

• Ransomware Evolution: Smaller Actors, Bigger Impact (govinfosecurity.com)

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Making Sense of Ransomware Attack Statistics in 2023 | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Should Companies Pay After Ransomware Attacks? Is It Illegal? (techtarget.com)

• How Ransomware Groups Respond to External Pressure (inforisktoday.com)

• Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat (trellix.com)

• Rackspace Faces Massive Cleanup Costs After Ransomware Attack (darkreading.com)

• EDITORIAL | Time to Cut Off North Korea from Funding Sources for its Missiles | JAPAN Forward (japan-forward.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

• 8 Types of Ransomware: Examples of Past and Current Attacks (techtarget.com)

• Black Basta Besting Your Network? (securityintelligence.com)

Ransomware Victims

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• St Helens Council still dealing with suspected cyber-attack - BBC News

• Rhysida claims ransomware attack on Prospect Medical, threatens to sell data (bleepingcomputer.com)

• University of Michigan shuts down network after cyber attack (bleepingcomputer.com)

• Social Security Numbers leaked in ransomware attack on Ohio History Connection (malwarebytes.com)

Phishing & Email Based Attacks

• Phishing as a service continues to plague business users - SiliconANGLE

• 58% of malicious emails contained spoof content | Security Magazine

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

• Top 5 most abused brands by hackers

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (thehackernews.com)

• Spain warns of LockBit Locker ransomware phishing attacks (bleepingcomputer.com)

• US govt email servers hacked in Barracuda zero-day attacks (bleepingcomputer.com)

• QR Code' Surge in Popularity Brings Along a Rise in QR-Linked Phishing Scams | Metaverse Post (mpost.io)

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• How to Spot Phishing Emails & Tips to Avoid Them | Proofpoint US

Other Social Engineering; Smishing, Vishing, etc

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - SecurityWeek

Artificial Intelligence

• Cyber security agency gives AI chatbot warning (uktech.news)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• IT leaders alarmed by generative AI's SaaS security implications - Help Net Security

• Is Bias in AI Algorithms a Threat to Cloud Security? (darkreading.com)

• Shifting Cyber Security: The Impact and Implications of LLMs (inforisktoday.com)

• Vendors Training AI With Customer Data is an Enterprise Risk (darkreading.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• Hacking the future: Notes from DEF CON’s Generative Red Team Challenge | CSO Online

• Building cyber resilience in an age of AI (betanews.com)

• How to minimize data risk for generative AI and LLMs in the enterprise | VentureBeat

• Google launches tool to identify AI-generated images - Help Net Security

2FA/MFA

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

AITM/MITM

• Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platform - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• These 3 loaders were behind 80% of intrusions this year • The Register

• 20+ Malware Statistics You Need to Know in 2023 (techreport.com)

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• 'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds (darkreading.com)

• Infamous Raccoon Stealer Malware Returns - DevX

• Top 3 Malware Threatening Businesses in Q2 2023 (cybersecuritynews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research (darkreading.com)

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• Japan's JPCERT warns of new 'MalDoc in PDF' attack technique (securityaffairs.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates (thehackernews.com)

• Hackers are now hiding malicious Word documents in PDFs — how to stay safe | Tom's Guide (tomsguide.com)

• DreamBus malware exploits RocketMQ flaw to infect servers (bleepingcomputer.com)

• Kaspersky malware report for Q2 2023 | Securelist

• Microsoft is using malware-like pop-ups in Windows 11 to get people to ditch Google - The Verge

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

• SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations (thehackernews.com)

• Battling malware in the industrial supply chain

Mobile

• Kroll's Crypto Breach Highlights SIM-Swapping Risk (darkreading.com)

• This new Android malware can unlock your phone and drain your bank accounts | Tom's Guide (tomsguide.com)

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Is Mobile Hacking Still a Big Threat in 2023? (makeuseof.com)

• New Android MMRat malware uses Protobuf protocol to steal your data (bleepingcomputer.com)

• What Are Overlay Attacks? How Do You Protect Against Them? (makeuseof.com)

• New Android Banking Trojan Targets Southeast Asia Region (inforisktoday.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

• 8 Ways To Boost Your Android Phone's Security (slashgear.com)

Botnets

• Online exclusive: Rise of the botnets (securitymiddleeastmag.com)

Denial of Service/DoS/DDOS

• DDoS attacks rise 40% in Q2 2023, affecting banks, gaming & e-commerce | Security Magazine

BYOD

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• The power of passive OS fingerprinting for accurate IoT device identification - Help Net Security

Data Breaches/Leaks

• Metropolitan Police reports supplier cyber breach | UKAuthority

• UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach (databreaches.net)

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• American Express admits APAC employees' data leak, blames a third-party payroll service

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Leaseweb is restoring ‘critical’ systems after security breach (bleepingcomputer.com)

• French employment agency Pôle emploi data breach impacted 10M peopleSecurity Affairs

• Mom’s Meals discloses data breach impacting 1.2 million people (bleepingcomputer.com)

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - Security Week

• Paramount discloses data breach following security incident (bleepingcomputer.com)

• Another data breach at Forever 21 leaks details of 500,000 current and former employees (bitdefender.com)

• Cost of a data breach 2023: Financial industry impacts (securityintelligence.com)

Organised Crime & Criminal Actors

• Moscow helping cyber criminals operate with 'near impunity': report | The Province

• Hacking gangs launch cyber crime syndicate the Five Families (techmonitor.ai)

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• ‘Billion Dollar Heist’: The Wild Story That Should Have Us All Petrified (thedailybeast.com)

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: UN treaty creates 'ideal conditions' for cyber crime (telecomstechnews.com)

• Cyber Criminals use research contests to create new attack methods - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kroll data breach exposes info of FTX, BlockFi, Genesis creditors (bleepingcomputer.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

Fraud, Scams & Financial Crime

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Classiscam Spreads: $64.5M Scheme Targets 79 Countries - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• Top 5 most abused brands by hackers

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Deepfakes

• 4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught (darkreading.com)

Insurance

• Insurers End Tussle Over Ransomware Attack Coverage - Law360 UK

• Delinea Research Reveals a Cyber Insurance Gap (darkreading.com)

• Understand the fine print of your cyber insurance policies - Help Net Security

Supply Chain and Third Parties

• American Express admits APAC employees' data leak, blames a third-party payroll service

• Met should thoroughly investigate cyber security practices, say experts | Evening Standard

Cloud/SaaS

• CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security | TechTarget

• Better SaaS Security Goes Beyond Procurement (darkreading.com)

• How to secure your cloud-based business without cloud-security expertise - Partner Content - Security - iTnews

• Experts Uncover How Cyber Criminals Could Exploit Microsoft Entra ID for Elevated Privilege (thehackernews.com)

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

Hybrid/Remote Working

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

Identity and Access Management

• The Rising Tide of Identity-Based Attacks - GovInfoSecurity

Encryption

• Quantum threats loom in Gartner's 2023 Hype Cycle for data security | VentureBeat

• How Quantum Computing Will Impact Cyber Security - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Four common password mistakes hackers love to exploit (bleepingcomputer.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

Biometrics

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Elon Musk's X to collect biometric data, work and school history - The Japan Times

• Home Office and MoD seeking new facial-recognition tech | Computer Weekly

Social Media

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• How the EU Digital Services Act affects Facebook, Google and others | Technology sector | The Guardian

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• X Plans to Collect Biometric Data, Job and School History (1) (bloomberglaw.com)

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Hackers Are Selling Hacked Police Emails to Try to Grab Personal Data From TikTok, Facebook (404media.co)

Training, Education and Awareness

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• Cyber awareness education is a change-management initiative | CSO Online

Cyber Bullying, Cyber Stalking and Sextortion

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• SEC Probe Targets SolarWinds Executives - DevX

• New law could turn UK into a hacker's playground | Computerworld

• Changes to UK Surveillance Regime May Violate International Law (justsecurity.org)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

• SEC’s New Cyber Security Rule—Including Key Disclosure Requirements | Smith Gambrell Russell - JDSupra

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

Models, Frameworks and Standards

• What are the Cyber Security Standards of Basel III? | UpGuard

• Best practices for MITRE ATT&CK(R) mapping. (thecyberwire.com)

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• How international cyber security frameworks can help CISOs | CSO Online

Data Protection

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• Are you properly protecting your employees' personal information? | Burr & Forman - JDSupra

• Data Protection: One of These Incidents Is Not Like the Other | Troutman Pepper - JDSupra

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

Careers, Working in Cyber and Information Security

• Addressing Cyber Security's Talent Shortage & Its Impact on CISOs (darkreading.com)

• Unfilled Cyber Security Positions Threaten the Future of Businesses Everywhere | Inc.com

• How the Talent Shortage Impacts Cyber Security Leadership (securityintelligence.com)

Law Enforcement Action and Take Downs

• Two Men Arrested Following Poland Railway Hacking - Security Week

Privacy, Surveillance and Mass Monitoring

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Expert shares stark safety warning over Twitter updates | Tech News | Metro News

Misinformation, Disinformation and Propaganda

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• 'Five Eyes' nations release technical details of Sandworm malware 'Infamous Chisel' | CyberScoop

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

• NCSC, SBU reveal overt Russian cyber campaign as cyber war continues to evolve | ITPro

• Czech banks hit by Russian cyber attacks – EURACTIV.com

• Cyber security experts lament west’s failure to learn lessons from Ukraine | Financial Times (ft.com)

• Russian 'hybrid' war threatens NATO's eastern flank, Poles warn - Washington Times

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Russian APT Intensifies Cyber Espionage Activities - Infosecurity Magazine (infosecurity-magazine.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

China

• Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica

• China-Based APT Flies Under Radar in Espionage Attacks | Decipher (duo.com)

• China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors (thehackernews.com)

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Almost a third of compromised Barracuda ESGs were govt owned • The Register

• James Cleverly's China cyber security talks unlikely to spur change (techmonitor.ai)

• Japan’s cyber security agency suffers months-long breach | Financial Times (ft.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

North Korea

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• North Korea’s Lazarus Group hits organisations with two new RATs | CSO Online

• Lazarus Group Debuts Tiny Trojan for Espionage Attacks (databreachtoday.co.uk)

• Cyber Scams Keep North Korean Missiles Flying – Analysis – Eurasia Review

• North Korea’s Lazarus hackers behind recent crypto heists: FBI (therecord.media)

• North Korean hackers behind malicious VMConnect PyPI campaign (bleepingcomputer.com)

Vulnerability Management

• New law could turn UK into a hacker's playground | Computerworld

• 40% of Log4j Downloads Still Vulnerable (securityintelligence.com)

• How did Clop get its hands on the MOVEit zero day? (therecord.media)

Vulnerabilities

• Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks (thehackernews.com)

• Microsoft Teams attack exposes collab platform security gaps | TechTarget

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica

• CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• Exploit released for Juniper firewall bugs allowing RCE attacks (bleepingcomputer.com)

• Google Chrome 116's second point update addresses a security issue - gHacks Tech News

• Forminator WordPress Plugin Vulnerability Affects Up To 400,000+ Websites (searchenginejournal.com)

• Threat actors started exploiting Juniper flaws shortly after PoC release (securityaffairs.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence - Security Week

• This WordPress plugin with 5 million users could have a serious security flaw | TechRadar

• Cyber Attackers Swarm OpenFire Cloud Servers With Takeover Barrage (darkreading.com)

Tools and Controls

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

• Enterprise dark web monitoring: Why it's worth the investment | TechTarget

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• Here's What Your Breach Response Plan Might Be Missing (darkreading.com)

• The Middleware Threats to Microsoft's Monopoly | HackerNoon

• Why Traditional Firewalls Are Not Adequate for Your Network Security (makeuseof.com)

• Combining EPP and EDR tools can boost your endpoint security (securityintelligence.com)

• Automated Threat Hunting: AI Helps Spot Shady Network Activity (readwrite.com)

• Detecting the Undetected: The Risk to Your Info (securityintelligence.com)

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Other News

• Cyber attacks reveal threat to democracy (ukdefencejournal.org.uk)

• Hackers Use $30 Gear To Bring Poland's Railways To A Grinding Halt

• When lives rely on equipment, cyber security is essential | Healthcare IT News

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Rising cyber incidents challenge healthcare organisations - Help Net Security

• Updated Best Practice Playbook for Healthcare Cyber Threats (inforisktoday.com)

• Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success (thehackernews.com)

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• 69% of educational organisations suffered cyber attack in the past year - Netwrix survey

• Claroty's 2023 Global Healthcare Cyber Security Study Exposes Widespread Vulnerabilities And Impact (informationsecuritybuzz.com)

• Out-Of-Office: How To Ensure Cyber Security During Vulnerable Periods (forbes.com)

• Debunking The Top Five Cyber Security Myths (forbes.com)

• Manufacturing firms hit by the worst encryption rate in three years (manufacturing-today.com)

• Cyber Attacks Targeting E-commerce Applications (thehackernews.com)

• Industrial networks need better security as attacks gain scale | ZDNET

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian

British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.

UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.

Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.

The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.

https://www.telegraph.co.uk/business/2023/02/09/companies-banned-paying-hackers-attacks-royal-mail-guardian/

• Fraud Set to Be Upgraded as a Threat to National Security

Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.

It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.

It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.

https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/

• 98% of Attacks are Not Reported by Employees to their Employers

Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.

https://www.msspalert.com/cybersecurity-research/employees-fail-to-report-98-of-email-cyber-hacks-to-security-teams-study-finds/

• UK Second Most Targeted Nation Behind America for Ransomware

Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.

https://www.itsecurityguru.org/2023/02/07/uk-second-most-targeted-nation-behind-america-for-ransomware/

• Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.

https://www.darkreading.com/attacks-breaches/financial-institutions-are-suffering-from-increasingly-sophisticated-cyberattacks-according-to-contrast-security

• An Email Attack Can End Up Costing You Over $1 Million

According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.

https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/

• Cyber Crime Shows No Signs of Slowing Down

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.

https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down

• Surge of Swatting Attacks Targets Corporate Executive and Board Members

Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.

https://www.csoonline.com/article/3687177/surge-of-swatting-attacks-targets-corporate-executives-and-board-members.html#tk.rss_news

• Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.

https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead

• Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.

https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks

• Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.

https://www.cnbc.com/2023/02/04/crypto-investors-lost-nearly-4-billion-dollars-to-hackers-in-2022.html

• PayPal and Twitter Abused in Turkey Relief Donation Scams

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.

https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/

• Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.

https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/

Threats

Ransomware, Extortion and Destructive Attacks

• UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online

• US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek

• Bitcoin-demanding cyber criminals use bug from 2021 to initiate global ransomware attack  | TechCrunch

• UK second most targeted nation behind America for Ransomware - IT Security Guru

• Hackers who breached ION say ransom paid; company declines comment | Reuters

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)

• Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (bleepingcomputer.com)

• Royal Ransomware adds support for encrypting Linux, VMware ESXi systems-security affairs

• Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualisation Risks (darkreading.com)

• Lessons Learned on Ransomware Prevention from the Rackspace Attack (bleepingcomputer.com)

• ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek

• Ransomware Revolution: 4 Types of Cyber Risks in 2023 (trendmicro.com)

• Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget

• Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)

• Nevada Ransomware has released upgraded locker - Help Net Security

• Italy, France and Singapore Warn of a Spike in ESXI Ransomware-security affairs

• Massive ransomware attack targets VMware ESXi servers worldwide | CSO Online

• Major Florida Hospital Shuts Down Networks, Ransomware Attack Suspected - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware gang claims Royal Mail cyber ttack (bleepingcomputer.com)

• Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)

• New Linux variant of Clop Ransomware uses a flawed encryption-security affairs

• After Hive takedown, could the LockBit ransomware crew be the next to fall? | CyberScoop

• Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack (gizmodo.com)

• #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities | CISA

• Largest Canadian bookstore Indigo shuts down site after cyber ttack (bleepingcomputer.com)

• Kaspersky Finds Growing Number of Parents Experiencing Ransomware Attacks on Children's Schools (darkreading.com)

• Hackers hit Vesuvius, UK engineering company shuts down affected systems • Graham Cluley

• MKS Instruments falls victim to ransomware attack | CSO Online

• North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | CyberScoop

Phishing & Email Based Attacks

• Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)

• Employees Fail to Report 98% of Email Cyber Hacks To Security Teams, Study Finds - MSSP Alert

• An email attack can end up costing you over $1 million - Help Net Security

• What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)

• How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)

• Cyber criminals exploit volatile job market for targeted email attacks - Help Net Security

• Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate | South China Morning Post (scmp.com)

• 'Phishing-as-a-service' kits drive uptick in theft: One business owner's story (cnbc.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

• NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)

BEC – Business Email Compromise

• What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)

Malware

• Hacker develops new 'Screenshotter' malware to find high-value targets (bleepingcomputer.com)

• Threat group targets over 1,000 companies with screenshotting and infostealing malware | CSO Online

• ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (thehackernews.com)

• Hackers backdoor Windows devices in Sliver and BYOVD attacks (bleepingcomputer.com)

• GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (thehackernews.com)

• Novel Banking Trojan 'PixPirate' Targets Brazil - Infosecurity Magazine (infosecurity-magazine.com)

• New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)

• Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (thehackernews.com)

Mobile

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek

• Android phones from Chinese vendors share private data • The Register

• 'Money Lover' Finance App Exposes User Data (darkreading.com)

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• Android 14 to block malware from abusing sensitive permissions (bleepingcomputer.com)

• UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)

• Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Denial of Service/DoS/DDOS

• Passion botnet cyber  Attacks hit healthcare, as actors offer threat as DDoS-as-a-service  | SC Media (scmagazine.com)

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• Tor and I2P networks hit by wave of ongoing DDoS attacks (bleepingcomputer.com)

• Experts published a list of proxy IPs used by the group Killnet-security affairs

Internet of Things – IoT

• Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)

• Security manufacturer’s smart cameras went dark for two hours (mybroadband.co.za)

• Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek

• NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)

Data Breaches/Leaks

• Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)

• Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

• TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (bleepingcomputer.com)

• 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder - SecurityWeek

• US Cyber Ambassador's Twitter account hacked • The Register

• Over 12% of analysed online stores expose private data, backups (bleepingcomputer.com)

• 'Money Lover' Finance App Exposes User Data (darkreading.com)

• Reddit reveals security incident • The Register

• Reddit Suffers Security Breach Exposing Internal Documents and Source Code (thehackernews.com)

Organised Crime & Criminal Actors

• Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)

• Minister: Cyber crimes Now 20% of Spain’s Registered Offenses - SecurityWeek

• Finland’s Most-Wanted Hacker Nabbed in France – Krebs on Security

• Australian Man Sentenced for Scam Related to Optus Hack  - SecurityWeek

• Bungling Optus scammer was no criminal mastermind • Graham Cluley

• Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto investors lost nearly $4 billion to hackers in 2022 (cnbc.com)

• Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)

• Avraham Eisenberg in court accused of crypto exchange crash • The Register

• Crypto Drainers Are Ready to Ransack Investor Wallets (darkreading.com)

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• FTX Being Advised by Cyber security Firm Sygnia on Hack Inquiry, CEO Ray Says (coindesk.com)

• Scammers steal $4 million in crypto during in-person meeting • The Register

• Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs (trendmicro.com)

Insider Risk and Insider Threats

• Another RAC staffer nabbed for sharing road accident data • The Register

• Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (bitdefender.com)

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

Fraud, Scams & Financial Crime

• PayPal and Twitter abused in Turkey relief donation scams (bleepingcomputer.com)

• Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)

• Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

• Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware (darkreading.com)

• As V-Day nears: Romance scams cost victims $1.3B last year • The Register

• What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)

• Father killed himself after falling victim to romance scam | News | The Times

• 'Brushing' scams send people free items, but could be a warning sign about a data breach - ABC News

• Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek

• From ‘hi mum’ to crypto fraud: five of the latest scams to watch out for | Cyber crime | The Guardian

• Criminals use Telegram to recruit 'walkers' as America's big banks see an 84% increase in check fraud (cnbc.com)

• 5 Financial Scams To Watch Out For In 2023 (cnbc.com)

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• Banks leave doors open for scammers with flaws in online security | This is Money

• Trio Arrested in COVID PPE Fraud Probe - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs

Impersonation Attacks

• What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)

• HTML smuggling campaigns impersonate well-known brands to deliver malware | CSO Online

AML/CFT/Sanctions

• How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)

• UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online

• US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek

Insurance

• Tackling the New Cyber Insurance Requirements: Can Your Organisation Comply? (thehackernews.com)

• Cyber Insurance, A Must-Have for Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• How to Optimise Your Cyber Insurance Coverage (darkreading.com)

Dark Web

• BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow (informationsecuritybuzz.com)

• Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Have we learnt nothing from SolarWinds supply chain attacks? • The Register

• Vulnerability Provided Access to Toyota Supplier Management Network - SecurityWeek

Software Supply Chain

• Security pros say third parties are increasingly the cause of cyber security incidents | SC Media (scmagazine.com)

Cloud/SaaS

• How the Cloud Is Shifting CISO Priorities (darkreading.com)

• Cloud Apps Still Demand Way More Privileges Than They Use (darkreading.com)

• Amazon S3 to apply security best practices for all new buckets - Help Net Security

• Why Some Cloud Services Vulnerabilities Are So Hard to Fix (darkreading.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

• 7 Critical Cloud Threats Facing the Enterprise in 2023 (darkreading.com)

Hybrid/Remote Working

• Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)

• Predictions For Securing Today's Hybrid Workforce (darkreading.com)

Identity and Access Management

• 4 identity predictions for 2023 | TechTarget

Encryption

• It Isn't Time to Worry About Quantum Computing Just Yet (darkreading.com)

• UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)

API

• 10 API Security Best Practices To Protect Your Organisation (informationsecuritybuzz.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)

Biometrics

• Novel face swaps emerge as a major threat to biometric security - Help Net Security

Social Media

• Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis? (darkreading.com)

• Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs

Malvertising

• FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (thehackernews.com)

• Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)

Training, Education and Awareness

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

• Infosec Launches New Office Comedy Themed Security Awareness Training Series (darkreading.com)

Parental Controls and Child Safety

• It’s never too early to chat to your kids about online safety | Sarah Ayoub | The Guardian

Regulations, Fines and Legislation

• Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)

• While governments pass privacy laws, companies struggle to change - Help Net Security

• Prioritising Cyber security Regulation Harmonisation (darkreading.com)

Governance, Risk and Compliance

• Quarter of CFOs Have Suffered $1m+ Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• A Hackers Pot of Gold: Your MSP's Data (thehackernews.com)

• The dangers of unsupported applications - Help Net Security

• Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)

• Trends that impact on organisations' 2023 security priorities - Help Net Security

• With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)

• Optimising Cyber security Investments in a Constrained Spending Environment (darkreading.com)

• Surge of swatting attacks targets corporate executives and board members | CSO Online

• Lessons From the Cold War: How Quality Trumps Quantity in Cyber security (darkreading.com)

• Cyber Hygiene: How to get buy-in from employees (trendmicro.com)

Models, Frameworks and Standards

• NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)

Data Protection

• Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)

• While governments pass privacy laws, companies struggle to change - Help Net Security

• Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Hong Kong police and Interpol uncover servers and apps used by global phishing syndicate | South China Morning Post (scmp.com)

• European Police Arrest 42 After Cracking Covert App - SecurityWeek

• Eurocops shut down Exclu encrypted messaging app • The Register

• Vastaamo hacking suspect arrested in France | TechTarget

• Finnish psychotherapy extortion suspect arrested in France – Naked Security (sophos.com)

Privacy, Surveillance and Mass Monitoring

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• Steps To Planning And Implementation Of Data Privacy (informationsecuritybuzz.com)

• ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica

Artificial Intelligence

• Adversaries Using OpenAI’s ChatGPT Chatbot for Cyber  Attacks? Here are Some Clues - MSSP Alert

• Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)

• IT Leaders Reveal Cyber Fears Around ChatGPT - Infosecurity Magazine (infosecurity-magazine.com)

• How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)

• ChatGPT's potential to aid attackers puts IT pros on high alert - Help Net Security

• Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica

• ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica

• Jailbreak Trick Breaks ChatGPT Content Safeguards (darkreading.com)

• Generative AI: A benefit and a hazard - Help Net Security

• Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Google's Bard AI bot mistake wipes $100bn off shares - BBC News

• $120bn wiped off Google after Bard AI chatbot gives wrong answer (telegraph.co.uk)

• Why ChatGPT Isn't a Death Sentence for Cyber Defenders (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Pro-Russian hacktivist group Killnet could just be getting started (axios.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• What is hybrid warfare? Inside the centre dealing with modern threats - BBC News

• Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB's warrantless surveillance-security affairs

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)

• Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)

• New Info-Stealer Discovered as Russia Prepares for New Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• The impact of Russia's Ukraine invasion on digital threats - Help Net Security

• Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)

• Spies, Hackers, Informants: How China Snoops on the US - SecurityWeek

• US teases new China tech sanctions to deflate balloon-makers • The Register

Nation State Actors

• Pro-Russian hacktivist group Killnet could just be getting started (axios.com)

• With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• Android mobile devices from top vendors in China have pre-installed malware-security affairs

• China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)

• Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op - SecurityWeek

• US Downs Chinese Balloon Off Carolina Coast - SecurityWeek

• How did the US successfully shoot down China's 'spy balloon' with a single missile - and what was on it? | US News | Sky News

• Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register

• Android phones from Chinese vendors share private data • The Register

• US sources insist Chinese balloon was military - BBC News

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)

• SNP MP Stewart McDonald's emails hacked by Russian group - BBC News

• Australia to remove Chinese surveillance cameras amid security fears - BBC News

• Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)

• Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)

• UN Experts: North Korean Hackers Stole Record Virtual Assets - SecurityWeek

• Mysterious Russian satellites are now breaking apart in low-Earth orbit | Ars Technica

• New Info-Stealer Discovered as Russia Prepares for New Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• Downed balloon one of a ‘fleet’ of Chinese surveillance devices, US alleges | Surveillance | The Guardian

• #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities | CISA

• The impact of Russia's Ukraine invasion on digital threats - Help Net Security

• Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)

• Experts published a list of proxy IPs used by the group Killnet-security affairs

• NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities (thehackernews.com)

• NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)

• US teases new China tech sanctions to deflate balloon-makers • The Register

• North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | Cyber scoop

Vulnerability Management

• Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition | CSO Online

• The dangers of unsupported applications - Help Net Security

• Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)

• Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget

• How to fix the top 5 cyber security vulnerabilities | TechTarget

• 20 Powerful Vulnerability Scanning Tools In 2023 (informationsecuritybuzz.com)

Vulnerabilities

• High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)

• GoAnywhere MFT Users Warned of Zero-Day Exploit - SecurityWeek

• Serious security hole plugged in infosec tool binwalk | The Daily Swig (portswigger.net)

• Cisco fixed command injection bug in IOx Application Hosting Environment-security affairs

• Vulnerability In F5 BIG-IP May Cause DoS And Code Execution (informationsecuritybuzz.com)

• GoAnywhere MFT zero-day flaw actively exploited-security affairs

• Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release-security affairs

• Critical vulnerability patched in Jira Service Management Server and Data Center | CSO Online

• Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (thehackernews.com)

• Exploit released for actively exploited GoAnywhere MFT zero-day (bleepingcomputer.com)

• OpenSSL Ships Patch for High-Severity Flaws - SecurityWeek

• Patch Released for Actively Exploited GoAnywhere MFT Zero-Day - SecurityWeek

• Unpatched Security Flaws Disclosed in Multiple Document Management Systems (thehackernews.com)

• SonicWall warns web content filtering is broken on Windows 11 22H2 (bleepingcomputer.com)

• Chrome 110 Patches 15 Vulnerabilities - SecurityWeek

• OpenSSL Fixes Multiple New Security Flaws with Latest Update (thehackernews.com)

• Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek

Tools and Controls

• Growing number of endpoint security tools overwhelm users, leaving devices unprotected | CSO Online

• Poor Endpoint Device Management Trigger Cyber  Attacks, New Report Finds - MSSP Alert

• Implementing Digital Rights Management Systems to Safeguard Against Unauthorised Access Of Protected Content (informationsecuritybuzz.com)

• Endpoint security getting easier, but most organisations lack tool consolidation - Help Net Security

Other News

• A Hackers Pot of Gold: Your MSP's Data (thehackernews.com)

• Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online

• How to Think Like a Hacker and Stay Ahead of Threats (thehackernews.com)

• Surge of swatting a attacks targets corporate executives and board members | CSO Online

• Bermuda: Major Internet And Power Outage Strikes (informationsecuritybuzz.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.