Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 05 April 2024
Black Arrow Cyber Threat Intelligence Briefing 05 April 2024:
-Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns
-Ransomware Incidents Reported to UK Financial Regulator Doubled
-Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023
-Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023
-AI Abuse and Misinformation Campaigns Threaten Financial Institutions
-Security Teams are ‘Overconfident’ About Handling Next-Gen Threats
-AI Makes Phishing Attacks Accessible to Basic Users
-Cyber Attacks Wreaking Physical Disruption on the Rise
-73% Brace for Cyber Security Impact on Business in Next Two Years
-To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset
-Cyber Security Imperative for Protecting Executives
-The Increasing Role of Cyber Security Experts in Complex Legal Disputes
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns
According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.
Sources: [Help Net Security ] [Dark Reading]
Ransomware Incidents Reported to UK Financial Regulator Doubled
The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.
Sources: [Digital Journal] [Digital Journal]
Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023
According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.
A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.
To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.
Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]
Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023
According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.
The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.
Sources: [Infosecurity Magazine] [Infosecurity Magazine]
AI Abuse and Misinformation Campaigns Threaten Financial Institutions
According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.
Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”
Source: [Help Net Security]
Security Teams are ‘Overconfident’ About Handling Next-Gen Threats
In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.
Source: [CSO Online]
AI Makes Phishing Attacks Accessible to Basic Users
One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.
Source: [The Economic Times]
Cyber Attacks Wreaking Physical Disruption on the Rise
According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.
Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.
Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.
Source: [Dark Reading]
73% Brace for Cyber Security Impact on Business in Next Two Years
A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.
Source: [Help Net Security]
To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset
2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.
Source: [IBTimes]
Cyber Security Imperative for Protecting Executives
The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.
Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.
Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.
Source: [Forbes]
The Increasing Role of Cyber Security Experts in Complex Legal Disputes
Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.
Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.
Source: [JDSupra]
Governance, Risk and Compliance
Ransomware incidents reported to UK financial regulator have doubled - Digital Journal
AI abuse and misinformation campaigns threaten financial institutions - Help Net Security
The Big Question: Are SMEs now at the forefront of cyber risks? - Emerging Risks Media Ltd
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week
Security teams are ‘overconfident’ about handling next-gen threats | CSO Online
Banks told to expand risk management to cover AI (finextra.com)
Corporations With Cyber Governance Create 4X More Value (darkreading.com)
Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ
73% brace for cyber security impact on business in the next year or two - Help Net Security
Businesses overestimating their skills amid cyber security crisis, survey reveals (holyrood.com)
Why your data isn’t as safe as you think and what it could cost you - IT Security Guru
Unspoken Battle: Cyber Security Imperative For Protecting Executives (forbes.com)
Businesses must prioritise prevention to lock out online threats (yahoo.com)
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Lessons from the World's Costliest Corporate Cyber Attacks - Management Today
Three trends set to drive cyber attacks in 2024 (networkingplus.co.uk)
Why Cyber Security Is a Whole-of-Society Issue (darkreading.com)
Instilling the Hacker Mindset Organisationwide (darkreading.com)
How CISOs Can Make Cyber Security a Long-Term Priority for Boards (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Cyber security incidences surge in the UK financial services sector - Digital Journal
Ransomware attacks rise by 46% in February 2024, finds NCC Group (securitybrief.co.nz)
RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Trend Micro: LockBit ransomware gang's comeback is failing | TechTarget
Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)
Ransomware Victims
Ransomware attacks ravaged municipal governments in March | TechTarget
NHS Scotland confirms ransomware attackers leaked patients' data - Help Net Security
Yacht retailer MarineMax discloses data breach after cyber attack (bleepingcomputer.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Ransomware gang leaks UK city council’s confidential files • The Register
Omni Hotels confirms cyber attack behind ongoing IT outage (bleepingcomputer.com)
World’s second-largest lens-maker blinded by cyber incident • The Register
Phishing & Email Based Attacks
This new phishing attack targets iPhone and Android alike via RCS | TechRadar
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
$1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)
Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff – POLITICO
Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)
Phishing Attacks Targeting Political Parties, Germany Warns (govinfosecurity.com)
A phish by any other name should still not be clicked – Computerworld
Google now blocks spoofed emails for better phishing protection (bleepingcomputer.com)
New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (thehackernews.com)
Microsoft Teams phishing attacks and how to prevent them | TechTarget
Artificial Intelligence
Banks told to expand risk management to cover AI (finextra.com)
AI abuse and misinformation campaigns threaten financial institutions - Help Net Security
22% of employees admit to breaching company rules with GenAI - Help Net Security
6 Prompts You Don't Want Employees Putting in Microsoft Copilot (bleepingcomputer.com)
Microsoft Copilot Blocked on US Congress Devices Over Security Concerns | Cryptopolitan
Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)
Microsoft Announces New Safety System to Filter Malicious AI Output | Extremetech
Microsoft GM on AI and elections: 'There will be fakes' • The Register
The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)
Chinese hackers turn to AI to meddle in elections | CyberScoop
Security and AI occupy SME thoughts | Microscope (computerweekly.com)
Malware
Escalating malware tactics drive global cyber crime epidemic - Help Net Security
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)
TheMoon Malware Rises Again with Malicious Botnet for Hire (darkreading.com)
Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (thehackernews.com)
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (thehackernews.com)
Botnets: The uninvited guests that just won’t leave | CSO Online
Detecting Windows-based Malware Through Better Visibility (thehackernews.com)
Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar
Europe subjected to Mispadu trojan attacks | SC Media (scmagazine.com)
YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)
The Biggest Takeaways from Recent Malware Attacks (bleepingcomputer.com)
Thousands of Australian Businesses Targeted With RAT (darkreading.com)
Mobile
This new phishing attack targets iPhone and Android alike via RCS | TechRadar
2 wireless protocols expose mobile users to spying — the FCC wants to fix that - Nextgov/FCW
Location tracking and the battle for digital privacy - Help Net Security
How and why to enable Stolen Device Protection on your iPhone (idownloadblog.com)
Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Porsche Kills Two More Models Due to Cyber Security Regulations - autoevolution
UK Encouraged to Prioritise Cyber Security with Electric Vehicle Charging Points - Electrical Times
Data Breaches/Leaks
Highly sensitive files mysteriously disappeared from EUROPOL headquarters (securityaffairs.com)
Almost 2.9M impacted by Harvard Pilgrim Health Care breach | SC Media (scmagazine.com)
Ivanti-linked breach of CISA potentially affected more than 100,000 individuals | CyberScoop
Prudential Insurance says data of 36,000 exposed during February cyber attack (therecord.media)
Hotel Self Check-In Kiosks Exposed Room Access Codes - Security Week
Nearly 1M medical records feared stolen from City of Hope • The Register
SurveyLama data breach exposes info of 4.4 million users (bleepingcomputer.com)
Cyber criminals steal data of around 700,000 Apotheka pharmacy customers | News | ERR
PandaBuy data breach allegedly impacted +1.3M customers (securityaffairs.com)
OWASP discloses breach due to a Wiki web server misconfig • The Register
US cancer center data breach exposes info of 827,000 patients (bleepingcomputer.com)
Organised Crime & Criminal Actors
Escalating malware tactics drive global cyber crime epidemic - Help Net Security
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week
Rise of non-tech hackers: new era of cyber threats - VnExpress International
India rescuing citizens forced into cyber fraud schemes in Cambodia | Reuters
Cyber criminal adoption of browser fingerprinting - Help Net Security
With just $700 and a Raspberry Pi — you too can become a cyber criminal | TechRadar
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX founder Sam Bankman-Fried sentenced to 25 years for crypto fraud (cnbc.com)
$1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)
Insider Risk and Insider Threats
Human risk is the top cyber threat for IT teams - Help Net Security
Instilling the Hacker Mindset Organisation wide (darkreading.com)
Insurance
Can cyber insurance help secure business? | Mint (livemint.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Supply Chain and Third Parties
Cloud/SaaS
How much does cloud-based identity expand your attack surface? - Help Net Security
Who owns your data? SaaS contract security, privacy red flags | CSO Online
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
Identity and Access Management
Linux and Open Source
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking (thehackernews.com)
Red Hat warns of backdoor in XZ tools used by most Linux distros (bleepingcomputer.com)
A new XZ backdoor scanner will be able to safeguard any Linux binary from threats (msn.com)
What we know about the xz Utils backdoor that almost infected the world | Ars Technica
Malicious xz backdoor reveals fragility of open source • The Register
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)
German state switches to LibreOffice, promises Windows move • The Register
Passwords, Credential Stuffing & Brute Force Attacks
Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)
American fast-fashion firm Hot Topic hit by credential stuffing attacks (securityaffairs.com)
Social Media
WhatsApp was down in Meta’s second big outage this year | TechCrunch
YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)
Malvertising
Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar
New Chrome feature aims to stop hackers from using stolen cookies (bleepingcomputer.com)
Training, Education and Awareness
Human risk is the top cyber threat for IT teams - Help Net Security
Instilling the Hacker Mindset Organisation wide (darkreading.com)
Regulations, Fines and Legislation
Ransomware incidents reported to UK financial regulator have doubled - Digital Journal
EU's reimagined NIS 2 cyber security vision to go live (electronicspecifier.com)
6 business benefits of data protection and GDPR compliance | TechTarget
Treasury accuses banks of 'insufficient data sharing' on fraud | American Banker
A CISO's Guide to Materiality and Risk Determination (darkreading.com)
Models, Frameworks and Standards
Using the NIST CSF for Strong Cyber Security Compliance | NAVEX - JDSupra
NIST And CISA: 13 Must-Review Resources For SMBs (forbes.com)
Are businesses prepared for the CSF 2.0 challenge? - Digital Journal
Backup and Recovery
World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)
Data protection vs. data backup: How are they different? | TechTarget
Data Protection
6 business benefits of data protection and GDPR compliance | TechTarget
How to conduct a data privacy audit, step by step | TechTarget
Data protection vs. data backup: How are they different? | TechTarget
Careers, Working in Cyber and Information Security
The Complexity and Need to Manage Mental Well-Being in the Security Team - Security Week
Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ
Unlocking Cyber Security Success: The Importance of Certifications - ClearanceJobs
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Are you okay? Understanding the world of a CISO | CSO Online
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Wars prompt questions for facial recognition providers, and obscure the answers | Biometric Update
UN Peace Operations Under Fire from State-Sponsored Hackers (darkreading.com)
Nation State Actors
China
UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal – POLITICO
Pulling the Curtain Back on China’s Cyberespionage (informationweek.com)
MPs challenge government claims China cyber attack was unsuccessful (ft.com)
Chinese hackers turn to AI to meddle in elections | CyberScoop
UK, Czech ministers among China’s hacking targets – POLITICO
Security fears over supercomputer deal with Chinese firm Lenovo (thetimes.co.uk)
Russia
Ukraine gives award to foreign vigilantes for hacks on Russia - BBC News
STA: Russian hackers take responsibility for cyber attack on Slovenia
Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny | CNN Politics
Russian network that 'paid European politicians' busted, authorities claim - BBC News
Russia charges suspects behind theft of 160,000 credit cards (bleepingcomputer.com)
Iran
Iran's Evolving Cyber Enabled Influence Operations to Support Hamas (darkreading.com)
Satellite Cyber Security, Iran, and the Israel-Hamas War | Geopolitical Monitor
North Korea
Vulnerability Management
CVE and NVD - A Weak and Fractured Source of Vulnerability Truth - Security Week
Attack Surface Management vs. Vulnerability Management (thehackernews.com)
Vulnerabilities
Are You Affected by the Backdoor in XZ Utils? (darkreading.com)
Red Hat issues urgent alert for Fedora Linux users due to malicious code (betanews.com)
Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)
Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)
Cisco addressed high-severity flaws in IOS and IOS XE software (securityaffairs.com)
Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure (thehackernews.com)
Apple GoFetch was caused by an obsession with speed • The Register
Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! - Security Week
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (thehackernews.com)
Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems - Security Week
Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)
Splunk Patches Vulnerabilities in Enterprise Product - Security Week
JetBrains fixes 26 'security problems,' offering no details • The Register
Tools and Controls
RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)
New XZ backdoor scanner detects implant in any Linux binary (bleepingcomputer.com)
The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)
How much does cloud-based identity expand your attack surface? - Help Net Security
How Pentesting-as-a-Service can Reduce Overall Security Costs (bleepingcomputer.com)
Building a cyber security risk assessment template - Security Boulevard
Microsoft unveils safety and security tools for generative AI | InfoWorld
The Biggest Mistake Security Teams Make When Buying Tools (darkreading.com)
World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
Can cyber insurance help secure business? | Mint (livemint.com)
71% Website Vulnerable: API Security Becomes Prime Target for Hackers - Security Boulevard
Old Technology, New Tricks: Why DNS Is Still A Major Security Target (forbes.com)
Cyber Risk Management: A Beginner's Guide - Security Boulevard
Microsoft Entra Recommendations adds several more for better user security - Neowin
A CISO's Guide to Materiality and Risk Determination (darkreading.com)
Attack Surface Management vs. Vulnerability Management (thehackernews.com)
Why a Cloud Security Platform Approach is Critical | Trend Micro (US)
The Importance Of Physical Cyber Security Testing (forbes.com)
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Human risk is the top cyber threat for IT teams - Help Net Security
Data protection vs. data backup: How are they different? | TechTarget
SIEM Implementation: Strategies and Best Practices | MSSP Alert
Is Windows Defender All the Antivirus Protection You Need? (makeuseof.com)
Other News
Cyber Attacks Wreaking Physical Disruption on the Rise (darkreading.com)
Cyber Safety Review Board: Microsoft security culture 'inadequate' (geekwire.com)
Microsoft slammed for lax infosec that led to Exchange crack • The Register
Infosec professionals praise CSRB report on Microsoft breach | TechTarget
76% of consumers don't see themselves as cyber crime targets - Help Net Security
Shielding the lifelines: Protecting energy and infrastructure from cyber threats (betanews.com)
Cyber Security Statistics In 2024: Is Your Law Firm Protected? - Above the Law
Sellafield nuclear waste dump faces prosecution over cyber security failures (bitdefender.com)
Australia Doubles Down On Cyber Security After Attacks (darkreading.com)
Furry Hackers Use Church's Money To Buy Inflatable Sea Lions (dailydot.com)
Windows 10 Support Deadline: Your Guide to Extended Security Updates (ESU) (mspoweruser.com)
Healthcare's cyber resilience under siege as attacks multiply - Help Net Security
Rise of non-tech hackers: new era of cyber threats - VnExpress International
Why Cultural Institutions Are Rich Targets for Cyber Attackers (informationweek.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 March 2024
Black Arrow Cyber Threat Intelligence Briefing 08 March 2024:
-FBI Reports Cyber Crime Losses Reached $12.5 billion in 2023, Ransomware Losses Surged by 74%, Average Ransomw Demand Reaching $600k
-Capita Plans £100 Million in Cost Cuts as it Continues to Grapple With 2023 Cyber Attack, Resulting in Significant Job Losses
-Employment Law Firm Sues IT Company Over Ransomware Attack
-Stolen Passwords are a Hacker Goldmine
-Phishing Attacks Up 40 Percent in 2023; Attackers Leverage Social Engineering for Greater Success
-Business Leaders Don’t Even Know They’ve Been Hacked
-Rising Cyber Security Risks: Insider Threat Main Concern Among Mid-Market Firms
-Security Risks Plague SMEs in Shift to Remote Working
-After Collecting $22 Million, Ransomware Group Stages FBI Takedown
-Cyber Attacks Remain Chief Concern for Businesses
-Two New Ransomware Groups Join Forces to Launch Joint Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
FBI Reports Cyber Crime Losses Reached $12.5 billion in 2023, Ransomware Losses Surged by 74%, Average Ransom Demand Reaching $600k
An FBI report into the cost of cyber crime has found that estimated losses in the US alone reached $12.5 billion in 2023. Ransomware accounted for $59.6 million, a 74% increase from the previous year’s report. Of note, the FBI report only deals with complaints made to the FBI; it therefore excludes other countries, and relies on the US organisations to identify that they have been impacted. It is therefore likely that the figure in the US, let alone globally, is significantly higher.
Sources: [Security Boulevard] [Security Week] [Infosecurity Magazine] [Tripwire] [Security Affairs]
Capita Plans £100 Million in Cost Cuts as it Continues to Grapple With 2023 Cyber Attack, Resulting in Significant Job Losses
In the aftermath of a significant cyber attack in 2023, Capita faces a steep financial hurdle with reported losses amounting to £106.6 million. Originally forecasted at £25 million, the revised figure underscores the substantial impact of the breach. Capita’s response strategy, including significant investments in recovery and cyber security bolstering, emphasises the escalating costs associated with data breaches. CEO Adolfo Hernandez announced plans for a substantial cost reduction of over £100 million, indicating the critical need for efficiency improvements to mitigate the financial strain. Capita’s experience serves as a potent reminder of the critical importance of robust cyber resilience strategies. These strategies are not just about preventing attacks, but also about mitigating the potentially devastating financial consequences should a breach occur.
Source: [ITPro]
Employment Law Firm Sues IT Company Over Ransomware Attack
A law firm in California has sued an IT solutions company, saying that after hiring the company to install a network system and server, the law firm suffered a ransomware attack. The law firm found that not long after the network was installed, they were unable to access their data, and when they had gone to retrieve a cloud backup, they had found this was already deleted, forcing them to pay the ransom to get their data back. The law firm is accusing the IT company of negligence and breach of contract and is seeking damages of at least $1 million.
Source: [Law360]
Stolen Passwords are a Hacker Goldmine
Passwords are not only crucial for organisational security, but they also come with significant costs and vulnerabilities. From the time spent by service desks on resets, to the expense of security incidents and breaches, the financial toll is substantial. Weak or reused passwords heighten the vulnerability, with breaches involving stolen credentials costing an average of $4.45 million. Cyber threats are evolving, with hackers increasingly favouring stolen user accounts over traditional malware. This shift, underscored by a notable 71% increase in attacks leveraging valid login credentials in 2023 as reported by CrowdStrike and IBM, highlights the repercussions of compromised credentials. Embracing technologies like multi-factor authentication (MFA) and single sign-on (SSO), along with employee education, can bolster security while alleviating financial strains. Robust identity management and zero-trust security frameworks are essential to mitigate risks further, especially in the face of rising cloud intrusions. Proactive investments in password security software such as password managers can help streamline operations and enhance overall organisational resilience against these evolving threats.
Sources: [Bleeping Computer] [Axios]
Phishing Attacks Up 40 Percent in 2023; Attackers Leverage Social Engineering for Greater Success
Kaspersky recently released their annual spam and phishing report in which they identified over 709 million attempts to access phishing and scam websites, a 40% increase from the previous year. It should be noted that this number is just related to Kaspersky’s identification; the figure is likely far greater. With reports identifying that 90% of phishing involves social engineering, it is important to understand how it is leveraged.
Phishing attacks generally include an element of trust; for example, a bad actor impersonating a reputable brand or providing details about an individual that makes the attack more credible. Often, social engineering will rely on human characteristics, such as urgency, emotion and habit to try to manipulate the target to perform particular actions. Whilst the tools may change, the basis is the same; a successful phish requires user interaction. To mitigate the impact of phishing in corporate environments, organisations must stay informed about the latest adversarial activity and prioritise security measures such as multi-factor authentication (MFA) and providing employee awareness and education training that goes beyond ticking boxes.
Sources: [Beta News] [CSO Online] [Security Boulevard] [DarkReading]
Business Leaders Don’t Even Know They’ve Been Hacked
A survey of over 10,000 business leaders across various industries has found that a number of business leaders know little when it comes to their organisation’s cyber security landscape, with 1 in 10, “unsure” and unable to provide a definitive answer as to whether their organisation has had a data breach in 2023. The report highlights that there are a number of leadership positions that are not receiving sufficient information about their organisation’s data security situation.
Receiving regular reports with metrics about the organisation’s cyber security posture is key to organisations achieving and maintaining a solid level of governance, something that is required in various standards and regulations.
Source: [Tech.Co]
Rising Cyber Security Risks: Insider Threat Main Concern Among Mid-Market Firms
According to the 2023 CyberArk Identity Security Threat Landscape Report, insider threats are on the rise, with 68% of organisations reporting an increased frequency in the past year. These threats, considered one of the top concerns over the next 12 months, stem from within an organisation where authorised employees exploit their access to steal or leak sensitive data. Factors such as flexible working, an increase in job transitions, workforce reductions, third-party relationships, economic uncertainties, and employee stress levels further compound these challenges. Negligence, accounting for 62% of insider incidents, plays a significant role; these threats aren’t always malicious but can also be negligent or accidental. As these threats evolve, the potential consequences, including revenue loss and reputational damage, are becoming more apparent to business leaders. To mitigate risks, companies must prioritise improving identity security, particularly in controlling privileged access, and embrace a Zero Trust approach. This ensures full visibility and control over access to sensitive data, safeguarding critical assets and enhancing cyber resilience in an increasingly volatile landscape. Other key identified threats include AI-related risks, ransomware, deep fakes, and malware.
Sources: [TechRadar] [Comms Business]
C-Suite Executives: An Attacker’s Dream?
Cyber criminals are increasingly focusing on high-value targets, particularly C-suite executives who hold extensive organisational access. These executives, often overlooked in security practices and training, have become vulnerable links. The cyber security landscape of 2023 saw significant advancements but also revealed vulnerabilities, exacerbated by global conflicts and strategic cyber attacks. Cyber actors are now targeting entities with high return potential, with ransomware attackers tailoring their strikes to maximise revenues, often from smaller organisations. Interestingly, while automation is on the rise, cyber criminals are opting for a human touch, with human operatives often behind attacks. A report last year showed a nearly 30% spike in fraud specifically targeting senior executives, highlighting the vulnerability of the C-suite. This emphasises the need for robust cyber resilience strategies to safeguard these high-value targets.
Source: [SecurityBrief New Zealand]
Security Risks Plague SMEs in Shift to Remote Working
In the wake of the COVID-19 pandemic, remote working surged, offering businesses newfound flexibility and cost efficiencies. However, this paradigm shift comes with its own set of security challenges, particularly impacting startups and small businesses. The inherent flexibility of remote work exposes companies to risks like unauthorised access, IP theft, and malware. These threats are especially potent for SMEs, jeopardising their financial stability and reputation. Robust security measures include VPNs, enforcing regular software updates, and employee training to mitigate these risks. By embracing these strategies, SMEs can navigate the remote work landscape securely, unlocking its benefits while safeguarding against potential threats.
Source: [SecurityBrief New Zealand]
After Collecting $22 Million, Ransomware Group Stages FBI Takedown
The ransomware group responsible for facilitating a huge attack against a US prescription drug company for $22 million has gone dark, days after receiving the payment and standing accused of scamming their own affiliate out of their share of the gains. Days after the payment was made, AlphV’s public website started displaying a message saying it had been seized by the FBI as part of an international law enforcement action. Ransomware researchers have since said that it has not actually been seized, but appears to be a ploy to exit scam affiliates of the ransomware group. This proves the old adage that there really is no honour among thieves.
Source: [Ars Technica]
Cyber Attacks Remain Chief Concern for Businesses
A recent report has underscored the growing concern among UK corporate businesses regarding cyber attacks as the primary fraud threat in the upcoming year, with 73% of respondents expressing worry. As businesses grapple with the shift to hybrid and remote work models, ensuring robust counter-fraud measures and internal controls is imperative to safeguarding workforces regardless of location. This situation emphasises the critical importance of investing in employee training to combat evolving fraud threats. It highlights the far-reaching consequences that fraud can have on organisations and underscores the necessity of fostering an anti-fraud culture across all levels of the enterprise.
Source: [TheHRDirector]
Two New Ransomware Groups Join Forces to Launch Joint Attacks
Two ransomware groups, Ghostsec and Stormous, have joined forces to conduct double extortion ransomware attacks on various businesses across multiple countries. As part of this, their new ransomware-as-a-service (RaaS) program, STMX_GhostLocker, provides various options for their affiliates. GhostSec is already part of a coalition called the five families, involving 4 other entities. The group ventured into RaaS last year, offering services for as little as $269.99 per month.
Source: [The Hacker News]
Governance, Risk and Compliance
FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week
1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)
Cyber attacks remain chief concern for businesses | theHRD (thehrdirector.com)
What Cyber Security Chiefs Need From Their CEOs (darkreading.com)
Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)
The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly
NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com
CISOs Tackle Compliance With Cyber Guidelines (informationweek.com)
Are C-suite executives cyber security's weakest link? (securitybrief.co.nz
30 years of the CISO role – how things have changed since Steve Katz | CSO Online
How to create an efficient governance control program - Help Net Security
Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)
Resilience is built on a solid framework | Professional Security
Research finds that cyber security leaders are taking on multiple roles | Security Magazine
Threats
Ransomware, Extortion and Destructive Attacks
ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)
Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360
Report: Average Initial Ransomware Demand in 2023 Reached $600K - Security Boulevard
What’s Fueling the Ransomware Epidemic? | Symantec Enterprise Blogs (security.com)
Banning ransomware payments back on the agenda | Computer Weekly
BlackCat Goes Dark After Ripping Off Change Healthcare Ransom (darkreading.com)
Uncle Sam intervenes in Change Healthcare ransomware fiasco • The Register
US cyber and law enforcement agencies warn of Phobos ransomware attacks (securityaffairs.com)
Experts echo calls for ransomware ban as LockBit rallies • The Register
Government urged to ban ransom payments to cyber criminals (computing.co.uk)
Ransomware spikes against critical infrastructure, says FBI • The Register
Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security
Government was third-largest ransomware target last year: FBI - Defense One
JetBrains TeamCity under attack by ransomware thugs • The Register
Ransomware Victims
A Deep Dive into the 2024 Prudential and LoanDepot Breaches - Security Boulevard
Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360
After collecting $22 million, AlphV ransomware group stages FBI takedown | Ars Technica
Change Healthcare hack cripples payment systems across health providers - The Washington Post
Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED
Capita raises threat of further job cuts under plans to save another £100m | BelfastTelegraph.co.uk
First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)
UnitedHealth's cyber attack should be a 'wake-up call' for healthcare (yahoo.com)
Security leaders weigh in on the recent UnitedHealth cyber attack | Security Magazine
Canada's anti-money laundering agency offline after cyber attack (bleepingcomputer.com)
Uncle Sam intervenes in Change Healthcare ransomware fiasco • The RegisterFidelity Investments Notifying 28,000 People of Data Breach - Security Week
Duvel says it has "more than enough" beer after ransomware attack (bleepingcomputer.com)
Thousands of Dutch passports stolen in ransomware attacks available on dark web | NL Times
Corporate Greed Made the Change Healthcare Cyber attack Worse (nymag.com)
Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)
Possible China link to Change Healthcare ransomware attack • The Register
Action needed to avoid repeat of Southern Water cyber attack - Utility Week
Phishing & Email Based Attacks
Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)
How attackers leverage social engineering for greater scamming success | CSO Online
Cyber Criminals Spoof US Government Organisations in BEC, Phishing Attacks - Security Week
Annual State of Email Security by the Numbers - Security Boulevard
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)
Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)
AI worm that infects computers and reads emails created by researchers | The Independent
95% believe LLMs making phishing detection more challenging - Help Net Security
Other Social Engineering
How attackers leverage social engineering for greater scamming success | CSO Online
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)
The Rise of Social Engineering Fraud in Business Email Compromise (darkreading.com)
Artificial Intelligence
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)
AI tools put companies at risk of data exfiltration - Help Net Security
Don't Give Your Business Data to AI Companies (darkreading.com)
Act now to stop WordPress and Tumblr selling your content to AI firms • Graham Cluley
GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)
Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch
AI worm that infects computers and reads emails created by researchers | The Independent
95% believe LLMs making phishing detection more challenging - Help Net Security
Immediate AI risks and tomorrow's dangers - Help Net Security
Defence: Leonardo CEO says stupidity poses a bigger threat than AI (cnbc.com)
2FA/MFA
Malware
No “Apple magic” as 11% of macOS detections last year came from malware | Malwarebytes
Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update
GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)
Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware (thehackernews.com)
Linux variant of BIFROSE RAT uses deceptive domain strategies (securityaffairs.com)
New Linux malware found targeting mobile networks across the world | TechRadar
ScreenConnect flaws exploited to drop new ToddleShark malware (bleepingcomputer.com)
Malware is coming for your ChatGPT credentials • The Register
North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)
Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week
AI worm that infects computers and reads emails created by researchers | The Independent
New WogRAT malware abuses online notepad service to store malware (bleepingcomputer.com)
Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)
Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)
Mobile
Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)
Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update
Apple warns of increased iPhone security risks | Computerworld
Android's March 2024 Update Patches Critical Vulnerabilities - Security Week
CISA Adds Android Pixel and Sunhillo Sureline Bugs to Its Known Exploited Vulnerabilities Catalog
The Importance of Cyber security for Your Smart Devices | HackerNoon
Phone hacking is a real danger. How to keep your data, location secure (usatoday.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Someone is hacking 3D printers to warn owners of a security flaw (bitdefender.com)
Popular doorbell camera brands contain security flaws, making them easy to hack: Report | The Hill
NCSC flags up cyber security for connected places | UKAuthority
The Importance of Cyber Security for Your Smart Devices | HackerNoon
Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (bleepingcomputer.com)
Data Breaches/Leaks
The State Of Cyber Security (Part One): Why Are There Still So Many Data Breaches? (forbes.com)
A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch#
American Express credit cards exposed in third-party data breach (bleepingcomputer.com)
Fidelity Investments Notifying 28,000 People of Data Breach - Security Week
AI tools put companies at risk of data exfiltration - Help Net Security
4 Instructive Postmortems on Data Downtime and Loss (thehackernews.com)
Organised Crime & Criminal Actors
FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week
$12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire
Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)
Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
$12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire
Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)
Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)
Crypto fraud in 2023: How can security teams fight (securityintelligence.com)
Insider Risk and Insider Threats
Comms Business - Insider threat main concern among mid-market firms
Current workforce trends feed into rising cyber security risks | TechRadar
Army Vet Spills National Secrets to Fake Ukrainian Girlfriend (darkreading.com)
Supply Chain and Third Parties
Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360
Capita plans £100 million in cost cuts as it continues to grapple with 2023 cyber attack | ITPro
First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)
American Express credit cards exposed in third-party data breach (bleepingcomputer.com)
Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)
Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)
Cloud/SaaS
10 Essential Processes for Reducing the Top 11 Cloud Risks (darkreading.com)
Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)
Identity and Access Management
Encryption
Linux and Open Source
Open source vulnerabilities dominated 2023, and this year looks no different | ITPro
Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week
Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Hacked WordPress sites use visitors' browsers to hack other sites (bleepingcomputer.com)
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)
Malware is coming for your ChatGPT credentials • The Register
Stolen passwords are a hacker goldmine now, CrowdStrike and IBM find (axios.com)
Passwords are Costing Your Organisation Money - How to Minimize Those Costs (bleepingcomputer.com)
US State AGs tell Meta to fix rampant account takeovers • The Register
Social Media
Google and Meta users see their 2FA security codes leaked online - Root-Nation.com
“Technical Issue” Takes Facebook Offline, Offers No Cyber Security Reassurance | MSSP Alert
Facebook and Instagram Overrun by Account Hackers, States Warn (bloomberglaw.com)
Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)
Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say | WIRED
US State AGs tell Meta to fix rampant account takeovers • The Register
Training, Education and Awareness
Regulations, Fines and Legislation
EU council welcomes cyber solidarity act agreement (verdict.co.uk)
The modern CISO's guide to navigating new SEC cyber regulations (betanews.com)
Five Unintended Consequences of the New SEC Cyber Security Disclosure Rule - Security Boulevard
Navigating regulation challenges for protecting sensitive healthcare data - Help Net Security
Models, Frameworks and Standards
NIST Cyber Security Framework 2.0: 4 Steps to Get Started (darkreading.com)
NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com
Data Protection
Careers, Working in Cyber and Information Security
11 Top Cyber Security Certifications to Consider In 2024 (datamation.com)
Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)
Law Enforcement Action and Take Downs
Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)
A cyber criminal is sentenced, will it make a difference? - Help Net Security
Nigerian National Pleads Guilty of Conspiracy in BEC Operation (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Chinese nation state actors to ramp up cyber espionage attempts in 2024 - IT Security Guru
We’re Slowly Learning About China’s Extensive Hacking Network | Mind Matters
Taiwan's Biggest Telco Breached by Suspected Chinese Hackers (darkreading.com)
Possible China link to Change Healthcare ransomware attack • The Register
A New Wave of Cyber Attacks: Five Actions to Take Now | IndustryWeek
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)
Russia
The Five Bears: Russia's Offensive Cyber Capabilities (greydynamics.com)
A Silent World War – Russia’s Cyberwar Against the West (kyivpost.com)
Germany Urged to Tighten Security After Russia Leaked Classified Information - Bloomberg
Germany to investigate Russia’s interception of military talks on Ukraine | Germany | The Guardian
Valuable Russian Military Documents Exposed: Report (newsweek.com)
Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard
North Korea
Lazarus Group observed exploiting an admin-to-kernel Windows zero-day | SC Media (scmagazine.com)
North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)
North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)
North Korea hacks two South Korean chip firms to steal engineering data (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Firms Still Threatened by Old Vulnerabilities (govinfosecurity.com)
Open source vulnerabilities dominated 2023, and this year looks no different | ITPro
Organisations are knowingly releasing vulnerable applications - Help Net Security
Enhancing security through proactive patch management - Help Net Security
Vulnerabilities
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws (securityaffairs.com)
ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)
North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)
North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)
Hackers exploited Windows 0-day for 6 months after Microsoft knew of it | Ars Technica
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (thehackernews.com)
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (thehackernews.com)
VMWare Urges Users to Uninstall EAP Immediately - Security Boulevard
Cisco Patches High-Severity Vulnerabilities in VPN Product - Security Week
Critical TeamCity flaw now widely exploited to create admin accounts (bleepingcomputer.com)
Critical TeamCity Bugs Endanger Software Supply Chain (darkreading.com)
Android's March 2024 Update Patches Critical Vulnerabilities - Security Week
CISA Warns of Pixel Phone Vulnerability Exploitation - Security Week
Tools and Controls
Why cyber maturity assessment should become standard practice - Help Net Security
1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)
The Ultimate Guide to Threat Detection, Investigation, and Response (TDIR) (govinfosecurity.com)
The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly
What Is A Cyber Incident Response Policy? - Security Boulevard
Cyber Criminals Using Novel DNS Hijacking Technique for Investment Scams (thehackernews.com)
Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)
Resilience is built on a solid framework | Professional Security
Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)
The critical role of DNS in cyber security and digital thriving | TechRadar
What is Advanced Threat Protection and How to Use It in Your Business - Security Boulevard
How To Close The DevSecOps Cyber Security Skills Gap And Boost Security (forbes.com)
Reports Published in the Last Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 09 February 2024
Black Arrow Cyber Threat Intelligence Briefing 09 February 2024:
-Over Half of Companies Experienced Cyber Security Incidents Last Year
-Deepfake Video Conference Costs Business $25 Million
-Watershed Year for Ransomware as Victims Rose by Almost 50% and Payments Hit $1 Billion All-Time High
-Malware-as-a-Service Now the Top Threat to Organisations
-Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances
-Chinese State Hackers Hid in National Infrastructure for at Least 5 Years
-Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor
-Security Leaders, C-Suite Unite to Tackle Cyber Threats
-UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons
-What Does a ‘Cyber Security Culture’ Actually Entail?
-Beyond Checkboxes: Security Compliance as a Business Enabler
-No One in Cyber Security Is Ready for the SolarWinds Prosecution
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Over Half of Companies Experienced Cyber Security Incidents Last Year
According to a recent global survey, over half of the participating companies faced major security incidents in the past year, necessitating additional resources to tackle these challenges. Despite these incidents, many organisations claim improved performance on key cyber security indicators and express confidence in their threat detection capabilities. The research highlights a concerning discrepancy between perceived security measures and the actual state of security operations, underscoring a lack of comprehensive visibility and effective response mechanisms within companies. Particularly concerning is the finding that organisations can typically monitor only two-thirds of their IT environments, exposing significant vulnerabilities. Furthermore, the study points to a greater need for greater automation and third-party assistance in threat detection and response, suggesting that while companies are aware of their shortcomings, the path to enhanced security involves embracing AI-driven solutions to close these gaps. This insight highlights to leadership the importance of investing in advanced cyber security technologies and expertise to safeguard the organisation’s digital assets effectively.
Sources: [Beta News] [Verdict]
Deepfake Video Conference Costs Business $25 Million
There has been a surge in the number of artificial intelligence deepfake attacks where technology is being used to impersonate individuals. In one case, a finance professional at a multinational was reportedly swindled out of $25 million (HK$200 million) of company money when scammers created a deepfake of his London-based chief financial officer in a video conference call, faking both the CFO’s look and voice. The scam involved the fake CFO making increasingly urgent demands to execute money transfers, resulting in 15 transfers from the victim employee. The reality of the attack was only discovered by the victim after he had contacted the company’s corporate head office.
Sources: [The Register] [Help Net Security] [TechCentral ] [Tripwire]
Watershed Year for Ransomware as Victims Rose by Almost 50% And Payments Hit $1 Billion All-Time High
Even with enforcers shutting down some ransomware gangs, the business of ransomware is booming. A recent report from Palo Alto Networks Unit 42 found a 49% increase in the number of victims reported on ransomware leak sites; this does not include those who were victims but did not appear on sites. This comes as ransomware hit an all time high, with over $1b made in ransomware payments. Of note, this is just ransom payments; this does not take in to account reputational damage, recovery costs and loss in share value. The real effects of a ransomware attack may take months or even years to materialise. As ransomware remains a constant threat, it is important for organisations to be prepared.
Sources: [The Verge ] [Malwarebytes] [Infosecurity Magazine] [CSO Online] [ITPro] [TechRadar]
Malware-as-a-Service Now the Top Threat to Organisations
Recent studies have underscored a significant shift in the cyber threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) now dominating. These ‘as-a-service’ tools are particularly concerning as they lower the barrier to entry for cyber criminals, enabling even those with limited technical knowledge to launch sophisticated attacks. The report found that the most common as-a-Service tools were Malware loaders (77% of investigated threats), crypto-miners (52% of investigated threats) and botnets (39% of investigated threats). These findings underscore the adaptability of these threats, with malware strains being developed with multiple functions to maximise damage. Despite these trends, traditional methods like phishing continue to pose significant challenges for security teams. It’s clear that staying ahead of these evolving threats requires a proactive and comprehensive approach to cyber security.
Sources:[Infosecurity Magazine] [Beta News] [Help Net Security]
Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances
A recent report has found that over 97% of UK firms have paid a ransom in the last two years, finding even more reason to operate in a when-not-if environment. When asked about their recovery in an event, 38% said they could recover in four to six days, and 34% need one to two weeks to recover; almost one in four (24%) need over three weeks to recover data and restore business processes. Only 12% said their company had stress-tested their data security, data management, and data recovery processes or solutions in the six months prior to being surveyed, and 46% had not tested their processes or solutions in over 12 months.
Sources: [The FinTech Times] [ Help Net Security]
Chinese State Hackers Hid in National Infrastructure for at Least 5 Years
US cyber officials have said that they discovered China-sponsored hackers lurking in American computer networks, positioning themselves to disrupt communications, energy, transportation and water systems; and this had been going on for at least 5 years. This has led to a joint warning from the US FBI, National Security Agency and Cyber Infrastructure and Security Agency, which has been cosigned by Britain, Canada, Australia and New Zealand. This dwell time isn’t just something that is encountered in critical infrastructure networks; attackers lurk on networks, undiscovered often for years, allowing them to see everything going on in the corporate environment.
Sources: [NTD] [Washington Times]
Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor
Email attacks against businesses have increased dramatically as hackers continually use generative AI tools to optimise their content and streamline malicious campaigns, new research has claimed.
The report from Acronis is based on data collected from more than a million unique endpoints across 15 countries, and found AI-powered phishing affected more than 90% of organisations last year. AI helped has email attacks grow by 222% since the second half of 2023.
Sources: [New Electronics] [TechRadar]
Security Leaders, C-Suite Unite to Tackle Cyber Threats
A recent survey found that CEOs are taking a more hands-on approach and prioritising cyber resilience in 2024, leading to the breakdown of traditional silos between IT operations and security teams. The survey polled over 200 C-Suite and senior-level IT executives globally, and revealed a growing recognition of the importance of collaboration in combating sophisticated cyber threats, with 99% of respondents observing increased connectivity between the teams over the past year. While progress has been made, challenges remain, with only 48% of organisations establishing joint protocols for incident mitigation or recovery. Looking ahead, respondents anticipate a significant role for artificial intelligence (AI) in enhancing security efforts, with 68% expecting AI to streamline threat detection and response. Despite advancements, fragmented data protection solutions persist as a challenge, impacting over 90% of organisations' cyber resiliency. This underscores the need for a top-down approach to cyber security, with CEOs and boards driving collaboration between IT operations and security teams to optimise cyber preparedness initiatives and mitigate cyber risks effectively.
Source: [Security Boulevard]
UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons
UN sanction monitors are investigating dozens of suspected cyber attacks by North Korea that have raked in $3 billion to help North Korea further its nuclear weapons programme, according to excerpts of an unpublished UN report. “The panel is investigating 58 suspected DPRK cyber attacks on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help fund DPRK’s WMD development,” according to the monitors, who report twice a year to the 15-member security council.
Source: [The Guardian]
What Does a ‘Cyber Security Culture’ Actually Entail?
Fostering a robust cyber security culture emerges as a critical imperative for organisations in 2023, as revealed by ITPro Today's "State of Cybersecurity in 2023" study. Despite this recognition, organisations grapple with various challenges, including budget constraints, staffing shortages, and the failure to implement fundamental security practices like the principle of least privilege and zero trust. Insufficient staffing and constrained budgets elevate the risk of breaches, emphasising the need for a collective effort to bolster security measures.
Cultivating a cyber security culture entails educating every employee on security risks and holding them accountable for risk reduction efforts. While security teams play a pivotal role in setting expectations and providing guidance, a culture of cyber security necessitates continuous training, integration of security into everyday work, and clear delineation of risk ownership throughout the organisation. By prioritising proactive measures and fostering individual responsibility, organisations can fortify their defences against evolving cyber threats and mitigate risks effectively.
Source: [ITPro Today]
Beyond Checkboxes: Security Compliance as a Business Enabler
In today's complex business landscape, regulatory requirements are increasingly intricate, especially concerning cyber security compliance. While compliance might evoke images of stringent regulations and time-consuming audits, reframing our perspective reveals its potential as a vital business enabler. Security leaders, in collaboration with senior management, must cultivate a culture where commitment to cyber security compliance permeates the organisation, emphasising its role in fostering trust, facilitating global market access, and even serving as a competitive advantage. Moreover, robust compliance programs drive operational efficiency, innovation, and cost savings in the long run. Embracing cyber security compliance as a strategic enabler, rather than a regulatory burden, positions businesses for success, innovation, and resilience in an ever-evolving digital landscape.
Source: [Forbes]
No One in Cyber Security Is Ready for the SolarWinds Prosecution
The concept of "materiality" has taken centre stage for Chief Information Security Officers (CISOs) in light of new SEC regulations, requiring US public companies to disclose "material cyber security incidents" within four days. The SolarWinds breach and subsequent SEC charges against the company and its CISO highlight the seriousness of these regulations. This shift necessitates a deeper understanding of what constitutes "material" risk in cyber security and a more transparent approach to risk communication. However, many CISOs face challenges in quantifying and communicating cyber risks effectively to boards and executives, who often lack familiarity with cyber security terminology. This regulatory change underscores the need for CISOs to bridge the gap between cyber security and financial reporting, ensuring accurate and precise risk communication at the C-Suite level. Additionally, policymakers should incentivise C-Suite accountability for cyber risk management, fostering a culture where cyber risks are addressed proactively and transparently.
Source:[Council on Foreign Relations]
Governance, Risk and Compliance
Over half of companies experienced cyber security incidents last year (betanews.com)
Beyond Checkboxes: Security Compliance As Business Enabler (forbes.com)
Why an HR-IT Partnership is Critical for Managing Cyber Security Risk - Security Boulevard
The Cyber Threats Every C-Level Exec Should Care About In 2024 (forbes.com)
Security Leaders, C-Suite Unite to Tackle Cyberthreats - Security Boulevard
Cyber Security, Hybrid Workforce Management Among Top 2024 Business Challenges (allwork.space)
How CISOs navigate policies and access across enterprises - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
The ransomware business is booming, even as enforcers shut down some players - The Verge
Paying ransoms is becoming a cost of doing business for many - Help Net Security
Chainalysis: 2023 a 'watershed' year for ransomware | TechTarget
The hidden cost of ransomware is more painful than many realize | ITPro
Is critical infrastructure prepared for OT ransomware? • The Register
Akira and 8Base are the ransomware gangs to watch in 2024 • The Register
Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)
NCC Group records the most ransomware victims ever in 2023 | TechTarget
US govt ups bounty on Hive ransomware gang members to $15M • The Register
Ransomware Victims
Clorox says cyber attack caused $49 million in expenses (bleepingcomputer.com)
Blackbaud blasted for failing to prevent customer breaches | Computer Weekly
Lurie Children's Hospital cyber attack forces systems offline • The Register
Blackbaud settles FTC data security probe into 2020 ransomware attack | K-12 Dive (k12dive.com)
California union confirms ransomware attack following LockBit claims (therecord.media)
Another Chicago hospital announces cyber attack (therecord.media)
Funerals reportedly canceled due to ransomware attack on Austrian town (therecord.media)
Phishing & Email Based Attacks
Fake board meeting nets cyber criminals more than €28m - TechCentral.ie
QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security (darkreading.com)
Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar
South African Railways Lost Over $1M in Phishing Scam (darkreading.com)
Artificial Intelligence
Fake board meeting nets cyber criminals more than €28m - TechCentral.ie
Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire
Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar
Could a threat actor socially engineer ChatGPT? (securityintelligence.com)
Current approaches can’t mitigate the AI cyber security threat. What can? (networkingplus.co.uk)
Malware
Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar
Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)
macOS Malware Campaign Showcases Novel Delivery Technique (darkreading.com)
China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)
Netherlands accuses China of cyber spying after security service makes malware discovery | NL Times
Mobile
Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar
Google Links Over 60 Zero-Days to Commercial Spyware Vendors - SecurityWeek
'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps (darkreading.com)US insurance firms sound alarm after 66,000 individuals impacted by SIM swap attack (bitdefender.com)
Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)
Government hackers targeted iPhones owners with zero-days, Google says | TechCrunchWizz Removed from Apple and Google Stores for Sextortion Concerns - Infosecurity Magazine (infosecurity-magazine.com)
February 2024 Android security patch here for Pixels - Android Authority
Google fixed an Android critical remote code execution flaw (securityaffairs.com)
Warning from LastPass as fake app found on Apple App Store | Malwarebytes
Android XLoader malware can now auto-execute after installation (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
HPE investigates new breach after data for sale on hacking forum (bleepingcomputer.com)
Blackbaud Comments on FTC Settlement, Continues to Strengthen Cyber Security - MarketWatch
FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach | TechCrunch
Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)
Millions of User Records Stolen From 65 Websites via SQL Injection Attacks - SecurityWeek
'ResumeLooters' Attackers Steal Millions of Career Records (darkreading.com)
Data breach at French healthcare services firm puts millions at risk (bleepingcomputer.com)
Verizon Says Data Breach Impacted 63,000 Employees - SecurityWeek
Data breaches at Viamedis and Almerys impact 33 million in France (bleepingcomputer.com)
Report: More Than Half of Americans Have Had Their Data Exposed (govtech.com)
HopSkipDrive says personal data of 155,000 drivers stolen in data breach | TechCrunch
Organised Crime & Criminal Actors
Over half of companies experienced cyber security incidents last year (betanews.com)
As-a-Service tools empower criminals with limited tech skills - Help Net Security
Teens Committing Scary Cyber Crimes, What's Behind the Trend? (darkreading.com)
Nigerian President Dismisses Nation's 'Cyber Crime Haven' Image (darkreading.com)
Lessons Learned From Tracing Cyber Crime’s Evolution On The Dark Web (forbes.com)
US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW
Report: Blocked IP addresses increased by 116.42% | Security Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Pig-butchering scams morph into DeFi threats (cointelegraph.com)
Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)
Insider Risk and Insider Threats
Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register
How bias can undermine insider threat monitoring | TechRadar
What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard
Supply Chain and Third Parties
Blackbaud blasted for failing to prevent customer breaches | Computer Weekly
Removing the weakest link: Strengthen the security of your supply chain (techuk.org)
Cloud/SaaS
Stop chasing shadow IT: Tackle the root causes of cloud breaches | SC Media (scmagazine.com)
Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard
Organisations Left Grappling for Solutions Amid Alarming Cloud Security Gaps | Network Computing
Identity and Access Management
Encryption
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Credential Harvesting Vs. Credential Stuffing Attacks: What’s the Difference? - Security Boulevard
Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)
AnyDesk downplays impact of cyber attack | SC Media (scmagazine.com)
Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard
Social Media
Regulations, Fines and Legislation
How the SEC's Rules on Cyber Security Incident Disclosure Are Exploited (darkreading.com)
No one's happy with latest US cyber incident reporting plan • The Register
2023 Cyber Security Regulation Recap (Part 3): Privacy Protection - Security Boulevard
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Combatting Stress In The Cyber Security Industry (forbes.com)
IT Security Hiring Must Adapt to Skills Shortages (informationweek.com)
Law Enforcement Action and Take Downs
Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register
Romance fraudster jailed after conning women out of £300k - BBC News
Cops arrest 17-year-old suspected of hundreds of swattings nationwide | Ars Technica
US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW
Report: Blocked IP addresses increased by 116.42% | Security Magazine
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)
How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)
Nation State Actors
China
Chinese Hackers Preparing ‘Destructive Attacks,’ CISA Warns (govinfosecurity.com)
Chinese Hackers Hid in US Infrastructure for 5 Years | Newsmax.com
China's Cyber Attackers Target US and Allied Militaries (newsweek.com)
FBI Issues Ominous Warning of Imminent Cyber Attack on Critical Infrastructure - Security Boulevard
Dutch intelligence finds Chinese hackers spying on secret Defence Ministry network (therecord.media)
Shutting Down the Grid: Possible Cyber Attacks From Chinese Hackers | NTD
China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)
Top US venture capitalists invest in China tech for big returns (nypost.com)
Classified Japanese diplomatic info leaked after Chinese cyber attacks - The Japan Times
Philippines Says Hacker in China Behind Foiled Attack on Government Website - Bloomberg
Chinese hackers fail to rebuild botnet after FBI takedown (bleepingcomputer.com)
Russia
Iran
Designating Iranian Cyber Officials - United States Department of State
Microsoft: Iran is refining its cyber operations | CyberScoop
US sanctions Iranian officials over cyber attacks on water plants - BBC News
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Fortinet FortiSIEM hit by two 10/10 severity vulns • The Register
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (bleepingcomputer.com)
Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services (thehackernews.com)
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products (thehackernews.com)
Ivanti: Patch new Connect Secure auth bypass bug immediately (bleepingcomputer.com)
Newest Ivanti SSRF zero-day now under mass exploitation (bleepingcomputer.com)
Critical vulnerability in Mastodon sparks patching frenzy • The Register
Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account (thehackernews.com)
February 2024 Android security patch here for Pixels - Android Authority
Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch
JetBrains warns of new TeamCity auth bypass vulnerability (bleepingcomputer.com)
Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica
Google fixed an Android critical remote code execution flaw (securityaffairs.com)
Cisco fixes critical Expressway Series CSRF vulnerabilities (securityaffairs.com)
QNAP Patches High-Severity Bugs in QTS, Qsync Central - SecurityWeek
Tools and Controls
What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard
How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)
Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire
Close security gaps with attack path analysis and management | TechTarget
Using Proactive Intelligence Against Adversary Infrastructure - Security Boulevard
A Hacker’s Perspective For Building Proactive Organisational Defences (forbes.com)
Reports Published in the Last Week
Other News
Report: Mac security threats on the rise, here’s what to watch out for - 9to5Mac
Trustees urged to review cyber incident frameworks following NCSC changes - Pensions Age Magazine
Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm - SecurityWeek
What Will the Future of Cyber Security Bring? - Security Boulevard
Cyber attacks on knowledge institutions are increasing: what can be done? (nature.com)
McPartland Review - Driving Economic Growth through Cyber Security (techuk.org)
A view from Brussels: ENISA celebrates 20th anniversary amid 'grim times' (iapp.org)
Revealed – top 10 cyber incidents of 2023 | Insurance Business America (insurancebusinessmag.com)
NCSC warns CNI operators over ‘living-off-the-land’ attacks | Computer Weekly
Super Bowl LVIII Presents a Vast Attack Surface for Threat Actors (darkreading.com)
We Need Cyber Security in Space to Protect Satellites | Scientific American
Inquiry to explore cyber risk to Sunak-Starmer showdown | Computer Weekly
Three predictions for responding to the cyber threat landscape in 2024 | Computer Weekly
How Hospitals Can Help Improve Medical Device Data Security (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.