Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 14 April 2023

Black Arrow Cyber Threat Briefing 14 April 2023:

-Almost Half of Former Employees Say Their Passwords Still Work

-Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

-Printers Pose Persistent Yet Overlooked Threat

-Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

-Over 90% of Organisations Find Threat Hunting a Challenge

-75% of Organisations Have Suffered a Cyber Security Breach

-Leak Shows Evolving Russian Cyber War Capabilities

-Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

-When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

-Insider Threat and Ransomware: A Growing Issue

-How LockBit Changed Cyber Security Forever

-Hybrid Work Environments Are Stressing CISOs

-Protect Your Data with a USB Condom

-Strategising Cyber Security: Why a Risk-based Approach is Key

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Almost Half of Former Employees Say Their Passwords Still Work

An alarming number of organisations are not properly offboarding employees when they leave, especially in regard to passwords. In a new survey of 1,000 workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.

According to the survey one in three respondents said they had been using the passwords for upwards of two years, which is a distressingly long time for organisations not to be aware of who is accessing those accounts and services.

When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. A concerning 10% of respondents said they were trying to disrupt company activities.

https://www.darkreading.com/edge-threat-monitor/almost-half-of-former-employees-say-their-passwords-still-work

  • Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

A recent cyber security report analysed over 60 million security exposures, or weaknesses that could give an attacker access to systems. The report found that only 2% enabled attackers access to critical assets, while 75% of exposures along attack paths lead to “dead ends”. Further, the report shows that average organisations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organisations and exploits accounting for over 70% of all identified security exposures.

The report found that most security alerts were benign and did not lead to critical assets. By applying efficient risk based patch management and reducing unnecessary access to critical assets, organisations can mitigate a significant amount of risk. This isn’t a simple task however, for an organisation to be able to employ efficient risk based patch management it must have a sufficient level of cyber maturity and internal vulnerability scanning accompanied by a dynamic threat intelligence component.

https://www.infosecurity-magazine.com/news/eliminating-2-exposures-protect-90/

  • Printers Pose Persistent Yet Overlooked Threat

A rash of printer-related vulnerabilities in 2023 have punctuated security expert warnings that printers continue to be a significant vulnerability within companies — especially as remote workers require printing resources or access to corporate printers. So far in 2023, Lexmark advised that a publicly available remote exploit had already targeted a code execution flaw in its printers, HP warned of a vulnerable firmware version on some of its enterprise printers, and Microsoft fixed three remote code execution vulnerabilities in its printer drivers.

Printers remain a likely soft spot in most companies’ attack surface area, particularly because they are not always part of a company’s asset management process and are often left out of security assessments and risk registers. Many organisations don’t know where their printers are, their security status, configuration, monitoring or logging activity. Research has shown that 67% of companies are worried about the risk home printers may pose and only 26% of information technology and cyber security professionals are confident in their organisation’s printing infrastructure security.

https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat

  • Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

Employees and cyber criminals cause similar numbers of data leakages. Kaspersky’s 2022 IT Security Economics survey found cyber-attacks caused 23% of data leakages, while employees caused a similar proportion, at 22%. The rise in employees causing leakages may be linked with more remote working since the pandemic, with new staff laptops, tablets, and virtual private networks (VPNs) featuring among the extra endpoints and systems needing security. Although innocent mistakes or ignoring cyber-security policy were behind most leakages, security managers reported 36% of employee-triggered leakages were deliberate acts of sabotage or espionage. The high number of cyber-incidents stemming from employee action shows all organisations need thorough cyber-security awareness training to teach all staff how to avoid common security mistakes.

https://www.independent.co.uk/news/business/business-reporter/employees-cyber-criminals-cyber-incidents-b2314225.html

  • Over 90% of Organisations Find Threat Hunting a Challenge

Executing essential cyber security operations tasks during the threat hunting process is an increasingly challenging proposition to the vast majority of organisations, with 93% of those polled for a Sophos report saying they find basic security operations a chore.

In the report, “The state of cybersecurity 2023: The business impact of adversaries on defenders”, Sophos said these findings were likely the result of the ongoing cyber security skills shortage, which is creating a domino effect in security operations: a lack of skilled personnel makes investigating alerts take longer, which reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.

Organisations that suffer the most are those with revenues of less than $10m (£8m), which are more likely to lack the necessary skillsets, followed by organisations with revenues of more than $5bn, where organisational and system complexity likely play a more prominent role.

https://www.computerweekly.com/news/365534612/Over-90-of-organisations-find-threat-hunting-a-challenge

  • 75% of Organisations Have Suffered a Cyber Security Breach

Most organisations need stronger security controls to stop cyber security breaches and cyber attacks, according to “The Data Dilemma: Cloud Adoption and Risk Report” from security service edge (SSE) company Skyhigh Security. Key takeaways from the report include:

  • 97% of organisations indicated they are experiencing private cloud problems.

  • 75% have experienced a cyber security breach, threat and/or theft of data.

  • 75% said shadow IT “impairs their ability to keep data secure.”

  • 60% allow employees to download sensitive data to their personal devices.

  • 52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.

  • 37% said they do not trust the public cloud to secure their sensitive data.

https://www.msspalert.com/cybersecurity-research/skyhigh-security-report-75-of-organizations-have-suffered-a-cybersecurity-breach/

  • Leak Shows Evolving Russian Cyber War Capabilities

The leak of thousands of pages of secret documentation related to the development of Moscow’s cyber and information operations capabilities paint a picture of a government obsessed with social control and committed to scaling their capacity for non-kinetic interference.

The leaked documents detail methods and training simulations intended to prepare an operator workforce for offensive operations against critical infrastructure targets. Tools revealed by these recent leaks suggest a desire and an ability to extensively map foreign vulnerabilities and make the job of Russia’s cyber conflict operators as accessible and scalable as possible.

This leak reinforces the significant concern regarding the threat posed by Russian cyber forces to firms across the globe.

https://www.csoonline.com/article/3692821/ntc-vulkan-leak-shows-evolving-russian-cyberwar-capabilities.html#tk.rss_news

  • Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

Belgian headquartered HR and payroll giant SD Worx has suffered a cyber attack causing them to shut down all IT systems for their UK and Ireland services. While the login portals for other European countries are working correctly, the company's UK customer portal was not accessible. As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for their client's employees.

According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.

https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/

  • When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

If that happens it might be time for your management to clear their desks. The prospect of financial penalties and reputational damage is very real. You need to know your obligations — for instance, reporting the breach to applicable authorities and regulators within strict timeframes — understand the breach, and prioritise. Then you communicate and remedy. If you haven’t planned well, it’s going to be tough.

You need to understand the data breach. Who is affected — is it staff or customer data? What exactly have the cyber criminals accessed? Consider the type of information: salary details and passport copies, or customer payment information.

If personal data has been lost or compromised, you will likely have an obligation under data protection regulations to report the breach to your applicable data protection authority within 72 hours, and if you are a regulated business there will likely be similar requirements to report to your regulator within a similar timeframe. Knowing your obligations — ideally before any hack takes place — will guide how well you respond.

https://www.thetimes.co.uk/article/who-should-i-inform-after-a-data-hack-dcrzvgp2x

  • Insider Threat and Ransomware: A Growing Issue

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cyber criminals. Cyber criminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage. Organisations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.

Even if you have good technical controls, the low-hanging fruit is capitalising on the human element and gaining entrance through a person within your organisation. Insider threats come in all shapes and sizes and roles, including employees, executives, former employees, board members, contractors, and service providers. Insider threats, by their very nature, pose a unique challenge for organisations.

https://informationsecuritybuzz.com/insider-threat-and-ransomware-a-growing-issue/

  • How LockBit Changed Cyber Security Forever

LockBit are one of the most prolific ransomware gangs globally, accounting for almost half of ransomware attacks in 2022. They not only maintain a high profile, but they’ve also turned ransom monetisation upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. LockBit made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million. This has since been expanded and now offers bounties for creative ways to enhance ransomware operations.

https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/

  • Hybrid Work Environments Are Stressing CISOs

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to a new report.

Among the report’s most critical findings is the revelation that browsing-based threats ranked as CISOs’ number one concern, regardless of whether their organisation was operating primarily in an in-office, hybrid, or remote setting.

And as for the risks posed by hybrid and remote workers specifically, insecure browsing also topped the list of CISOs’ concerns.

https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/

  • Protect Your Data with a USB Condom

USB isn't just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data. Equally, an employee plugging their personal phone into a corporate USB port may present a danger to the corporate network through the phone. A USB condom is a small dongle that adds a layer of protection between your device and the charging point you're attaching it to by blocking the data being transferred through the port. If you must use a charger, cable, or charging port that isn't under your control, it makes sense to use a USB condom.

https://www.zdnet.com/article/protect-your-data-with-a-usb-condom/

  • Strategising Cyber Security: Why a Risk-based Approach is Key

By 2027, cyber crime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cyber security is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organisations.

Modern and effective cyber security management entails more than managing technology risk; it encompasses managing business risk. Organisations must recognise cyber security as a strategic imperative integrated into their overall risk management framework — and this starts at the board level.  In some cases, board members may find it beneficial to seek help in assessing appropriate levels of control.

https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Shadow IT

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities



Reports Published in the Last Week



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 22 July 2022

Black Arrow Cyber Threat Briefing 22 July 2022

-Insurer Refuses to Pay Out After Victim Misrepresented Their Cyber Controls

-5 Cyber Security Questions CFOs Should Ask CISOs

-The Biggest Cyber Attacks in 2022 So Far — and it’s Just the Tip of the Iceberg

-Malware-as-a-Service Creating New Cyber Crime Ecosystem

-The Rise and Continuing Popularity of LinkedIn-Themed Phishing

-Microsoft Teams Default Settings Leave Organisations Open to Cyber Attacks

-Top 10 Cyber Security Attacks of Last Decade Show What is to Come

-Software Supply Chain Concerns Reach C-Suite

-EU Warns of Russian Cyber Attack Spillover, Escalation Risks

-Critical Flaws in GPS Tracker Enable “Disastrous” and “Life-Threatening” Hacks

-Russian Hackers Behind Solarwinds Breach Continue to Scour US And European Organisations for Intel, Researchers Say

-The Next Big Security Threat Is Staring Us in The Face. Tackling It Is Going to Be Tough

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Insurer Refuses to Pay Out After Victim Misrepresented Their Cyber Controls

In what may be one of the first court filings of its kind, insurer Travelers is asking a district court for a ruling to rescind a policy because the insured allegedly misrepresented its use of multifactor authentication (MFA) – a condition to get cyber coverage.

According to a July filing, Travelers said it would not have issued a cyber insurance policy in April to electronics manufacturing services company International Control Services (ICS) if the insurer knew the company was not using MFA as it said. Additionally, Travelers wants no part of any losses, costs, or claims from ICS – including from a May ransomware attack ICS suffered.

Travelers alleged ICS submitted a cyber policy application signed by its CEO and “a person responsible for the applicant’s network and information security” that the company used MFA for administrative or privileged access. However, following the May ransomware event, Travelers first learned during an investigation that the insured was not using the security control to protect its server and “only used MFA to protect its firewall, and did not use MFA to protect any other digital assets.”

Therefore, statements ICS made in the application were “misrepresentations, omissions, concealment of facts, and incorrect statements” – all of which “materially affected the acceptance of the risk and/or the hazard assumed by Travelers,” the insurer alleged in the filing.

ICS also was the victim of a ransomware attack in December 2020 when hackers gained access using the username and password of an ICS administrator, Travelers said. ICS told the insurer of the attack during the application process and said it improved the company’s cyber security.

Travelers said it wants the court to declare the insurance contract null and void, rescind the policy, and declare it has no duty to indemnify or defend ICS for any claim.

https://www.insurancejournal.com/news/national/2022/07/12/675516.htm#

  • 5 Cyber Security Questions CFOs Should Ask CISOs

Armed with the answers, chief financial officers can play an essential role in reducing cyber risk.

Even in a shrinking economy, organisations are likely to maintain their level of cyber security spend. But that doesn’t mean in the current economic climate of burgeoning costs and a possible recession they won’t take a magnifying glass to how they are spending the money budgeted to defend systems and data. Indeed, at many companies, cyber security spending isn’t targeting the most significant dangers, according to experts — as evidenced by the large number of successful ransomware attacks and data breaches.

Without a comprehensive understanding of the security landscape and what the organisation needs to do to protect itself, how can CFOs make the right decisions when it comes to investments in cyber security technology and other resources? They can’t.

So, CFOs need to ensure they have a timely grasp of the security issues their organisation faces. That requires turning to the most knowledgeable people in the organisation: chief information security officers (CISOs) and other security leaders on the IT front lines.

Here are five questions CFOs should be asking their CISOs about the security of their companies.

  1. How secure are we as an organisation?

  2. What are the main security threats or risks in our industry?

  3. How do we ensure that the cyber security team and the CISO are involved in business development?

  4. What are the risks and potential costs of not implementing a cyber control?

  5. Do employees understand information security and are they implementing security protocols successfully?

https://www.cfo.com/technology/cyber-security-technology/2022/07/cybersecurity-spending-protocols-ciso-security-threats-business-development-cyber-control/

  • The Biggest Cyber Attacks in 2022 So Far — and it’s Just the Tip of the Iceberg

For those in the cyber resilience realm, it’s no surprise that there’s a continued uptick in cyber attacks. Hackers are hacking, thieves are thieving and ransomers are — you guessed it — ransoming. In other words, cyber crime is absolutely a growth industry.

As we cross into the second half of this year, let’s look at some of the most significant attacks so far:

  • Blockchain schmockchain. Cryptocurrency exchange Crypto.com’s two-factor-identification (2FA) system was compromised as thieves made off with approximately $30 million.

  • Still the one they run to. Microsoft’s ubiquity makes it a constant target. Earlier this year, the hacking collective Lapsus$ compromised Cortana and Bing, among other Microsoft products, posting source code online.

  • Not necessarily the news. News Corp. journalist emails and documents were accessed at properties including the Wall Street Journal, Dow Jones and the New York Post in a hack tied to China.

  • Uncharitable ways. The Red Cross was the target of an attack earlier this year, with more than half a million “highly vulnerable” records of Red Cross assistance recipients compromised.

  • Victim of success. North Korea’s Lazarus Group made off with $600 million in cryptocurrencies after blockchain gaming platform Ronin relaxed some of its security protocols so its servers could better handle its growing popularity.

  • We can hear you now. State-sponsored hackers in China have breached global telecom powerhouses worldwide this year, according to the U.S. Cybersecurity & Infrastructure Security Agency.

  • Politics, the art of the possible. Christian crowdfunding site GiveSendGo was breached twice this year as hacktivists exposed the records of donors to Canada’s Freedom Convoy.

  • Disgruntled revenge. Businesspeople everywhere were reminded of the risks associated with departing personnel when fintech powerhouse Block announced that a former employee accessed sensitive customer information, impacting eight million customers.

  • Unhealthy habits. Two million sensitive customer records were exposed when hackers breached Shields Health Care’s network.

  • They even stole the rewards points. General Motors revealed that hackers used a credentials stuffing attack to access personal information on an undisclosed number of car owners. They even stole gift-card-redeemable customer reward points.

For every breach or attack that generates headlines, millions of others that we never hear about put businesses at risk regularly. The Anti-Phishing Working Group just released data for the first quarter of this year, and the trend isn’t good. Recorded phishing attacks are at an all-time high (more than a million in just the first quarter) and were accelerating as the quarter closed, with March 2022 setting a new record for single-month attacks.

https://www.msspalert.com/cybersecurity-guests/the-biggest-cyberattacks-in-2022-so-far-and-its-just-the-tip-of-the-iceberg/

  • Malware-as-a-Service Creating New Cyber Crime Ecosystem

This week HP released their report The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back, exploring how cyber-criminals are increasingly operating in a quasi-professional manner, with malware and ransomware attacks being offered on a ‘software-as-a-service’ basis.

The report’s findings showed how cyber crime is being supercharged through “plug and play” malware kits that are easier than ever to launch attacks. Additionally, cyber syndicates are now collaborating with amateur attackers to target businesses, putting the online world and its users at risk.

The report’s methodology saw HP’s Wolf Security threat team work in tandem with dark-web investigation firm Forensic Pathways to scrape and analyse over 35 million cyber criminal marketplaces and forum posts between February and March 2022, with the investigation helping to gain a deeper understanding of how cyber criminals operate, gain trust, and build reputation. Its key findings include:

Malware is cheap and readily available: Over three-quarters (76%) of malware advertisements listed, and 91% of exploits (i.e. code that gives attackers control over systems by taking advantage of software bugs), retail for under $10.

Trust and reputation are ironically essential parts of cyber-criminal commerce: Over three-quarters (77%) of cyber criminal marketplaces analysed require a vendor bond – a license to sell – which can cost up to $3000.  Of these, 92% have a third-party dispute resolution service.

Popular software is giving cyber criminals a foot in the door: Kits that exploit vulnerabilities in niche systems command the highest prices (typically ranging from $1,000-$4,000), while zero day vulnerabilities are retailing at 10s of thousands of pounds on dark web markets.

https://www.infosecurity-magazine.com/news/malware-service-cybercrime/

  • The Rise and Continuing Popularity of LinkedIn-Themed Phishing

Phishing emails impersonating LinkedIn continue to make the bulk of all brand phishing attempts. According to Check Point, 45% of all email phishing attempts in Q2 2022 imitated the style of communication of the professional social media platform, with the goal of directing targets to a spoofed LinkedIn login page and collecting their account credentials.

The phishers are generally trying to pique the targets’ interest with fake messages claiming that they “have appeared in X searches this week”, that a new message is waiting for them, or that another user would like to do business with them, and are obviously taking advantage of the fact that a record number of individuals are switching or are considering quitting their job and are looking for a new one.

To compare: In Q4 2021, LinkedIn-themed phishing attempts were just 8 percent of the total brand phishing attacks flagged by Check Point. Also, according to Vade Secure, in 2021 the number of LinkedIn-themed phishing pages linked from unique phishing emails was considerably lower than those impersonating other social networks (Facebook, WhatsApp).

Other brands that phishers loved to impersonate during Q2 2022 are (unsurprisingly) Microsoft (13%), DHL (12%) and Amazon (9%).

https://www.helpnetsecurity.com/2022/07/21/linkedin-phishing/

  • Microsoft Teams Default Settings Leave Organisations Open to Cyber Attacks

Relying on default settings on Microsoft Teams leaves organisations and users open to threats from external domains, and misconfigurations can prove perilous to high-value targets.

Microsoft Teams has over 270 million active monthly users, with government institutions using the software in the US, UK, Netherlands, Germany, Lithuania, and other countries at varying levels.

Cyber security researchers have discovered that relying on default MS Teams settings can leave firms and high-value users vulnerable to social engineering attacks. Attackers could create group chats, masquerade as seniors within the target organisation and observe whether users are online.

Attackers could, rather convincingly, impersonate high-ranking officials and possibly strike up conversations, fooling victims into believing they’re discussing sensitive topics with a superior. Skilled attackers could do a lot of harm with this capability.

https://cybernews.com/security/microsoft-teams-settings-leave-govt-officials-open-to-cyberattacks/

  • Top 10 Cyber Security Attacks of Last Decade Show What is to Come

Past is prologue, wrote William Shakespeare in his play “The Tempest,” meaning that the present can often be determined by what has come before. So it is with cyber security, serving as the basis of which is Trustwave’s “Decade Retrospective: The State of Vulnerabilities” over the last 10 years.

Threat actors frequently revisit well-known and previously patched vulnerabilities to take advantage of continuing poor cyber security hygiene. “If one does not know what has recently taken place it leaves you vulnerable to another attack,” Trustwave said in its report that identifies and examines the “watershed moments” that shaped cyber security between 2011 and 2021.

With a backdrop of the number of security incidents and vulnerabilities increasing in volume and sophistication, here are Trustwave’s top 10 network vulnerabilities in no particular order that defined the decade and “won’t be forgotten.”

  • SolarWinds hack and FireEye breach, Detected: December 8, 2020 (FireEye)

  • EternalBlue Exploit, Detected: April 14, 2017

  • Heartbleed, Detected: March 21, 2014

  • Shellshock, Remote Code Execution in BASH, Detected: September 12, 2014

  • Apache Struts Remote Command Injection & Equifax Breach, Detected: March 6, 2017

  • Chipocalypse, Speculative Execution Vulnerabilities Meltdown & Spectre

  • BlueKeep, Remote Desktop as an Access Vector, Detected: January, 2018

  • Drupalgeddon Series, CMS Vulnerabilities, Detected: January, 2018

  • Microsoft Windows OLE Vulnerability, Sandworm Exploit, Detected: September 3, 2014

  • Ripple20 Vulnerabilities, Growing IoT landscape, Detected: June 16, 2020

https://www.msspalert.com/cybersecurity-news/top-10-cybersecurity-attacks-of-last-decade-show-what-is-to-come-report/

  • Software Supply Chain Concerns Reach C-Suite

Major supply chain attacks have had a significant impact on software security awareness and decision-making, with more investment planned for monitoring attack surfaces.

Organisations are waking up to the need to establish better software supply chain risk management policies and are taking action to address the escalating threats and vulnerabilities targeting this expanding attack surface.

These were among the findings of a CyberRisk Alliance-conducted survey of 300 respondents from both software-buying and software-producing companies.

Most survey respondents (52%) said they are "very" or "extremely" concerned about software supply chain risks, and 84% of respondents said their organisation is likely to allocate at least 5% of their AppSec budgets to manage software supply chain risk.

Software buyers are planning to invest in procurement program metrics and reporting, application pen-testing, and software build of materials (SBOM) design and implementation, according to the findings.

Meanwhile, software developers said they plan to invest in secure code review as well as SBOM design and implementation.

https://www.darkreading.com/application-security/software-supply-chain-concerns-reach-c-suite

  • EU Warns of Russian Cyber Attack Spillover, Escalation Risks

The Council of the European Union (EU) said that Russian hackers and hacker groups increasingly attacking "essential" organisations worldwide could lead to spillover risks and potential escalation.

"This increase in malicious cyber activities, in the context of the war against Ukraine, creates unacceptable risks of spillover effects, misinterpretation and possible escalation," the High Representative on behalf of the EU said.

"The latest distributed denial-of-service (DDoS) attacks against several EU Member States and partners claimed by pro-Russian hacker groups are yet another example of the heightened and tense cyber threat landscape that EU and its Member States have observed."

In this context, the EU reminded Russia that all United Nations member states must adhere to the UN's Framework of responsible state behaviour in cyberspace to ensure international security and peace.

The EU urged all states to take any actions required to stop malicious cyber activities conducted from their territory.

The EU's statement follows a February joint warning from CISA and the FBI that wiper malware attacks targeting Ukraine could spill over to targets from other countries.

Google's Threat Analysis Group (TAG) said in late March that it observed phishing attacks orchestrated by the Russian COLDRIVER hacking group against NATO and European military entities.

In May, the US, UK, and EU accused Russia of coordinating a massive cyber attack that hit the KA-SAT consumer-oriented satellite broadband service in Ukraine on February 24 with AcidRain data destroying malware, approximately one hour before Russia invaded Ukraine.

A Microsoft report from June also confirms the EU's observation of an increase in Russian malicious cyber activities. The company's president said that threat groups linked to Russian intelligence agencies (including the GRU, SVR, and FSB) stepped up cyber attacks against government entities in countries allied with Ukraine after Russia's invasion.

In related news, in July 2021, President Joe Biden warned that cyber attacks leading to severe security breaches could lead to a "real shooting war," a statement issued a month after NATO said that cyber attacks could be compared to "armed attacks" in some circumstances.

https://www.bleepingcomputer.com/news/security/eu-warns-of-russian-cyberattack-spillover-escalation-risks/

  • Critical Flaws in GPS Tracker Enable “Disastrous” and “Life-Threatening” Hacks

A security firm and the US government are advising the public to immediately stop using a popular GPS tracking device or to at least minimise exposure to it, citing a host of vulnerabilities that make it possible for hackers to remotely disable cars while they’re moving, track location histories, disarm alarms, and cut off fuel.

An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers. BitSight found the device in use in 169 countries, with customers including governments, militaries, law enforcement agencies, and aerospace, shipping, and manufacturing companies.

BitSight discovered what it said were six “severe” vulnerabilities in the device that allow for a host of possible attacks. One flaw is the use of unencrypted HTTP communications that makes it possible for remote hackers to conduct adversary-in-the-middle attacks that intercept or change requests sent between the mobile application and supporting servers. Other vulnerabilities include a flawed authentication mechanism in the mobile app that can allow attackers to access the hardcoded key for locking down the trackers and the ability to use a custom IP address that makes it possible for hackers to monitor and control all communications to and from the device.

https://arstechnica.com/information-technology/2022/07/critical-flaws-in-gps-tracker-enable-disastrous-and-life-threatening-hacks/

  • Russian Hackers Behind Solarwinds Breach Continue to Scour US And European Organisations for Intel, Researchers Say

The Russian hackers behind a sweeping 2020 breach of US government networks have in recent months continued to hack US organisations to collect intelligence while also targeting an unnamed European government that is a NATO member.

The new findings show how relentless the hacking group — which US officials have linked with Russia's foreign intelligence service — is in its pursuit of intelligence held by the US and its allies, and how adept the hackers are at targeting widely used cloud-computing technologies.

The hacking efforts come as Russia's invasion of Ukraine continues to fray US-Russia relations and drive intelligence collection efforts from both governments.

In recent months, the hacking group has compromised the networks of US-based organisations that have data of interest to the Russian government.

In separate activity revealed Tuesday, US cyber security firm Palo Alto Networks said that the Russian hacking group had been using popular services like Dropbox and Google Drive to try to deliver malicious software to the embassies of an unnamed European government in Portugal and Brazil in May and June.

https://edition.cnn.com/2022/07/19/politics/russia-solarwinds-hackers/index.html

  • The Next Big Security Threat Is Staring Us in The Face. Tackling It Is Going to Be Tough

If the ongoing fight against ransomware wasn't keeping security teams busy, along with the challenges of securing the ever-expanding galaxy of Internet of Things devices, or cloud computing, then there's a new challenge on the horizon – protecting against the coming wave of digital imposters or deepfakes.

A deepfake video uses artificial intelligence and deep-learning techniques to produce fake images of people or events.

One recent example is when the mayor of Berlin thought he was having an online meeting with former boxing champion and current mayor of Kyiv, Vitali Klitschko. But the mayor of Berlin grew suspicious when 'Klitschko' started saying some very out of character things relating to the invasion of Ukraine, and when the call was interrupted the mayor's office contacted the Ukrainian ambassador to Berlin – to discover that, whoever they were talking to, it wasn't the real Klitschko.

It's a sign that deepfakes are getting more advanced and quickly. Previous instances of deepfake videos that have gone viral often have tell-tale signs that something isn't real, such as unconvincing edits or odd movements, but the developments in deepfake technology mean it isn't difficult to imagine it being exploited by cyber criminals, particularly when it comes to stealing money.

While ransomware might generate more headlines, business email compromise (BEC) is the costliest form of cyber crime today. The FBI estimates that it costs businesses billions of dollars every year. The most common form of BEC attack involves cyber criminals exploiting emails, hacking into accounts belonging to bosses – or cleverly spoofing their email accounts – and asking staff to authorise large financial transactions, which can often amount to hundreds of thousands of dollars.

The emails claim that the money needs to be sent urgently, maybe as part of a secret business deal that can't be disclosed to anyone. It's a classic social-engineering trick designed to force the victim into transferring money quickly and without asking for confirmation from anyone else who could reveal it's a fake request. By the time anyone might be suspicious, the cyber criminals have taken the money, likely closed the bank account they used for the transfer – and run.

BEC attacks are successful, but many people might remain suspicious of an email from their boss that comes out the blue and they could avoid falling victim by speaking to someone to confirm that it's not real. But if cyber criminals could use a deepfake to make the request, it could be much more difficult for victims to deny the request, because they believe they're actually speaking to their boss on camera.

Many companies publicly list their board of directors and senior management on their website. Often, these high-level business executives will have spoken at events or in the media, so it's possible to find footage of them speaking. By using AI-powered deep-learning techniques, cyber criminals could exploit this public information to create a deepfake of a senior-level executive, exploit email vulnerabilities to request a video call with an employee, and then ask them to make the transaction. If the victim believes they're speaking to their CEO or boss, they're unlikely to deny the request.

https://www.zdnet.com/article/the-next-big-security-threat-is-staring-us-in-the-face-tackling-it-is-going-to-be-tough/


Threats

Ransomware

BEC – Business Email Compromise

Phishing & Email Based Attacks

Other Social Engineering

Malware

Mobile

BYOD

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Identity and Access Management

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Privacy

Parental Controls and Child Safety

Regulations, Fines and Legislation

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine



Vulnerability Management

Vulnerabilities


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3



Other News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More