Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Social Engineering is the Biggest Cyber Threat, as Study Finds Most Workers Have Clicked on a Suspicious Email Link

According to a recent report, half of office workers have clicked on a link or attachment within a suspicious email sent to their work address within the last 12 months, and of those that interacted with the email, half of them claimed to be confident in their ability to identify phishing emails.

With 68% of breaches involving the human element, your organisation must be cognisant of its employees. Hackers know that no matter what your tech stack is, you will always have employees and where there is an employee, there is a way into your organisation. It is far cheaper to exploit an employee who already has the access you require, than to develop a new exploit. It only takes one human to make a mistake by granting access to an attacker.  

When it came to training, only 41% of respondents said their employer had provided formal cyber security awareness training and 79% said their previous training is not sufficient to keep pace with modern cyber threats.

Source: [HackerNoon] [BusinessPlus]

Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor

A recent report commissioned by BT reveals that 86% of UK business leaders suffer from 'tech-related stress,' particularly concerning AI and cyber security, a phenomenon they have termed as 'Bytmares.' The report found that 59% of business leaders worry about the rapid and relentless pace of tech advancement, and whether appropriate controls are in place to protect it.

According to a different survey, 74% of business leaders view cyber security incidents as the main disruptive threat to their organisations either currently or over the next twelve months. This was followed by cloud computing, internet of things and artificial intelligence.

These findings highlight the critical importance of robust cyber security measures in today’s interconnected world. As organisations increasingly rely on digital infrastructure, safeguarding sensitive data and systems becomes paramount. Cyber threats can disrupt operations, compromise customer trust, and result in financial losses. Remember, cyber security is not just an IT concern; it is a strategic imperative for every organisation.

Sources: [Beta News] [Telecoms] [Verdict]

ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before

A recent update from the UK’s Information Commissioner’s Office (ICO) has revealed that ransomware attacks in the UK have surpassed all previous years, up 52% from the previous year. The report found that finance, retail and education sectors are suffering the most incidents.

The leading causes of breaches include phishing, brute force attacks, errors and supply chain attacks. The ICO noted that many organisations still neglect basic cyber security measures and has called for enhanced efforts to combat the escalating threat, emphasising the importance of foundational controls.

Sources: [Tech Monitor] [Government Business] [The Record Media] [Tech Monitor]

Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks

The latest Verizon Business Data Breach Investigations Report (DBIR) highlights that employee error is the leading cause of cyber security incidents in the EMEA region, accounting for 49% of cases. The top reasons for these incidents are “miscellaneous errors, system intrusion, and social engineering,” making up 87% of all breaches. Hackers primarily target personal information (64%), internal data (33%), and login credentials (20%). Despite zero-day vulnerabilities being a significant threat, with exploitation rising to 14% of breaches, the report emphasises the critical need for ongoing employee training and awareness to mitigate these risks.

Source: [TechRadar]

Why Cyber Insurance isn’t a Substitute for Cyber Risk Management

While cyber insurance can be beneficial in mitigating financial loss from cyber attacks, it is not a substitute for comprehensive cyber risk management. Many firms with cyber insurance have still fallen victim to attacks, highlighting that cyber insurance primarily transfers residual risk. Effective cyber risk management includes conducting proper risk assessments and implementing robust cyber security controls. Cyber insurance cannot resolve issues like business disruption, breach of client confidentiality, and compliance with legal obligations; this stresses the need for proactive measures and independent assurance to protect against cyber threats.

Source: [ Law Society of Scotland]

China Presents Defining Challenge to Global Cyber Security, Says GCHQ

A recent speech by the new director of the UK’s GCHQ highlighted China's growing cyber threat, describing it as an "epoch-defining challenge." She warned that China's destabilising actions undermine global internet security. The current head of the UKs’ NCSC echoed these concerns, pointing to the Chinese state-sponsored hacking group Volt Typhoon which has infiltrated critical sectors like energy and transportation. The National Cyber Director at the White House added that China’s cyber capabilities pose a significant threat to global infrastructure, particularly in crisis scenarios, as Chinese hackers increasingly use sophisticated techniques to pre-position within networks.

Source: [Infosecurity Magazine]

Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign

Since April, millions of phishing emails have been sent through a botnet known as “Phorpiex” to conduct a large-scale LockBit Black ransomware campaign. In a warning from New Jersey’s Cybersecurity and Communications Integration Cell, it was explained that the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The emails are sent from 1,500 unique IP addresses worldwide.

Sources: [Bleeping Computer]

Global Financial Stability at Risk Due to Cyber Threats, IMF warns

A new International Monetary Fund (IMF) report highlights the severe threat cyber attacks pose to global financial stability, revealing that nearly 20% of reported cyber incidents in the past two decades targeted the financial sector, causing $12 billion in direct losses. Since 2020, these attacks have led to an estimated $2.5 billion in direct losses. The report underscores that cyber incidents threaten financial institutions' operational resilience, potentially leading to funding challenges and reputational damage. The IMF calls for bolstered cyber security measures, including stress testing, information-sharing arrangements, and enhanced national cyber security strategies to mitigate these growing risks.

Source: [World Economic Forum]

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

An ongoing social engineering campaign that is bombarding enterprises with spam calls and emails has been uncovered. The campaign involves a threat actor overwhelming a user’s email with junk, followed by a call offering to assist in removing the junk. From here, the threat actor aims to convince the victim to download remote monitoring and management software such as AnyDesk or Microsoft’s built in Quick Assist feature to allow the attacker remote access to the victim’s machine.

Source: [The Hacker News]

Santander Data Breach via Third-Party Provider Impacted Customers and Employees

A recent disclosure by the Spanish bank Santander revealed a data breach at a third-party provider affecting customers in Chile, Spain, and Uruguay. Unauthorised access to a database hosted by the provider compromised information on all current and some former employees, but did not include transactional data, online banking details, or passwords. Santander said they swiftly implemented measures to contain the incident, blocking access to the compromised database and enhancing fraud prevention controls. The bank assured that its operations and systems remain unaffected, allowing customers to continue transacting securely. The number of impacted individuals remains unspecified.

There is a continued trend in third party providers being used as the soft underbelly to attack larger and better defended organisations, requiring all organisations to consider the security controls of their third parties.

Source: [securityaffairs.com]

40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs

Recent research has revealed that 40% of cyber teams have not reported a cyber attack due to the fear of losing their job. Unfortunately, this leaves businesses at risk of being non-compliant, without even knowing so. When it came to challenges faced by organisations, it was found that nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyber attacks and 32% did not have the resources to hire new staff. This is not to say however, they are unable to outsource some of their cyber function to cyber specialists. This lack of allocated resources prevents the organisation from being confident that any incidents have been appropriately remediated.

Source: [Business Wire]

Digital Resilience – a Step Up from Cyber Security

In an increasingly digital world, many organisations are unaware of how truly reliant they are on digital technology, and the accompanying risks. As we move toward an even more digitally dependent future, the need for digital resilience is more critical than ever. Digital resilience refers to the ability to maintain, change, or recover technology-dependent operations. Organisations should begin with an internal audit to assess their digital resilience, involving all departments and ensuring senior management oversight, as board involvement is essential for effective cyber security programmes.

Digital resilience goes beyond cyber security to encompass change management, business resilience, and operational risk. Implementing digital resilience strategies requires continuous adaptation, cross-functional collaboration, and embedding resilience thinking throughout the organisation. Businesses must integrate digital resilience into their strategic planning to ensure ongoing competitiveness and adaptability in an ever-evolving digital landscape.

Sources: [CSO Online] [CSO Online]

UK Lags Europe on Exploited Vulnerability Remediation

A new report by Bitsight reveals that UK organisations lag behind their European counterparts in remediating software flaws listed in the US ‘Known Exploited Vulnerability’ (KEV) catalogue. UK organisations take an average of 225 days to address KEVs, compared to 220 days for European entities and just 21 days for German organisations. Non-KEV vulnerabilities are patched at an even slower rate, with UK entities taking over two years (736 days) to patch. Globally, the average time to resolve KEVs is around six months (180 days). Despite fewer KEVs detected in UK environments (30% versus 43% in Europe), the slow remediation poses significant risks, emphasising the need for faster and more proactive cyber security measures, specifically robust vulnerability scanning and patching.

Source: [Infosecurity Magazine]

Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments

A recent discussion at the British Insurance Brokers' Association (BIBA) conference highlighted the increasing importance of cyber security for businesses, driven by the surge in cyber attacks and the use of AI by criminal gangs. Zurich Resilience Solutions UK noted that businesses face greater scrutiny from underwriters over their cyber exposures.

BIBA, together with the Association of British Insurers (ABI), and the International Underwriting Association (IUA), have united with the UK’s National Cyber Security Centre (NCSC) in a joint effort to tackle ransom payments. As a result of their collaboration, they have published new best practice guidance, which aims to reduce the number of payments being made by UK victims as well as the disruption businesses face.

Source: [Emerging Risks] [NCSC] [Infosecurity Magazine]

Governance, Risk and Compliance

• ICO calls on all organisations to boost their cyber security amid growing threat of cyber attacks | Practical Law (thomsonreuters.com)

• Firms neglecting cyber security basics - ICO - CIR Magazine

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Business leaders consider cyber security main disruptor – Q1 2024 survey - Verdict

• 40% of Cyber Teams Have Not Reported Cyber Attacks Over Fear of Losing Jobs, According to New VikingCloud Research | Business Wire

• The Growing Cyber Security Disconnect Leaves Enterprises Exposed (forbes.com)

• Cyber Security Is a Top Investor Concern | HackerNoon

• Cyber threats demand more focus – Zurich (emergingrisks.co.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Keep it secret, keep it safe: the essential role of cyber security in document management | CSO Online

• Cyber anxiety on the rise in the UK (betanews.com)

• UK business leaders are stressing out over pace of technological change (telecoms.com)

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• 44% of Cyber Security Professionals Struggle with Regulatory Compliance - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attacks threaten global financial stability, IMF warns | World Economic Forum (weforum.org)

• BISO: Enhancing cyber security in modern enterprises - SiliconANGLE

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• What Is Cyber Risk Quantification? | HackerNoon

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• A Third of CISOs Have Been Dismissed “Out of Hand” By the Board - Infosecurity Magazine (infosecurity-magazine.com)

• Maximizing cyber security ROI: A strategic approach | TechRadar

• Many CISOs don't feel they get the right respect from their board | TechRadar

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Lloyd’s updates cyber war wordings - Reinsurance News

• Are you meeting your cyber insurance requirements? - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• UK hit by more ransomware and cyber attacks last year than ever before (therecord.media)

• The ups and downs (and ups again) of the ransomware risk - Digital Journal

• Hackers Target Children of Corporate Executives in Ransomware Attacks (businessinsider.com)

• CISA: Black Basta ransomware breached over 500 orgs worldwide (bleepingcomputer.com)

• Cyber attacks leave significant financial impact on hacked organisations (kwch.com)

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• The UK may not have a choice on a ransomware payment ban | Computer Weekly

• 64% Jump in Ransomware Claims on Remote Access Tools, Report Shows (claimsjournal.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Organisations struggle to defend against ransomware - Help Net Security

• Ransomware statistics that reveal alarming rate of cyber extortion - Help Net Security

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Ransomware negotiator weighs in on the payment debate • The Register

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

• INC ransomware source code selling on hacking forums for $300,000 (bleepingcomputer.com)

• What is ransomware recovery? | Definition from TechTarget

• Ransomware Defence Strategies: Never Trust a Criminal (inforisktoday.com)

Ransomware Victims

• More than 470 legal actions against HSE over cyber attack (rte.ie)

• It's been a bad week for public cyber security | TechRadar

• Christie's Just Postponed the Rare Watches Auction Due to Cyber Attack (robbreport.com)

• Singing River Health System: Data of 895,000 stolen in ransomware attack (bleepingcomputer.com)

• Repeat Offenders: Black Basta’s Latest Healthcare Cyber Attack (informationweek.com)

• E-prescription provider MediSecure impacted by a ransomware attack (securityaffairs.com)

Phishing & Email Based Attacks

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Most Workers Have Clicked on a Suspicious Email Link (businessplus.ie)

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• Stay In The Loop On Emerging And Evolving Email Threat Trends (informationsecuritybuzz.com)

• Collaboration tools are now at the frontline in the battle against phishing (securitybrief.co.nz)

• 5 Common Phishing Vectors and Examples - 2024 (cybersecuritynews.com)

BEC

• Visualizing Global Losses from Financial Scams (visualcapitalist.com)

Other Social Engineering

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Low-tech tactics still top the IT security risk chart | CSO Online

• Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls (thehackernews.com)

• What is vishing and quishing, and how do you protect yourself? | PCWorld

• Beware of fake calls, ward off cyber criminals: Govt - The Statesman

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

Artificial Intelligence

• UK Government Unveils New AI Cyber Security Measures as ICO Details Importance of Data Protection | The Fintech Times

• UK agency releases tools to test AI model safety | TechCrunch

• Security industry struggles to consolidate against AI threats - SiliconANGLE

• Cyber Security Races to Unmask New Wave of AI Deepfakes (darkreading.com)

• Only one-third of firms deploy safeguards against generative AI threats, report finds | CIO Dive

• CISOs Reconsider Their Roles in Response to GenAI Integration - Security Boulevard

• AI's rapid growth puts pressure on CISOs to adapt to new security risks - Help Net Security

• Insider Risk in the Generative AI Era - InfoRiskToday

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Concern over AI cyber threats among UK infrastructure organisations | Security News (sourcesecurity.com)

• The Cyber Security Survival Guide For Generative AI (forbes.com)

2FA/MFA

• How to Prevent Attacks that Bypass MFA - InfoRiskToday

Malware

• Malware was almost 50% of threat detections in Q1 2024 | Security Magazine

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Man destroys his laptop after downloading 1,000 viruses to see which anti-virus software works the best (unilad.com)

Mobile

• Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials (thehackernews.com)

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com)

• Apple warns of increased iPhone security risks – Computerworld

• Apple and Google agree on standard to alert people when unknown Bluetooth devices may be tracking them | TechCrunch

• Protect against iPhone trojan GoldPickaxe: How-to - 9to5Mac

• Unwanted Tracking Alerts Rolling Out to iOS, Android - Security Week

• Apple blocked $7 billion in fraudulent App Store purchases in 4 years (bleepingcomputer.com)

• Android boosting security with Theft Detection Lock, factory reset protection  (9to5google.com)

• Data Privacy: All the Ways Your Cellphone Carrier Tracks You and How to Stop It

• Your Android phone could have stalkerware — here’s how to remove it | TechCrunch

Internet of Things – IoT

• Attack makes autonomous vehicle tech ignore road signs • The Register

• Millions of IoT Devices at Risk From Integrated Modem (darkreading.com)

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• IoT Vulnerabilities and BotNet Infections: A Risk for Executives - Security Boulevard

Data Breaches/Leaks

• Over 5.3 billion data records exposed in April 2024 | Computer Weekly

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Notorious threat actor IntelBroker claims the hack of the Europol (securityaffairs.com)

• Hacker claims another breach into Dell systems | SC Media (scmagazine.com)

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• Hacker claims to have stolen Dell customer data, twice. Here's how to protect yourself | ZDNET

• Santander Data Breach Impacts Customers, Employees - Security Week

• Employee data breaches up 41% - Personnel Today

• The legal sector's data breach conundrum: insights from ICO's latest report - Solicitors Journal

• JPMorgan Chase Suffers Data Breach Affecting Personal Information of 451,809 Customers - The Daily Hodl

• JPMorgan Fixes Security Flaw, Affects 450K Retirement Plans | Entrepreneur

• Europol confirms incident after data break-in claims • The Register

• Largest non-bank lender in Australia warns of a data breach (bleepingcomputer.com)

• Guernsey data breaches: More than 1,000 people affected - BBC News

• Up to 120,000 affected by data breach at City of Helsinki (helsinkitimes.fi)

• Billion-Dollar Bank Sued After Revealing Massive Data Breach Affecting Thousands of Customers, Exposing Account Details, Social Security Numbers and Medical Information: Report - The Daily Hodl

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

• Camden Council cyber attack warning after NRS Healthcare cyber attack | Ham & High (hamhigh.co.uk)

• Lessons learned from high-profile data breaches | TechTarget

• Zscaler Confirms Only Isolated Test Server Was Hacked - Security Week

• Nissan North America data breach impacts over 53,000 employees (bleepingcomputer.com)

Organised Crime & Criminal Actors

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• FBI working towards nabbing Scattered Spider hackers, official says | Reuters

• Low-tech tactics still top the IT security risk chart | CSO Online

• The Growing Cyber Threat Landscape: Insights into State-Sponsored and Criminal Cyber Activities | HackerNoon

• Top 5 Most Dangerous Cyber Threats in 2024 (darkreading.com)

• Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Insider Risk and Insider Threats

• Low-tech tactics still top the IT security risk chart | CSO Online

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Insider Risk in the Generative AI Era - InfoRiskToday

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• CISOs call to ditch the 'stigma of blame' in cyber security (computing.co.uk)

Insurance

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• NCSC guide to help businesses facing ransomware demands (biba.org.uk)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• Lloyd’s provides tighter guidance on cyber war wordings | Insurance Insider

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Are you meeting your cyber insurance requirements? - Help Net Security

Supply Chain and Third Parties

• Most Companies Affected by Software Supply Chain Attacks in the Last Year, Struggling to Detect and React Effectively - IT Security Guru

• Santander: a data breach at a third-party provider impacted customers and employees (securityaffairs.com)

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

Cloud/SaaS

• How to create a cloud security policy, step by step | TechTarget

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Secrecy Concerns Mount Over Spy Powers Targeting US Data Centres | WIRED

Encryption

• You want us to think of the children? Couldn't agree more • The Register

Linux and Open Source

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Establishing a security baseline for open source projects - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• The 10 most common 4-digit PIN numbers — are you at risk of a cyber attack? (nypost.com)

Social Media

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

Training, Education and Awareness

• The Future of Security Awareness - GovInfoSecurity

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

Regulations, Fines and Legislation

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

• Nigeria Halts Cyber Security Tax After Public Outrage (darkreading.com)

Models, Frameworks and Standards

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

Careers, Working in Cyber and Information Security

• The cyber security skills shortage: A CISO perspective | CSO Online

• Why cyber security staff burn out, and what to do about it (computing.co.uk)

Law Enforcement Action and Take Downs

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Lloyd’s updates cyber war wordings - Reinsurance News

• Civil society under increasing threats from ‘malicious’ state cyber actors, US (therecord.media)

Nation State Actors

China

• Cyber threat landscape permanently altered by Chinese operations, US officials say (therecord.media)

• GCHQ boss says China's 'genuine' cyber threat 'weakens security of internet for all' | Science & Tech News | Sky News

• Tracking the Progression of Earth Hundun's Cyber espionage Campaign in 2024 | Trend Micro (US)

• When Chinese Nationalist Hackers Go Rogue (globelynews.com)

• Can't blame all Chinese cyber attacks on the government - Asia Times

• How the West has struggled to keep up with China’s spy threat - BBC News

• Stifling Beijing in cyber space big focus for UK operatives • The Register

• China focuses on non-military ways to take Taiwan, reports warn - Washington Times

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• Chinese Crime Ring Uses Franchise Model to Grow Fake Online Shops (businessinsider.com)

• Three men charged with aiding Hong Kong intelligence service, says Met | UK news | The Guardian

Russia

• Russia is ramping up sabotage across Europe (economist.com)

• File Not Found: Russia Is Hacking Evidence of Its War Crimes - War on the Rocks

• NATO Draws a Cyber Red Line in Tensions With Russia - Security Week

• Pro-Russia hackers targeted Kosovo government websites (securityaffairs.com)

• Russian Actors Weaponize Legitimate Services in Multi-Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK 'increasingly concerned' about Russian intelligence links to hacktivists (therecord.media)

• To the Moon and back(doors): Lunar landing in diplomatic missions (welivesecurity.com)

• New backdoors on a European government's network appear to be Russian (therecord.media)

• 'Russian' hackers deface potentially hundreds of local British news sites (therecord.media)

• Investigation: How Russia's Warplanes Get Their 'Brain Power' From The West, Despite Sanctions

• The Three Seas Initiative: A Vanguard in Digitization and Cyber Security | Warsaw Institute

Iran

• Iran most likely to launch destructive cyber attack on US • The Register

North Korea

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

Vulnerability Management

• Not Just MOVEit: 2023 Was a Banner Year for Zero-Days (inforisktoday.com)

• (Cyber) Risk = Probability of Occurrence x Damage (thehackernews.com)

• Critical vulnerabilities take 4.5 months on average to remediate - Help Net Security

• The Fall of the National Vulnerability Database (darkreading.com)

• Backlogs at National Vulnerability Database prompt action from NIST and CISA | CSO Online

• UK Lags Europe on Exploited Vulnerability Remediation - Infosecurity Magazine (infosecurity-magazine.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped - Infosecurity Magazine (infosecurity-magazine.com)

• Heartbleed: When Is It Good to Name a Vulnerability? (darkreading.com)

Vulnerabilities

• Google Chrome emergency update fixes 6th zero-day exploited in 2024 (bleepingcomputer.com)

• Google patches third exploited Chrome zero-day in a week (bleepingcomputer.com)

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com) 

• Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days (thehackernews.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day (darkreading.com)

• New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (thehackernews.com)

• Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  - Security Week

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• CISA and FBI Issue Alert on Path Traversal Vulnerabilities - Security Boulevard

• VMware Patches Severe Security Flaws in Workstation and Fusion Products (thehackernews.com)

• Firefox 126: Telemetry, privacy feature, and security fixes - gHacks Tech News

• SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Security Week

• Adobe Patches Critical Flaws in Reader, Acrobat - Security Week

• Cisco Releases Security Updates for Multiple Products | CISA

• Microsoft shares temp fix for Outlook encrypted email reply issues (bleepingcomputer.com)

Tools and Controls

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• How To Implement Threat Modeling To Protect Your Business - Minutehack

• How to create a cloud security policy, step by step | TechTarget

• Hackers use DNS tunneling for network scanning, tracking victims (bleepingcomputer.com)

• AWS CISO: In AI gold rush, folks forget application security • The Register

• What Is Cyber Risk Quantification? | HackerNoon

• Best Practices for Preparing for a Cyber Breach | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Ridding your network of NTLM | CSO Online

• Maximizing cyber security ROI: A strategic approach | TechRadar

• What is ransomware recovery? | Definition from TechTarget

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• Addressing the Cyber Security Vendor Ecosystem Disconnect (darkreading.com)

• The Future of Security Awareness - GovInfoSecurity

• Microsoft Deploys Generative AI for US Spies | WIRED

• How to Think About Foundation Models for Cyber Security | Andreessen Horowitz (a16z.com)

Reports Published in the Last Week

• Learning from the mistakes of others – A retrospective review | ICO

• 2024 Browser Security Report (layerxsecurity.com)

• At-Bay's 2024 InsurSec Report [Download Now]

• Kaspersky’s Incident Response Analyst report 2023 (kasperskycontenthub.com)

Other News

• Microsoft president summoned to House over security blunders • The Register

• National Cyber Security Centre: Tech market not working - The Business Magazine

• Critical infrastructure security needs everyone's help • The Register

• Your Hospital Is Under Cyber Attack. Now What? (newsweek.com)

• BT, TalkTalk, Virgin Media and Vodafone on UK Router Security and Upgrades - ISPreview UK

• Hackers use DNS tunnelling for network scanning, tracking victims (bleepingcomputer.com)

• NCSC CTO: Broken market must be fixed to usher in new tech • The Register

• Public Sector IT is Broken: Turning the System Back On - IT Security Guru

• The Cyber Security Implications Of Gen Z’s Tech-Savvy Lifestyle (forbes.com)

• Fortify Your Digital Defences: Top Home Cyber Security Strategies for Personal Protection | HackerNoon

• Classes cancelled as 'sinister' school cyber attacks rise - BBC News

• Irony abounds as UK NCSC’s simple door codes revealed • The Register

• Candidates to get cyber security support amid general election interference fears (nation.cymru)

• NCSC launches Share and Defend capability | UKAuthority

• Too many ICS assets are exposed to the public internet - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalogue. The findings are particularly worrying because the examined vulnerabilities are known and highlighted in CISA's KEV catalogue as actively exploited by hackers, so any delays in their patching maintain a large attack surface, giving threat actors numerous potential targets.

Over half of those 7 million instances were vulnerable to one of the 137 CVEs concerning Microsoft Windows, making this component a top priority for defenders and an excellent target for attackers. Almost half of those are over five years old, so roughly 800,000 machines have not applied security updates for a significant period of time.

https://www.bleepingcomputer.com/news/security/15-million-public-facing-services-vulnerable-to-cisa-kev-flaws/

• New Research Highlights Increased Security Risks Posed by Remote Working and BYOD

New research has highlighted the increased threats associated with remote work and bring your own device (BYOD) policies faced by organisations. The results of the survey show that with remote and hybrid working, personal and work tasks blur together and the boundaries between the two have become more porous. The data shows that 32% of remote and hybrid workers use apps or software not approved by IT and 92% of remote employees perform work tasks on their personal tablet or smartphone devices. These devices, apps and software, along with the corporate data being accessed, are not visible to IT, thereby dramatically increasing an organisation’s risk posture.

https://www.itsecurityguru.org/2023/04/03/new-research-highlights-increased-security-risks-posed-by-remote-working-and-bring-your-own-device-policies/

• Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks

Cyber security is a growing concern among all businesses but lack of security expertise in SMBs is leaving smaller firms open to attack. Cyber threats are more real and prevalent than ever before and the risk to businesses includes not only exposure of customer data and a decrease in trust, but also losses in revenue.

54% of small businesses say they are more concerned about cyber security now than one year ago yet 38% of SMBs said they had zero employees dedicated to security as part of their role, and 42% had just one employee working on security. Even without a traditional security role, there should be someone responsible for making security decisions in every organisation.

A lack of time to focus on security and keeping up with changing threats are amongst the biggest challenges for businesses.

https://www.helpnetsecurity.com/2023/04/04/smbs-security-posture/

• IT and Security Pros Pressured to Keep Quiet About Data Breaches

It is not possible to stop every bad thing from happening. Alarmingly, when something does go wrong IT/security professionals are being told to keep a breach confidential, even when they knew it should be reported. More than 42% of IT/security professionals reporting this happening to them, and a worrying 30% said they have kept a breach confidential.

At 71%, IT/security professionals in the US were the most likely to say they have been told to keep quiet followed by the UK at 44%.

52% of global organisations have experienced a data breach or data leak in the last 12 months. The US led at 75% (or 23% higher than average) followed by the UK at 51.4%.

Infosec professionals are increasingly worried about their company facing legal action due to a breach being handled incorrectly.

https://www.helpnetsecurity.com/2023/04/06/pressure-keeping-breaches-confidential/

• Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard

Phishing attacks are up 5x year-on-year, researchers say. A report from Cofense analysed data received from 35 million people across the world, finding there has been a 569% increase in phishing attacks to 2022 and 478% increase to credential phishing. With the increased frequency, intensity and sophistication of these threats small and medium-sized businesses should be particularly wary of phishing and other forms of email-borne cyber attacks as their numbers have grown explosively over the last year, experts have warned. Organisations should keep eyes open for Business Email Compromise (BEC) attacks as this type continues to be one of the top crimes for the eighth year in a row.

https://www.techradar.com/news/phishing-emails-are-seeing-a-huge-rise-so-stay-on-your-guard

• Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks

New studies have found that ransomware exploits are increasing, and a large percentage of victims are being hit multiple times. The NCC Group noted that there were 240 ransomware attacks in February 2023, a 45% increase from the record-high number of attacks in January. North America accounted for 47% of the global ransomware attacks, with Europe following (23%). Another report found that of all organisations hit by ransomware in the last 12 months, 28% were reported to be hit twice or more. Of the organisations breached, 69% reported phishing as the initial access vector.

https://www.techrepublic.com/article/nccgroup-ransomware-attacks-up-february/

• MSPs a Favoured Target of Supply Chain and Infrastructure Attacks

With the backdrop of increasing cyber attacks on supply chains, Managed Service Providers (MSPs) are increasingly being favoured by attackers due to their pivotal role in the supply chain and access to the organisations they are serving.

When measured by sector, MSPs are the hardest hit by hackers in supply chain attacks.

ConnectWise’s cyber research unit analysed some 440,000 incidents that impacted MSPs and their clients and found that Lockbit led among the most prolific ransomware hijackers targeting MSPs, (42% of all ransomware attacks) followed by Cl0p at 11%. Whilst numerous other ransomware gangs also directly targeted MSPs in 2022.

Third party risk assessments should be carried out for all organisations in your supply chain and this is especially true of MSPs and external IT providers given the level of access they have into your systems and data.

https://www.msspalert.com/cybersecurity-research/msps-a-favored-target-of-supply-chain-and-infrastructure-attacks-connectwise-reports/

• Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening companies with publishing or selling allegedly stolen data unless they get paid. Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the messages. It is possible that victims are selected from publicly available sources, such as the initial attacker’s data leak site, social media, news reports, or company disclosures; in some cases a fake extortionist could learn about ransomware victims that have yet to disclose the cyber attack, making it more likely for victims to believe them.

https://www.bleepingcomputer.com/news/security/fake-ransomware-gang-targets-us-orgs-with-empty-data-leak-threats/

• GCHQ Updates Security Guidance for Boards

The UK’s leading cyber security agency GCHQ, has urged the country’s business leaders to “get to grips” with cyber risk after releasing an updated toolkit to help them do so. GCHQ’s National Cyber Security Centre (NCSC) said its updated Cyber Security Board Toolkit is designed to boost the confidence of senior execs when discussing security with key stakeholders from the organisation.

Given the potentially serious impact breaches can have on business operations and growth, the agency wants boards to treat cyber risk with the same urgency as other business risks in areas such as financial and legal.

https://www.infosecurity-magazine.com/news/gchq-updates-security-guidance/

• More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis

A recent report found that 52% of organisations had suffered a data breach in the past two years, an increase from 49% in 2022. In addition, 62% of organisations reported that business critical applications suffered from unplanned downtime due to a cyber security incident on at least a monthly basis, an increase from 54% in 2022. Other key findings include downtime costing roughly 2.7% of annual revenue, 39% of organisations believing cyber security incidents directly harmed their competitive position and 31% noting that it had reduced shareholder revenue. As a result of the impact, 95% of organisations reported that they had planned to increase their security budget over the next 2 years.

https://www.msspalert.com/cybersecurity-research/splunk-details-increase-in-data-breaches-downtime-due-to-cybersecurity-issues/

• For Cyber Crime Gangs, Professionalisation Comes With “Corporate” Headaches

Today’s largest cyber crime gangs are operating like large enterprises, with $50 million dollars in annual revenue and around 80% of operating expenses going towards wages. Researchers have found that small, medium and especially large cyber crime gangs are operating just like their legitimate counterparts, from their managerial structure to employee benefits. The research highlights a worrying level of sophistication within cyber crime gangs; we are no longer dealing with the lone attacker in a dark room, but in some cases an enterprise with clear objectives.

https://www.darkreading.com/vulnerabilities-threats/cybercrime-professionalization-gangs-corporate-headaches

• UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups

Britain’s newly created offensive hacking unit, the National Cyber Force (NCF), has said it is engaged daily in operations to disrupt terrorist groups and military opponents of the UK. Operational details remain unclear, however the NCF says it is engaged in techniques to “undermine the tradecraft” of Russian, Chinese and other state-sponsored hackers and in “technical disruption” against terrorist groups, for example to prevent the dissemination of online propaganda. This news comes after the recent leak of files for Moscow, which had tasked an IT company to develop cyber warfare tools aimed at taking down infrastructure networks and scouring the internet for vulnerabilities.

https://www.theguardian.com/technology/2023/apr/03/uks-offensive-hacking-unit-takes-on-military-opponents-and-terrorist-groups

• Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change

A man reportedly took his own life following a six-week-long conversation about the climate crisis with an artificial intelligence (AI) chatbot. Reports found that the chatbot had fed the mans worries about climate change, which had worsened his anxiety and later led to suicidal thoughts. The AI chatbot failed to dissuade the man from committing suicide and had in fact encouraged him to act on the thoughts and join the AI chatbot so “they could live together, as one person, in paradise”. This is despite the efforts made to limit these kind of events.

https://www.euronews.com/next/2023/03/31/man-ends-his-life-after-an-ai-chatbot-encouraged-him-to-sacrifice-himself-to-stop-climate-

• Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The vulnerability is in Elementor Pro, a premium plugin running on more than 12 million sites powered by WordPress.  Despite the vulnerability being fixed, many have not installed the patch. Worryingly, this is a common theme in cyber; many organisations remain vulnerable due to them not having an efficient patching process and as a result, a number of the most exploited vulnerabilities have available patches.

https://arstechnica.com/information-technology/2023/03/hackers-exploit-wordpress-plugin-flaw-that-gives-full-control-of-millions-of-sites/

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks up sharply in February (techrepublic.com)

• Fake ransomware gang targets U.S. orgs with empty data leak threats (bleepingcomputer.com)

• New Money Message ransomware demands million dollar ransoms (bleepingcomputer.com)

• Rorschach – A New Sophisticated and Fast Ransomware - Check Point Research

• ALPHV ransomware exploits Veritas Backup Exec bugs for initial access (bleepingcomputer.com)

• LockBit leaks data stolen from South Korean National Tax Service-Security Affairs

• UK outsourcing services provider Capita suffered a cyber incident-Security Affairs

• March ransomware disclosures spike behind Clop attacks | TechTarget

• Protect Your Company: Ransomware Prevention Made Easy (thehackernews.com)

• Dish Faces Investor Lawsuit Over Ransomware Attack, Downgrades From Equity Analysts | Next TV

Phishing & Email Based Attacks

• Scammers Are Using ChatGPT to Write Emails That Aren't Riddled With Typos (futurism.com)

• Phishing emails are seeing a huge rise, so stay on your guard | TechRadar

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M-Security Affairs

• YouTube warns of email scam from seemingly authentic account | Science & Tech News | Sky News

BEC – Business Email Compromise

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M-Security Affairs

2FA/MFA

• Hackers steal crypto assets by defeating 2FA with rogue browser extension | CSO Online

Malware

• WinRAR SFX archives can run PowerShell without being detected (bleepingcomputer.com)

• Malware and machine learning: A match made in hell - Help Net Security

• Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks (thehackernews.com)

• Flood of malicious packages results in NPM registry DoS - Help Net Security

• Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks (thehackernews.com)

• Researcher Tricks ChatGPT into Building Undetectable Steganography Malware (darkreading.com)

• Typhon info-stealing malware devs upgrade evasion capabilities (bleepingcomputer.com)

• Tax preparation and e-file service eFile.com compromised to serve malware-Security Affairs

• The hidden picture of malware attack trends - Help Net Security

Mobile

• Google publishes April Android Security Bulletin, but Pixel updates are once again missing (androidpolice.com)

• Android's April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities - SecurityWeek

BYOD

• New Research Highlights Increased Security Risks Posed by Remote Working and BYOD - IT Security Guru

Internet of Things – IoT

• Hackers can open Nexx garage doors remotely, and there's no fix (bleepingcomputer.com)

• HP to patch critical bug in LaserJet printers within 90 days (bleepingcomputer.com)

Data Breaches/Leaks

• Splunk Details Increase in Data Breaches, Downtime Due to Cyber security Issues - MSSP Alert

• Nearly 5 million hit in massive loan data breach — see if you’re affected | Tom's Guide (tomsguide.com)

• Data Breach Strikes Western Digital (darkreading.com)

• Uber driver info stolen in yet another third-party breach • The Register

• High-cost lender TMX Finance data breach affects nearly 5 million customers | SC Media (scmagazine.com)

• ChatGPT linked to alleged leak of confidential information at Samsung (interestingengineering.com)

• Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach (darkreading.com)

• Marketplace 600K Records Leaked By Database Snafu (informationsecuritybuzz.com)

• Hacker claims breach of US immigration services | Cybernews

Organised Crime & Criminal Actors

• For Cyber Crime Gangs, Professionalization & ‘Corporate’ Headaches (darkreading.com)

• Fight Mercenaries with these Cyber security Principles (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• DoJ Recovers $112M in Crypto Stolen With Romance Scams (darkreading.com)

• Hackers steal crypto assets by defeating 2FA with rogue browser extension | CSO Online

Insider Risk and Insider Threats

• Re-evaluating immature and ineffective insider risk management programs - Help Net Security

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

Fraud, Scams & Financial Crime

• The staggering cost of identity fraud for financial services - Help Net Security

• New dark web market STYX focuses on financial fraud services (bleepingcomputer.com)

• What CISOs Can Do to Build Trust & Fight Fraud in the Metaverse (darkreading.com)

• Feds seize $112m in currency tied to 'pig-butchering scams • The Register

• Stop online counterfeiters dead in their tracks - Help Net Security

Deepfakes

• Misinformation, mistakes and the Pope in a puffer: what rapidly evolving AI can – and can’t – do | Artificial intelligence (AI) | The Guardian

• Welcome to the era of viral AI generated 'news' images | CNN Business

Insurance

• Experts Urge Empathy, Thoughtfulness for Insurers in Challenging Cyber Landscape (insurancejournal.com)

Dark Web

• New dark web market STYX focuses on financial fraud services (bleepingcomputer.com)

Supply Chain and Third Parties

• MSPs a Favoured Target of Supply Chain and Infrastructure Attacks, ConnectWise Reports - MSSP Alert

• APT group Winter Vivern exploits Zimbra webmail flaw to target government entities | CSO Online

• Risk & Repeat: Inside the 3CX supply chain attack | TechTarget

• 10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (bleepingcomputer.com)

• Automation, Cyber security, Integration Top the List of Priorities for MSPs in 2023 - MSSP Alert

• Capita: Cyber attack caused pre-weekend outage • The Register

• Western Digital Hit By Network Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

Cloud/SaaS

• Log4j bug abused in new 'proxyjacking' attacks to resell bandwidth, abuse enterprise cloud | SC Media (scmagazine.com)

• Google Drive does a surprise rollout of file limits, locking out some users | Ars Technica

• Modular "AlienFox" Toolkit Used to Steal Cloud Service Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• Capita: Cyber attack caused pre-weekend outage • The Register

• Shadow data slipping past security teams - Help Net Security

• Think Before You Share the Link: SaaS in the Real World (thehackernews.com)

• Western Digital Hit By Network Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

Hybrid/Remote Working

• New Research Highlights Increased Security Risks Posed by Remote Working and BYOD - IT Security Guru

• Unapproved Apps Used By 32% of Remote Workers - Infosecurity Magazine (infosecurity-magazine.com)

Shadow IT

• Shadow data slipping past security teams - Help Net Security

Identity and Access Management

• "It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete? (thehackernews.com)

• The high cost of insecure authentication methods - Help Net Security

• 3 Fronts in the Battle for Digital Identity (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Takedown of notorious hacker marketplace selling your identity to criminals | Europol (europa.eu)

• Stolen credential warehouse Genesis Market seized by FBI • The Register

Social Media

• TikTok to Comply With US Law, Protect User Data From China - Infosecurity Magazine (infosecurity-magazine.com)

• TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian

• Twitter's recommendation algorithm opens platform to manipulation, bot attacks, researcher finds | CyberScoop

• TikTok bans explained: Everything you need to know (techtarget.com)

• YouTube warns of email scam from seemingly authentic account | Science & Tech News | Sky News

Parental Controls and Child Safety

• TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian

Regulations, Fines and Legislation

• TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian

• UK data regulator issues warning over generative AI data protection concerns | CSO Online

Governance, Risk and Compliance

• 42% of IT leaders told to maintain breach confidentiality | TechTarget

• GCHQ Updates Security Guidance for Boards - Infosecurity Magazine (infosecurity-magazine.com)

• Splunk Details Increase in Data Breaches, Downtime Due to  Issues - MSSP Alert

• 5 strategies to manage  risks in mergers and acquisitions | CSO Online

Models, Frameworks and Standards

• What is PCI DSS 12 requirements? | Definition from TechTarget

Careers, Working in Cyber and Information Security

• Ex-GCHQ chief criticises Treasury for advertising head of cyber security job with £50k salary (telegraph.co.uk)

Law Enforcement Action and Take Downs

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M-Security Affairs

• Stolen credential warehouse Genesis Market seized by FBI • The Register

• Spain's most dangerous and elusive hacker now in police custody (bleepingcomputer.com)

• Genesis Market: Popular cyber crime website shut down by police - BBC News

• FBI obtained detailed database exposing 60,000 users of the cyber crime bazaar Genesis Market | CyberScoop

Privacy, Surveillance and Mass Monitoring

• NYPD ignored 93 percent of surveillance law rules • The Register

Artificial Intelligence

• Welcome to the era of viral AI generated 'news' images | CNN Business

• Misinformation, mistakes and the Pope in a puffer: what rapidly evolving AI can – and can’t – do | Artificial intelligence (AI) | The Guardian

• Scammers Are Using ChatGPT to Write Emails That Aren't Riddled With Typos (futurism.com)

• ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications - SecurityWeek

• ChatGPT banned in Italy | The Independent

• Man ends his life after an AI chatbot 'encouraged' him to sacrifice himself to stop climate change | Euronews

• Malware and machine learning: A match made in hell - Help Net Security

• ChatGPT linked to alleged leak of confidential information at Samsung (interestingengineering.com)

• UK data regulator issues warning over generative AI data protection concerns | CSO Online

• Researcher Tricks ChatGPT into Building Undetectable Steganography Malware (darkreading.com)

Misinformation, Disinformation and Propaganda

• Misinformation, mistakes and the Pope in a puffer: what rapidly evolving AI can – and can’t – do | Artificial intelligence (AI) | The Guardian

• ChatGPT could increase 'threat vector' for cyber attacks and misinformation, experts warn: 'Deepfake generator' | Fox Business

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• UK’s offensive hacking unit takes on military opponents and terrorist groups | Cyberwar | The Guardian

• Russian pro-war military blogger killed in blast at St Petersburg cafe | Russia | The Guardian

• China opens national security probe into Micron products • The Register

• CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog-Security Affairs

• Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar (darkreading.com)

• Chinese 'spy balloon' that flew over US gathered intelligence from sensitive military sites, officials say | US News | Sky News

• UK Discloses Offensive Cyber Capabilities Principles - Infosecurity Magazine (infosecurity-magazine.com)

• Britain’s cyberwarfare chief reveals his identity | The Economist

Nation State Actors

• APT group Winter Vivern exploits Zimbra webmail flaw to target government entities | CSO Online

• UK’s offensive hacking unit takes on military opponents and terrorist groups | Cyberwar | The Guardian

• Vodafone warned of ‘profound national security questions’ over merger with Chinese-owned Three (telegraph.co.uk)

• Russian pro-war military blogger killed in blast at St Petersburg cafe | Russia | The Guardian

• China opens national security probe into Micron products • The Register

• Report: Chinese State-Sponsored Hacking Group Highly Active - SecurityWeek

• Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar (darkreading.com)

• Chinese 'spy balloon' that flew over US gathered intelligence from sensitive military sites, officials say | US News | Sky News

• The other Chinese apps taking the US and UK by storm - BBC News

• TikTok to Comply With US Law, Protect User Data From China - Infosecurity Magazine (infosecurity-magazine.com)

• China probes Micron for cyber security risks, urges Japan to stay out of US chip export curbs  | TechCrunch

• Google TAG Alerts Of ARCHIPELAGO Cyber attacks Linked To North Korea (informationsecuritybuzz.com)

Vulnerability Management

• 15 million public-facing services vulnerable to CISA KEV flaws (bleepingcomputer.com)

• 10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (bleepingcomputer.com)

• Millions still exposed despite available fixes - Help Net Security

• Microsoft to admins: Auto-review your Autopatch alerts • The Register

Vulnerabilities

• Log4j bug abused in new 'proxyjacking' attacks to resell bandwidth, abuse enterprise cloud | SC Media (scmagazine.com)

• Hackers exploit WordPress plugin flaw that gives full control of millions of sites | Ars Technica

• CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog-Security Affairs

• HP to patch critical bug in LaserJet printers within 90 days (bleepingcomputer.com)

• Prevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359) - Help Net Security

• Chrome 112 Patches 16 Security Flaws - SecurityWeek

• QNAP Zero-Days Leave 80K Devices Vulnerable to Cyber attack (darkreading.com)

Tools and Controls

• How can organisations bridge the gap between DR and cyber security? - Help Net Security

• Let’s pump the brakes on the rush to incorporate AI into cyber security | CSO Online

• The high cost of insecure authentication methods - Help Net Security

• How AI is transforming cyber security for better and worse - Help Net Security

• 3 Fronts in the Battle for Digital Identity (darkreading.com)

• What RASP Should Have Been (darkreading.com)

Reports Published in the Last Week

• Bitdefender 2023 Cybersecurity Assessment | Bitdefender

• Annual Report: Leading Anti-Phishing Solutions | Cofense

Other News Misc/Other Misc attacks

• Maintaining Data Integrity With Growing Cyber security Concerns (informationsecuritybuzz.com)

• Keeper Security April Fools - IT Security Guru

• Travel visa delays after UK’s crime records office hit by cyber ‘incident’ | Evening Standard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links