Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Human Error and AI Tops Cyber Threats as 70% of CISOs Worry About Risk

According to a survey of 1,600 CISOs, 70% worry about the risk of a material cyber attack over the next 12 months. Additionally, nearly 31% believe an attack is very likely, compared to 25% in 2023.  Amongst the largest concerns were human error, with 75% of CISOs identifying it as their most significant cyber vulnerability, up from 60% in 2023. Furthermore, 80% anticipate that human risk and employee negligence in particular will be major cyber security issues in the next two years.  Additionally, artificial intelligence was identified as an emerging concern for 54% of CISOs.

Sources: [The Register] [Infosecurity Magazine] [Cryptopolitan]

The State of Cyber Security: AI and Geopolitics Mean a Bigger Threat Than Ever

A recent report by Check Point reveals that global organisations faced an average of 1,158 weekly cyber attacks in 2023, an increase from 2022. In the UK, 50% of businesses experienced cyber attacks in the past year, with medium and large-sized businesses more affected at 70% and 74%, respectively. A ClubCISO survey found 62% of CISOs believe organisations are ill-equipped for AI-driven attacks, yet 77% haven't increased cyber security spending.

Additionally, a British Foreign Policy Group (BFPG) article highlights cyber threats from geopolitical tensions, with a recent attack on the Ministry of Defence exposing HR and payroll data. The National Cyber Security Centre attributes such attacks to state-affiliated actors like China and Russia. Despite efforts to establish international cyber norms, enforcement remains challenging. Businesses must recognise that cyber security is now deeply intertwined with geopolitics, affecting strategic partnerships and procurement.

Sources: [Verdict] [BFPG]

Threat Research Highlights Growing Mobile Security Risks

A recent report by a cloud security vendor focusing on the mobile threat landscape found that in the first quarter of 2024, the number of phishing, malicious, denylisted and offensive links delivered to their customers’ mobile devices tripled compared to Q1 2023. The report, which bases its data on 220 million devices, 325 million apps and billions of web items, found that the most common misconfiguration in mobiles was out of date operating systems (37%). When it came to the prevalence of attacks, 75% of organisations reported experiencing mobile phishing attempts targeting their employees.

This comes as a representative from the US Cybersecurity and Infrastructure Security Agency told the Federal Communications Commission earlier this year that there had been “numerous incidents of successful, unauthorised attempts” to steal location data, monitor voice and text messages, and deliver spyware.

Sources: [Economist] [Business Wire]

Family Offices Become Prime Targets for Cyber Hacks and Ransomware

A recent Dentons survey reveals that nearly 80% of family offices perceive a dramatic increase in cyber attack threats, with a quarter experiencing an attack in 2023, up from 17% in 2020. Despite their wealth, family offices often lack the staff and technology to manage these risks effectively. Less than a third report well-developed cyber risk management processes, and only 29% believe their cyber training programs are sufficient. This gap between awareness and action highlights the need for family offices to prioritise comprehensive cyber security measures, including better training, updated policies, and secure communication practices.

Source: [CNBC]

Ransomware Fallout: 94% Experience Downtime, 40% Face Work Stoppage

According to a report by cyber security provider Arctic Wolf, within the last 12 months 48% of organisations identified evidence of a successful breach within their environment and 70% of organisations were the targets of attempted Business Email Compromise (BEC) attacks, with 29% of these targets becoming victims of one or more successful BEC occurrences.

In its survey, the company says “45% of the organizations we spoke with admitted to being the victim of a ransomware attack within the last 12 months”,  an increase from the prior year. Of those impacted by ransomware, 86% of attacks including successful data exfiltration and 94% of those impacted by a ransom event experienced a significant downtime and delays. 40% of victims stated they experienced a period of total work stoppage due to ransomware.

Source: [Help Net Security]

Employee Discontent: Insider Threat No. 1

Chief Information Security Officers (CISOs) must integrate human factors into insider risk management (IRM), not just rely on detection technologies. IRM must consider factors such as those raised by recent research where only half of US workers are very satisfied with their jobs, and 28% feel their employers don't care about them. CISOs themselves are affected by job satisfaction; the 2024 IANS/Artico report shows three out of four CISOs are ready to leave their roles. DTEX Systems found 77% of malicious insiders concealed their activities, emphasising the importance of human engagement and feedback in mitigating risks.

Source: [CSO]

Report Reveals 341% Rise in Advanced Phishing Attacks

A recent report has revealed malicious emails increased by 341% over the past 6 months. This included a 217% increase in credential harvesting phishing attacks and a 29% increase in Business Email Compromise (BEC) attacks. The report highlighted the impact of artificial intelligence, noting that since the launch of ChatGPT in November 2022, there has been a 4,151% surge in malicious phishing messages.

Source: [Security Magazine] [ Infosecurity Magazine]

Ransomware and GenAI Raise Security Challenges, Driving Cyber Investment

A recent study by Infosecurity Europe reveals that nearly 40% of cyber security leaders are increasing investments to combat the growing threats of ransomware and AI-generated attacks. A separate survey found 94% of organisations have or plan to implement generative AI use policies, and a third strictly forbid AI tech in their environment. This data highlights the ongoing effort to balance AI benefits with security risks, indicating that there isn’t a one-size-fits-all strategy for formalising AI adoption and usage policies.

Source: [Security Boulevard] [Infosecurity Magazine]

New Rules Prompt 93% of Organisations to Rethink Cyber Security Plans

A recent report reveals that 93% of organisations have re-evaluated their cyber security strategies due to new regulations, with 58% reconsidering their entire approach. The survey, which included 500 cyber security decision-makers from the US and UK, found that 92% reported increased security budgets, with 36% seeing rises of 20-49% and 23% experiencing over 50% increases. Despite this, only 40% feel confident in their resources to comply with regulations, and just one-third believe they can meet all requirements, highlighting significant gaps in preparedness.

Source: [security magazine]

HR and IT Related Phishing Scams Still Most Popular According to KnowBe4’s Latest Phishing Report

A recent KnowBe4 report reveals that HR-related phishing emails account for 42% of top-clicked phishing attempts, followed by IT-related emails at 30%. These phishing tactics exploit employees' trust and evoke immediate responses by mimicking legitimate business communications about dress code changes, tax updates, and training notifications. The report also highlights that nearly a third of users are vulnerable to phishing, emphasising the need for robust security awareness training. A well-trained workforce is essential in defending against increasingly sophisticated phishing attacks that leverage AI and emotional manipulation.

Source: [IT Security Guru]

80% of Exposures from Misconfigurations, as 15 Vendors Account for 62% of Global Attack Surface

A recent XM Cyber report highlights a significant gap in cyber security focus with identity and credential misconfigurations accounting for 80% of security exposures. The study, based on hundreds of thousands of attack path assessments, found that 62% of the global attack surface is concentrated in just 15 vendors. Furthermore, 41% of organisations had at least one compromised device, and 11% experienced ransomware incidents. The report underscores the need for a shift from patching all vulnerabilities to addressing high-impact exposures, especially those around identity management and critical asset protection.

Sources: [Security Magazine] [The Hacker News]

UK to Propose Mandatory Reporting for Ransomware Attacks and Licensing Regime for all Payments

A forthcoming proposal in Britain aims to overhaul the response to ransomware by mandating victims to report incidents and obtain a license before making extortion payments. This initiative, part of a public consultation, includes a ban on ransom payments for critical national infrastructure to deter attacks. The National Cyber Security Centre has highlighted concerns over underreporting, with a 2023 increase in ransomware-related data breaches. The plan’s success hinges on replacing the delayed Action Fraud reporting platform. This proposal marks a significant step in global ransomware policy, with Britain leading international efforts against cyber criminals.

Source: [The Record Media]

UK’s Legal Sector Needs to Improve its Cyber Security, Says Experts

One in ten UK data breaches in 2023 occurred in the legal sector, highlighting that UK law firms are attractive targets for cyber criminals. A recent analysis of the UK’s Information Commissioner's Office (ICO) data found that the legal sector is one of the worst performing sectors for data breaches, with nearly 86 per cent of the incidents within the legal sector involving breaches of personal identifiable information, including instances also affecting sensitive economic and financial data.

Sources [CITY AM]

Governance, Risk and Compliance

• 70% of CISOs Expect Cyber Attacks in Next Year, Report Finds - Infosecurity Magazine (infosecurity-magazine.com)

• UK's legal sector needs to improve its cyber security, say experts (cityam.com)

• How to stay on top of evolving cyber security legislation | RSM UK

• New rules prompt 93% of organisations to rethink cyber security plans | Security Magazine

• Ransomware and AI-Powered Hacks Drive Cyber Investment - Infosecurity Magazine (infosecurity-magazine.com)

• One CISO Can’t Fill Your Board’s Cyber Security Gaps (mit.edu)

• Security Compliance 101: What It Is and How to Master It - Security Boulevard

• Family offices become prime targets for cyber hacks and ransomware (cnbc.com)

• Worried about job security, cyber teams hide security incidents - Help Net Security

• Law firms warn global risks on the rise (emergingrisks.co.uk)

• Financial companies must have data breach incident plans, SEC says | SC Media (scmagazine.com)

• Businesses must overcome security communication roadblocks – Channel EYE

• Why Culture is the Bedrock of Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

• 10 Leadership Challenges For An AI World (forbes.com)

• IT Security Leaders Are Failing to Close a Boardroom Credibility Gap (prnewswire.com)

• Effective GRC programs rely on team collaboration - Help Net Security

• Are AI and Cyber Security the New Driving Forces Behind Mergers and Acquisitions in the Coming Years? - The Global Treasurerputty

• Understanding cyber risks beyond data breaches - Help Net Security

• De-risking the business - how to evolve your approach to security | TechRadar

• IT and security data is siloed in most organisations (betanews.com)

• Can Cyber Security Be a Unifying Factor in Digital Trade Negotiations? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Family offices become prime targets for cyber hacks and ransomware (cnbc.com)

• Ransomware fallout: 94% experience downtime, 40% face work stoppage - Help Net Security

• Ransomware Attacks Evolve as Average Ransom Demand Tops $1.26 Million - Security Boulevard

• UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (therecord.media)

• Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising (bleepingcomputer.com)

• Cyber criminals shift tactics to pressure more victims into paying ransoms - Help Net Security

• Unpatched vulnerabilities making bad ransomware outcomes worse: What you need to know | SC Media (scmagazine.com)

• Cyber Attacks Over Work Email Most Used; Ransomware Hits Victims Hard: Artic Wolf (insurancejournal.com)

• This wiper malware takes data destruction to a whole new level | TechRadar

• A Surge in Ransomware: Insights from Our 2024 Cyber Threat Report | Huntress

• New ransomware group abusing BitLocker | Securelist

• Ransomware, BEC, GenAI Raise Security Challenges - Security Boulevard

• LockBit takedown taking toll as gang plummets down rankings • The Register

• First LockBit, now BreachForums: Are cops winning the war? • The Register

• 2024 sees continued increase in ransomware activity - Help Net Security

• Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern (thehackernews.com)

• What role does an initial access broker play in the RaaS model? | TechTarget

• Casino cyber attacks put a bullseye on Scattered Spider • The Register

• Ransomware innovation slowdown a product of crims' success • The Register

Ransomware Victims

• National Records of Scotland reveals its data stolen in 'distressing' NHS health board cyber attack (scotsman.com)

• OmniVision Says Personal Information Stolen in Ransomware Attack - Security Week

• Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors (securityaffairs.com)

• LockBit says they stole data in London Drugs ransomware attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• HR and IT related phishing scams still most popular according to KnowBe4’s latest Phishing Report - IT Security Guru

• Report Reveals 341% Rise in Advanced Phishing Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide (thehackernews.com)

• Phishing statistics that will make you think twice before clicking - Help Net Security

• Cyber Attacks Over Work Email Most Used; Ransomware Hits Victims Hard: Artic Wolf (insurancejournal.com)

• Q1 2024 Global Phishing Report (knowbe4.com)

• Phishing, BEC, and Beyond: Tackling the Top Cyber Threats to UK Banks (prnewswire.co.uk)

• Two-stage Dropbox spear phishing | Kaspersky official blog

• Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns (thehackernews.com)

• Only 60 percent of brands can protect their customers from digital impersonation (betanews.com)

• A phish by any other name should still not be clicked – Computerworld

• Active Chinese Cyber espionage Campaign Rifling Email Servers (inforisktoday.com)

• YouTube has become a significant channel for cyber crime - Help Net Security

BEC

• The last six months shows a 341% increase in malicious emails | Security Magazine

• Phishing, BEC, and Beyond: Tackling the Top Cyber Threats to UK Banks (prnewswire.co.uk)

• Ransomware, BEC, GenAI Raise Security Challenges - Security Boulevard

• 10 Years in Prison for $4.5 million BEC Scammer Who Bought Ferrari to Launder Money | Tripwire

Other Social Engineering

• ‘Unblockable’ HMRC scam message on iPhones sparks warning (yahoo.com)

• Cyber criminals Exploit Cloud Storage For SMS Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• The state of cyber security: AI and geopolitics mean a bigger threat than ever - Verdict

• Three Questions Every Leader Needs To Ask About AI Cyber Security (forbes.com)

• Ransomware, BEC, GenAI Raise Security Challenges - Security Boulevard

• Beware – Your Customer Chatbot is Almost Certainly Insecure: Report - Security Week

• Human Error and AI Tops Cyber Security Threats in CISO Survey | Cryptopolitan

• Consumers continue to overestimate their ability to spot deepfakes - Help Net Security

• CIO’s 2024 Checklist: Generative AI, Digital Transformation And More (forbes.com)

• Are AI and Cyber Security the New Driving Forces Behind Mergers and Acquisitions in the Coming Years? - The Global Treasurer

• Deepfakes Rank As the Second Most Common Cyber Security Incident for US Businesses (darkreading.com)

• Data regulator looking into Microsoft’s AI Recall feature | The Independent

• New Microsoft Recall feature is a 'security nightmare' and could make Copilot+ PCs a top target for cyber criminals | ITPro

• Why We Need to Get a Handle on AI - Security Week

• CISOs pursuing AI readiness should start by updating the org’s email security policy - Help Net Security

• 10 Leadership Challenges For An AI World (forbes.com)

• US Intelligence Agencies’ Embrace of Generative AI Is at Once Wary and Urgent - Security Week

• User Outcry as Slack Scrapes Customer Data for AI Model Training - Security Week

• Balancing generative AI cyber security risks and rewards | TechTarget

• AI Is The Past, Present And Future Of Cyber Security (forbes.com)

• US AI Experts Targeted in SugarGh0st RAT Campaign (darkreading.com)

• The ‘dead internet theory’ makes eerie claims about an AI-run web. The truth is more sinister (theconversation.com)

• Transparency is sorely lacking amid growing AI interest | ZDNET

• UK Government in £8.5m Bid to Tackle AI Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Microsoft to Mandate Multi-Factor Authentication for All Azure Users (cybersecuritynews.com)

• Here's why you should get a YubiKey (xda-developers.com)

• Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report - Security Week

Malware

• Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide (thehackernews.com)

• Ukraine blackouts caused by malware attacks warn against evolving cyber security threats to the physical world (techxplore.com)

• 400K Linux Servers Recruited by Resurrected Ebury Botnet (darkreading.com)

• Another nasty Mac malware is spoofing legitimate software to target macOS users | TechRadar

• Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (thehackernews.com)

• What Does Malware Look Like? Check Out These Real-World Examples (pcmag.com)

• Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail (thehackernews.com)

• Dangerous nostalgia: Taking Windows XP online will result in auto-installed viruses in a matter of minutes | TechSpot

• Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users (thehackernews.com)

• MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks (thehackernews.com)

• Keylogger Embedded Microsoft Exchange Server Steals Login Credentials (cybersecuritynews.com)

• Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns (thehackernews.com)

• Researchers spot cryptojacking attack that disables endpoint protections | Ars Technica

• US AI Experts Targeted in SugarGh0st RAT Campaign (darkreading.com)

• New BiBi Wiper version also destroys the disk partition table (bleepingcomputer.com)

• Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth (darkreading.com)

• Malicious actors are cat-phishing targets in order to spread malware | Security Magazine

Mobile

• It is dangerously easy to hack the world’s phones (economist.com)

• How often should you turn off your phone? Here's what the NSA says | PCWorld

• New Android Banking Trojan Mimics Google Play Update App - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked Kimsuky APT attack targets victims via Messenger (securityaffairs.com)

• US Official Warns a Cell Network Flaw Is Being Exploited for Spying | WIRED

• How to recognise if the security of your work device has been breached (siliconrepublic.com)

• Vultur Malware Mimic As Mobile Antivirus Steals Login Credentials (cybersecuritynews.com)

• ‘Unblockable’ HMRC scam message on iPhones sparks warning (yahoo.com)

• Lookout Threat Research Highlights Growing Mobile Security Risks | Business Wire

Internet of Things – IoT

• Teslas Can Still Be Stolen With a Cheap Radio Hack—Despite New Keyless Tech | WIRED

Data Breaches/Leaks

• Aon reveals cyber attack/data breach as top risk for financial institutions - Reinsurance News

• PSNI Faces £750,000 Data Breach Fine After Spreadsheet Leak - Infosecurity Magazine (infosecurity-magazine.com)

• NYSE parent fined $10M for breach reporting failure • The Register

• Were The Ashley Madison Hackers Ever Caught? (screenrant.com)

• 2.4 Million Impacted by WebTPA Data Breach - Security Week

• National Records of Scotland reveals its data stolen in 'distressing' NHS health board cyber attack (scotsman.com)

• 49 Million Customers Impacted by API Security Flaw - Security Boulevard

• Army personnel fear for their jobs after huge MoD cyber attack | The Independent

• Criminal record database of millions of Americans dumped online | Malwarebytes

• Optus denies claims of ‘cloaking’ Deloitte cyber attack report findings - Lawyers Weekly

• Record breaking number of data breaches reported | Bailiwick Express

• 400,000 Impacted by CentroMed Data Breach - Security Week

• 55,000 Impacted by Cyber Attack on California School Association  - Security Week

Organised Crime & Criminal Actors

• Were The Ashley Madison Hackers Ever Caught? (screenrant.com)

• HP Catches Cyber Criminals 'Cat-Phishing' Users (darkreading.com)

• Cyber crime on the rise as account takeovers become leading method (investmentnews.com)

• Moroccan cyber crime group impersonates nonprofits and abuses cloud services to rake in gift card cash | CyberScoop

• YouTube has become a significant channel for cyber crime - Help Net Security

• Ransomware innovation slowdown a product of crims' success • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking (thehackernews.com)

• Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam (thehackernews.com)

• Researchers spot cryptojacking attack that disables endpoint protections | Ars Technica

• Dutch police tracked a crypto theft to one of world’s worst botnets (thenextweb.com)

• He Trained Cops to Fight Crypto Crime—and Allegedly Ran a $100M Dark-Web Drug Market | WIRED

Insider Risk and Insider Threats

• Human Error and AI Tops Cyber Security Threats in CISO Survey | Cryptopolitan

• Employee discontent: Insider threat No. 1 | CSO Online

• Can we fix the human error problem in cyber security? (siliconrepublic.com)

Insurance

• Cyber insurance Company Offers MDR to MSPs | MSSP Alert

• Should You Buy Cyber Insurance in 2024? Pros & Cons (techopedia.com)

• Cyber insurance trends: reshaping the industry - SiliconANGLE

Supply Chain and Third Parties

• Implementing Third-Party Risk Management Workflows | UpGuard

• Managing third-party risk with cyber security | RSM UK

• Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report - Security Week

• JAVS courtroom recording software backdoored in supply chain attack (bleepingcomputer.com)

Cloud/SaaS

• Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms (darkreading.com)

• Veeam 2024 Cloud Protection Trends Report Provides New Insight into Cloud‑Powered Data Protection Strategies | Business Wire

• Security concerns impeding cloud migration | SC Media (scmagazine.com)

• Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users (thehackernews.com)

• Are Your SaaS Backups as Secure as Your Production Data? (thehackernews.com)

• Cyber Criminals Exploit Cloud Storage For SMS Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

Identity and Access Management

• Report: Organisations Are Scrambling to Overhaul Their Identity Security Frameworks Amidst Surge in Recent Attacks (globenewswire.com)

• 77 percent of organisations suffer cyber attacks due to identity issues (betanews.com)

Encryption

• Yet more ransomware uses BitLocker to encrypt victims' files • The Register

Linux and Open Source

• The economic model that made the internet, and the hack that almost broke it : Planet Money : NPR

• 400K Linux Servers Recruited by Resurrected Ebury Botnet (darkreading.com)

• Are all Linux vendor kernels insecure? A new study says yes, but there's a fix | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

• Cyber crime on the rise as account takeovers become leading method (investmentnews.com)

Social Media

• YouTube has become a significant channel for cyber crime - Help Net Security

• How Secure Is The Metaverse? (A Look At Cyber Threats And Defences) (forbes.com)

• Russia’s DoppelGänger Campaign Manipulates Social Media - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising (bleepingcomputer.com)

• The mystery of the targeted ad and the library patron • The Register

• Windows admins targeted with clever malvertising scam | TechRadar

Training, Education and Awareness

• Three Psychological Theories to Ensure Cyber Security Training Sticks - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• PSNI Faces £750,000 Data Breach Fine After Spreadsheet Leak - Infosecurity Magazine (infosecurity-magazine.com)

• NYSE parent fined $10M for breach reporting failure • The Register

• Intercontinental Exchange Will Pay $10 Million to Resolve SEC Cyber Probe (wsj.com)

• UK considering mandatory reporting for ransomware attacks (computing.co.uk)

• How to stay on top of evolving cyber security legislation | RSM UK

• SEC requires financial institutions to notify customers of breaches within 30 days - Help Net Security

• Security Compliance 101: What It Is and How to Master It - Security Boulevard

• Singapore updates cyber security law to expand regulatory oversight | ZDNET

• Avoiding Cyber Security Incident Overdisclosure:  Helpful Guidance | Mayer Brown Free Writings + Perspectives - JDSupra

• Counting Down to the EU NIS2 Directive - Security Boulevard

• The Dawn of DORA: Building a Resilient Financial Infrastructure (finextra.com)

• What American Enterprises Can Learn From Europe's GDPR Mistakes (darkreading.com)

• Preparing Your Organisation for Upcoming Cyber Security Deadlines (darkreading.com)

Backup and Recovery

• Are Your SaaS Backups as Secure as Your Production Data? (thehackernews.com)

Data Protection

• 87% of medical practice data is digital | Security Magazine

Careers, Working in Cyber and Information Security

• The IT skills shortage situation is not expected to get any better - Help Net Security

• UK Government ramps up efforts to bridge cyber security skills gap (holyrood.com)

• IT Essentials: Sun, stress and security (computing.co.uk)

• Persistent Burnout Is Still a Crisis in Cyber Security (darkreading.com)

• 5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast

Law Enforcement Action and Take Downs

• Dutch police tracked a crypto theft to one of world’s worst botnets (thenextweb.com)

• Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam (thehackernews.com)

• Police caught circumventing city bans on face recognition • The Register

• 10 Years in Prison for $4.5 million BEC Scammer Who Bought Ferrari to Launder Money | Tripwire

• LockBit takedown taking toll as gang plummets down rankings • The Register

• He Trained Cops to Fight Crypto Crime—and Allegedly Ran a $100M Dark-Web Drug Market | WIRED

• Casino cyber attacks put a bullseye on Scattered Spider • The Register

• First LockBit, now BreachForums: Are cops winning the war? • The Register

• No time to take eye of the ball despite recent cyber success – report (emergingrisks.co.uk)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• World War War III May Already Have Started—in the Shadows (reason.com)

• Britons should have three days' worth of tinned food and water, government says | Politics News | Sky News

• The Balance of Power in Cyber Space – What it Means for UK Business - British Foreign Policy Group (bfpg.co.uk)

• The state of cyber security: AI and geopolitics mean a bigger threat than ever - Verdict

Nation State Actors

China

• The Security Interviews: What is the real cyber threat from China? | Computer Weekly

• UK not heeding warning over China threat, says ex-cyber security chief (yahoo.com)

• Newly Detected Chinese Group Targeting Military, Government Entities - Security Week

• Escalating Chinese cyber threats drive US efforts to secure critical infrastructure | SC Media (scmagazine.com)

• Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed (thehackernews.com)

• Spies, trade and tech: China’s relationship with Britain (economist.com)

• Chinese, Iranian, and Russian gangs are attacking the U.S's drinking water and officials are alarmed | Fortune

• Google, Meta warned that undersea internet cables at risk for Chinese espionage: report (nypost.com)

• UK military in data breach - and other cyber security news | World Economic Forum (weforum.org)

• Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries (thehackernews.com)

• Active Chinese Cyberespionage Campaign Rifling Email Servers (inforisktoday.com)

• State hackers turn to massive ORB proxy networks to evade detection (bleepingcomputer.com)

• New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts (thehackernews.com)

• Stronger critical infrastructure defence aimed by Army Cyber Command | SC Media (scmagazine.com)

• Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam (thehackernews.com)

• Former Royal Marine charged with spying for China found dead (thetimes.co.uk)

Russia

• Ukraine blackouts caused by malware attacks warn against evolving cyber security threats to the physical world (techxplore.com)

• Chinese, Iranian, and Russian gangs are attacking the U.S's drinking water and officials are alarmed | Fortune

• Russia’s DoppelGänger Campaign Manipulates Social Media - Infosecurity Magazine (infosecurity-magazine.com)

• US says Russia likely launched space weapon - BBC News

• New Star Wars Plan: Pentagon Rushes to Counter Threats in Orbit - The New York Times

• British man, 64, charged with assisting Russian intelligence service | The Independent

Iran

• Chinese, Iranian, and Russian gangs are attacking the U.S's drinking water and officials are alarmed | Fortune

• Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel (thehackernews.com)

North Korea

• North Korea-linked Kimsuky APT attack targets victims via Messenger (securityaffairs.com)

• US Official Warns a Cell Network Flaw Is Being Exploited for Spying | WIRED

• North Korea-linked IT workers infiltrated hundreds of US firms (securityaffairs.com)

• High-ranking military officials' e-mail hacked, possibly by N. Korea (koreaherald.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• The state of cyber security: AI and geopolitics mean a bigger threat than ever - Verdict

• Government tells Britons to stockpile as part of emergency planning

• Spyware found on US hotel check-in computers | TechCrunch

Vulnerability Management

• New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs (thehackernews.com)

• Unpatched vulnerabilities making bad ransomware outcomes worse: What you need to know | SC Media (scmagazine.com)

• Over 60% of Network Security Appliance Flaws Exploited as Zero Days - Infosecurity Magazine (infosecurity-magazine.com)

• 93% of vulnerabilities unanalysed by NVD since February | TechTarget

• Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report - Security Week

• How AI-driven patching could transform cyber security | TechTarget

Vulnerabilities

• Microsoft Edge gets fixes for five more security vulnerabilities - Neowin

• Over 60% of Network Security Appliance Flaws Exploited as Zero Days - Infosecurity Magazine (infosecurity-magazine.com)

• Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms (darkreading.com)

• Veeam warns of critical Backup Enterprise Manager auth bypass bug (bleepingcomputer.com)

• Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days (darkreading.com)

• Critical Flaw in AI Python Package Can Lead to System and Data Compromise - Security Week

• This devious Wi-Fi security flaw could let hackers eavesdrop on your network with ease | TechRadar

• Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (thehackernews.com)

• Intel's Max Severity Flaw Affects AI Model Compressor Users (govinfosecurity.com)

• 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) - Help Net Security

• Keylogger Embedded Microsoft Exchange Server Steals Login Credentials (cybersecuritynews.com)

• Chrome 125 Update Patches High-Severity Vulnerabilities - Security Week

• Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager - Security Week

• Unauthenticated RCE Vulnerability in Fortinet FortiSIEM: PoC Published (cybersecuritynews.com)

• Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern (thehackernews.com)

• VMware Abused in Recent MITRE Hack for Persistence, Evasion - Security Week

• High-severity GitLab flaw lets attackers take over accounts (bleepingcomputer.com)

• CISA Warns of Actively Exploited Apache Flink Security Vulnerability (thehackernews.com)

Tools and Controls

• Network Outages Hit 59% of Multi-Site Businesses Monthly - Infosecurity Magazine (infosecurity-magazine.com)

• New rules prompt 93% of organisations to rethink cyber security plans | Security Magazine

• Ransomware and AI-Powered Hacks Drive Cyber Investment - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft to Mandate Multi-Factor Authentication for All Azure Users (cybersecuritynews.com)

• What is a Third-Party Risk Assessment in Cyber Security? | UpGuard

• Should You Buy Cyber Insurance in 2024? Pros & Cons (techopedia.com)

• The Critical Role Of Web Filtering To Secure A Modern Workplace (forbes.com)

• We put too much faith in our web browsers, here's why we shouldn't (xda-developers.com)

• Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defences (thehackernews.com)

• Google says Microsoft can’t be trusted after email security blunders | ITPro

• CISOs pursuing AI readiness should start by updating the org’s email security policy - Help Net Security

• Fighting identity fraud? Here's why we need better tech - Help Net Security

• Report: Organisations Are Scrambling to Overhaul Their Identity Security Frameworks Amidst Surge in Recent Attacks (globenewswire.com)

• 77 percent of organisations suffer cyber attacks due to identity issues (betanews.com)

• Researchers spot cryptojacking attack that disables endpoint protections | Ars Technica

• Microsoft's latest Windows 11 security features aim to make it 'more secure out of the box' | ZDNET

• Are Your SaaS Backups as Secure as Your Production Data? (thehackernews.com)

• Cyber insurance trends: reshaping the industry - SiliconANGLE

• The Evolution of Security Operations Centres in the Past Decade | Information Security Buzz

• Incident response: a useful guide - Tech Monitor

• Here's why you should get a YubiKey (xda-developers.com)

• Mastercard Doubles Speed of Fraud Detection with Generative AI - Infosecurity Magazine (infosecurity-magazine.com)

• When to Automate and When Not to Automate Security - Security Boulevard

• Critical Capabilities of Cyber Security Risk Assessment Tools (cybersaint.io)

• How AI-driven patching could transform cyber security | TechTarget

Reports Published in the Last Week

• 2024 Cloud Protection Trends (veeam.com)

• Arctic Wolf Labs 2024 Threat Report | Arctic Wolf

• Q1 2024 Global Phishing Report (knowbe4.com)

• 2024 Cyber Threat Report | Huntress

• 2024 Q1 Mobile Landscape Threat Report (lookout.com)

• State of Cyber Security Trends Report 2024 | Ivanti

Other News

• Aon reveals cyber attack/data breach as top risk for financial institutions - Reinsurance News

• 15 companies account for 62% of global attack surface | Security Magazine

• Google Deletes $125 Billion UniSuper Pension Fund Account; Impacts Over Half a Million Australians - Goodreturns

• Cyber attacks are soaring—treat them as an 'act of war', health care exec warns | Fortune Well

• If the Lights Went Out: Exploring a Power Grid Failure (greydynamics.com)

• Wars in Ukraine and Gaza raise UK infrastructure cyber threat level | New Civil Engineer

• Malware power threat real and growing – researchers (emergingrisks.co.uk)

• Microsoft’s President to Testify to House Panel on Cyber Security (bloomberglaw.com)

• Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search (bleepingcomputer.com)

• 5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast

• Why cyber security is front and centre for rail - Railway Technology (railway-technology.com)

• Mitigating cyber security risks in the technology sector | TechRadar

• New EU tool to counter hybrid threats - Ministry of Foreign Affairs Republic of Poland - Gov.pl website (www.gov.pl)

• Cyber attacks on construction firms jump, new report finds | News | Building

• FUD: How Fear, Uncertainty, and Doubt can ruin your security program - Security Boulevard

• Cyber Security in the legal sector | Law Gazette

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Cyber Threat Briefing 26 January 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Russian Hackers’ Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call

Just recently, it was publicly disclosed that Microsoft and Hewlett Packard Enterprise (HPE) had their corporate mailboxes breached by threat actors. In the Microsoft breach, a hacking group had used a password spray attack to compromise a non-production test account, and leverage that to access corporate accounts. In the HPE breach, corporate access was gained through unauthorised access to SharePoint files. Both attacks highlight the need for identity threat detection: the ability to identify malicious activity from trusted identities before more sophisticated damage is caused. Cyber incidents are a matter of when, not if, and it is important to have detection capabilities, even for trusted accounts.

Sources: [Help Net Security] [Security Boulevard]

94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures

A recent study found that while 94% of CISOs are concerned with third-party cyber security threats,  including 17% who view it as a top priority, only 3% have implemented a third -party cyber risk management solution and 33% have noted plans to implement this year. Small and medium sized businesses may not have the resources of a larger organisation yet will have a similar level of third-party risk. This makes the need for an effective solution even more important, and in some cases this may include outsourcing to cyber experts.

Sources: [Dark Reading]

Cyber Risks Needs to be Prioritised as a Key Business Risk, Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda

The UK Government has proposed a new Code of Practice on cyber security governance, aimed at directors and senior business leaders. The draft document emphasises the need to prioritise cyber security on par with financial and legal risks. It outlines several key areas for focus, including risk management, cyber strategy, fostering a cyber security culture among employees, incident planning and response, and establishing clear governance structures. With digital technologies playing a crucial role in business resilience, the code calls for greater involvement of executive and non-executive directors in technology governance strategies. The UK Minister for AI and Intellectual Property has highlighted that cyber attacks are as damaging to organisations as financial and legal pitfalls. It is crucial that directors take a firm grip of their organisation’s cyber security regimes to protect their customers, workforce, business operations and the wider economy. This initiative reinforces the importance of a holistic approach to cyber security, including robust incident response plans and regular practice to enhance cyber resilience. It’s a timely reminder that cyber threats are as detrimental to organisations as financial and legal challenges, and this code aims to empower leaders to navigate these threats effectively.

Sources: [Computer Weekly] [Electronics Specifier] [GOV UK] [TechRadar] [Infosecurity Magazine]

81% of Security Professionals Say Phishing Is Top Threat

A recent study found 81% of organisations anticipated phishing as their top security risk over the coming months. In a separate report, it was found that 94% of organisations globally had experienced an email security incident in the past 12 months, with a 10% rise in phishing. It is not just emails where phishing attacks are occurring: in another report, the second half of 2023 saw a 198% increase in browser based phishing attacks. It is clear that phishing is a threat to organisations, and it is important to be prepared.

Sources: [ITPro] [Beta News] [Security Magazine]

Ransomware Attacks Cause Significant Psychological Harm

One area of ransomware that often gets overlooked, is the psychological impact. A recent report by the Royal United Services Institute found that some attacks had caused so much impact that organisations hired post-traumatic stress disorder support teams. A significant number of respondents experienced sleep deprivation, resulting in them developing extreme fatigue and falling asleep at work. Various levels of stress were experienced by security workers, with one interviewee citing the stress of a ransomware attack as a potential cause for a heart attack that required surgery. This highlights that, as with the wider subject of cyber and information security, consideration needs to be given to more than just IT and IT controls: it shows the need for a holistic approach to include people, operations and technology.

Sources: [The Record Media] [TechRadar]

Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password

A recent report has revealed that two million compromised cloud credentials used ‘123456’ as a password. This alarming trend underscores the ongoing issue of weak passwords, which are easily exploited by hackers. Despite the availability of advanced password creation and storage tools, a significant number of individuals and organisations continue to use weak passwords. Furthermore, the report found that 88% of organisations still rely on passwords as their primary authentication method. Despite the focus on password security, nearly every organisation has had risk management lapses. The report highlights the urgent need for stronger password policies and the adoption of more secure authentication methods. Equally, the attacks highlight that simply moving to the cloud does not solve security challenges, and poor cyber hygiene in the cloud will lead to problems.

Sources: [ITPro] [Business Wire] [Security Magazine]

NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime

An article published by the UK’s National Cyber Security Centre (NCSC) states that AI is already being used to increase the efficacy of cyber attacks, and that AI will continue to significantly increase the odds of a successful attack. AI models will build capability as they are informed by data describing previous successful attacks. The NCSC noted that “It is likely that highly capable unfriendly nation states have repositories of malware that are large enough to effectively train an AI model for this purpose”. The message from the NCSC is clear: AI will propel cyber incidents and organisation must take this into consideration as part of their wider cyber risk management strategy.

Sources: [The Register] [PC Mag] [The Messenger ] [Silicon UK]

Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk

Cyber attacks soared again last year, and attackers are increasingly taking advantage of software vulnerabilities to breach organisations. This is due to the continuous discovery of new vulnerabilities, and with that, a constant challenge for firms to apply patches. A report found many organisations lack an effective vulnerability management programme and are leaving themselves open to attacks; and in some cases they are left vulnerable for years.

One key hindrance found by the report is the sheer volume of vulnerabilities identified and patched by vendors, leaving organisations with the perpetual challenge of timely patching. This complication is made worse for small and medium sized businesses where they have less resources. The report found that legacy systems are a large risk for many organisations;  in fact, older Windows server OS versions - 2012 and earlier – were found to be 77% more likely to experience attack attempts than newer versions. Many firms are still not taking this danger seriously enough and as a result, blind spots and critical vulnerabilities are worsening, creating more opportunities for attackers.

Sources: [ITPro] [Help Net Security] [ITPro]

Historic Data Leak Reveals 26 billion Records: Check What is Exposed

In what has been described as the ‘mother of all breaches’, 26 billion records have been exposed. These aren’t all new, as a lot of the records are from numerous breaches, however they are all in one location, compiled and index for use. With the emergence of this, there is will likely be a surge in attacks and if you haven’t changed your credentials, or are reusing these same credentials, you may find yourself a victim. To check if your email has been compromised in a breach, you can check on the website www.HaveIBeenPwned.com

Source: [Security Affairs]

Boardroom Cyber Expertise Comes Under Scrutiny

Cyber security concerns continue to be a critical issue for organisations, driven by factors such as data protection, compliance, risk management, and business continuity. However, a recent report reveals a concerning trend where only 5% of Chief Information Security Officers (CISOs) report directly to the CEO, down from 11% in 2021. This gap between cyber security leadership and board-level involvement is a challenge. A report emphasises that many board members lack the technical expertise to understand cyber security, while CISOs often communicate in technical jargon, making it difficult for boards to grasp the significance of security issues. To bridge this gap, it's crucial to educate board members on the real-world risks and costs associated with cyber incidents. Sharing simple metrics like the global average cost of a data breach, which is $4.45 million, can help them understand the financial impact. Moreover, CISOs should learn to convey cyber security matters in business terms and quantify the organisation's cyber risk exposure. By providing boards with information to understand and engaging in informed discussions, they can enhance their cyber security strategy and ensure that these vital issues are prioritised appropriately.

Source: [Security Intelligence]

“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules

The landscape of cyber security is evolving rapidly, with two significant EU regulations: the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), set to take effect in the coming months. NIS2 expands cyber security standards to include critical services like transportation, water services, and health services, while DORA focuses on the financial services sector and aims to ensure resilience against cyber threats.

These regulations necessitate strong cyber security testing, incident reporting processes, and comprehensive assessments of third-party providers' security. Compliance with these regulations will introduce complexity and costs, requiring organisations to prepare comprehensively for the evolving cyber security landscape, including the implications of artificial intelligence. Transparency and understanding are key, as boards must fully comprehend data processing and technology usage within their organisations, ushering in a new era of cyber security governance.

Source: [The Currency]

Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%

In 2023, there was a significant surge in ransomware attacks globally. The number of attack attempts more than doubled, increasing by 104%. A report shows that there were 1,900 total ransomware attacks within just four countries: the US, UK, Germany, and France. The use of double extortion techniques, where hackers not only encrypt the data but also steal confidential data beforehand and threaten to release it if their demands are not fulfilled, are becoming increasingly common, with now triple and quadruple extortion techniques also being increasingly deployed. It was also found that data exfiltration was present in approximately 91% of all publicly recorded ransomware attacks in 2023. These figures underscore the growing threat of ransomware and the need for robust cyber security measures.

Sources: [Security Boulevard] [Security Affairs] [Security Brief] [Business Wire]

Governance, Risk and Compliance

• Treat cyber risk like financial or legal issue, says UK government | Computer Weekly

• New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda - Infosecurity Magazine (infosecurity-magazine.com)

• Business leaders urged to toughen up cyber attack protections - GOV.UK (www.gov.uk)

• Organisations face devastating financial consequences from cyber attacks (betanews.com)

• Cyber attacks more than doubled in 2023, so why are so many firms still not taking security seriously? | ITPro

• Cyber Security Attack Attempts More Than Doubled, Increasing 104% in 2023 | Business Wire

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• The growing role of CISOs in cyber security governance - APDR (asiapacificdefencereporter.com)

• Boardroom cyber expertise comes under scrutiny (securityintelligence.com)

• Resilience: The New Priority for Your Security Model (inforisktoday.com)

• 10 must-have security tips for digital nomads | Computerworld

• Top 3 Priorities for CISOs in 2024 (darkreading.com)

• CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)

• Navigating The 'Fog Of A Cyber Attack' (forbes.com)

• The cost of cyber crime to reach over $12tn by 2025

• Why cyber attacks mustn’t be kept secret - Help Net Security

• Business continuity vs. disaster recovery vs. incident response | TechTarget

• Why resilience leaders must prepare for polycrises - Help Net Security

• The best cyber defence needs more than tech - eCampus News

• The CISO Role Undergoes a Major Evolution (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks break records in 2023: the number of victims rose by 128% (securityaffairs.com)

• Impact of Ransomware attacks take mental health toll on small business owners, report says (therecord.media)

• UK Intelligence Fears AI Will Fuel Ransomware, Exacerbate Cyber Crime (pcmag.com)

• Britons must 'strengthen defences' against growing threat of AI-assisted ransomware, cyber security chief warns | UK News | Sky News

• The rise of cyber extortion and 'Hacktivism' - Verdict

• Ransomware recovery – the need for speed | TechRadar

• Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News

• UK gov tells SMBs to get better at protecting themselves from cyber attacks | TechRadar

• Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)

• Kasseika ransomware uses antivirus driver to kill other antiviruses (bleepingcomputer.com)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• Organisations invest more in data protection but recover less - Help Net Security

• Evolving BianLian ransomware attack strategies detailed | SC Media (scmagazine.com)

• Hackers target TeamViewer to try and get access to your company's network | TechRadar

• Ransomware Victims

• Major US, UK Water Companies Hit by Ransomware - SecurityWeek

• Sweden’s Riksbank Turns to Police as Cyber Attack Hits IT Firm - BNN Bloomberg

• Owner of The North Face, Supreme, Vans, Reports Breach Affecting 35M Users (pcmag.com)

• Primary Health & Wellness Center, LLC’s public notice of ransomware incident (databreaches.net)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• LockBit gang claims the attack on the sandwich chain Subway (securityaffairs.com)

• loanDepot says ransomware gang stole data of 16.6 million people (bleepingcomputer.com)

• Aviation Leasing Giant AerCap Hit by Ransomware Attack - SecurityWeek

• Global fintech firm EquiLend offline after recent cyber attack (bleepingcomputer.com)

• Ransomware Group Offers Hacked Serbian Electricity Provider's Data For Download (rferl.org)

• Cyber attack in Merseyside as 'immediate steps taken' (msn.com)

• Housing association confirms 'cyber security incident' but can't confirm if tenants' data was lost | Shropshire Star

Phishing & Email Based Attacks

• Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks | ITPro

• 81 percent of security pros say phishing is the top threat (betanews.com)

• Browser Phishing Threats Grew 198% Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)

• Organisations need to switch gears in their approach to email security - Help Net Security

• HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek

• Russian hackers breached Microsoft, HPE corporate maliboxes - Help Net Security

• Don’t Take The Bait: How To Prevent A Phishing Attack | Kohrman Jackson & Krantz LLP - JDSupra

• Trezor reveals 66,000 users could face phishing attack (coinjournal.net)

• Is This a Phishing Email? 8 Warning Signs to Look Out For

• PHP-less phishing kits that can run on any website | Netcraft

• New KnowBe4 Report Shows Major Spike in Public Sector Attacks in 2023 | Business Wire

Artificial Intelligence

• AI Will ‘Almost Certainly’ Turbocharge Cyber attacks, UK Warns - The Messenger

• The near-term impact of AI on the cyber threat - NCSC.GOV.UK

• NCSC: AI to boost nation-states’ malware potency • The Register

• AI’s Efficacy is Limitless in Cyber Crime | MSSP Alert

• Top 4 LLM threats to the enterprise | CSO Online

• The rise of cyber extortion and 'Hacktivism' - Verdict

• Battling Misinformation During Election Season (darkreading.com)

• Unmasking Deceptive Behaviour: Risks and Challenges in Large Language Models (azoai.com)

• AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)

• Researchers Map AI Threat Landscape, Risks (darkreading.com)

• Misinformation and irresponsible AI: Experts forecast how technology may shape our near future (techxplore.com)

• ChatGPT Cyber Crime Surge Revealed in 3000 Dark Web Posts - Infosecurity Magazine (infosecurity-magazine.com)

• More than 1 in 4 Organisations Banned Use of GenAI Over Privacy and Data Security Risks - New Cisco Study (prnewswire.com)

• The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard

Malware

• NCSC: AI to boost nation-states’ malware potency • The Register

• MacOS devices are being targeted by pirated apps that want to hijack your machine | TechRadar

• Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware (thehackernews.com)

• 'Inhospitality' malspam campaign targets hotel industry | SC Media (scmagazine.com)

• Blackwood APT delivers malware by hijacking legitimate software update requests - Help Net Security

• SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks (thehackernews.com)

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Mobile

• Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)

• iPhone, Android Ambient Light Sensors Allow Stealthy Spying (darkreading.com)

• New method to safeguard against mobile account takeovers - Help Net Security

• Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

• Zero-Click Bluetooth Attack: A Growing Threat for Unpatched Android Phones - gHacks Tech News

Denial of Service/DoS/DDOS

• Ukrainian mobile bank sees a spike in ‘non-stop’ DDoS pressure (therecord.media)

Internet of Things – IoT

• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Data Breaches/Leaks

• Historic data leak reveals 26 billion records: check what's exposed (securityaffairs.com)

• Data of 15 million Trello users scraped and offered for sale - Help Net Security

• Personal details of 6,000 people leaked in Greater Manchester council data breach (msn.com)

• BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)

• Healthtech firm's cyber attack victim list keeps growing - Digital Journal

• VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million - SecurityWeek

• Class Actions Filed Over Builders Mutual, Progressive’s Own Data Breaches (claimsjournal.com)

• loanDepot cyber attack causes data breach for 16.6 million people (bleepingcomputer.com)

• Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)

• The growing threat of data breaches in the age of AI and data privacy | TechRadar

• Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase - Infosecurity Magazine (infosecurity-magazine.com)

• 23andMe data breach: Hackers stole raw genotype data, health reports (bleepingcomputer.com)

• Coventry school reprimanded for data breach after IT system 'hacked three times' - CoventryLive (coventrytelegraph.net)

Organised Crime & Criminal Actors

• Winter is coming and so are the hackers (betanews.com)

• Grooming, radicalization and cyber attacks: INTERPOL warns of ‘Metacrime’

• Bulletproof Hosting: A Critical Cyber Criminal Service | Intel471

• 'VexTrio' TDS: The Biggest Cyber Crime Operation on the Web? (darkreading.com)

• The cost of cyber crime to reach over $12tn by 2025

• Researchers link 3AM ransomware to Conti, Royal cyber crime gangs (bleepingcomputer.com)

• ChatGPT Cyber Crime Surge Revealed in 3000 Dark Web Posts - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

• The sophistication of cyber criminals intensifies with emerging strategies for cashing in or causing chaos - IT Security Guru

• Barracuda's new Cybernomics 101 report uncovers the financial forces driving cyber attacks (prnewswire.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber criminals stole $1.7 billion from crypto funds in 2023 as attacks proliferated (therecord.media)

• US regulator admits cyber security lapse before rogue Bitcoin post - BBC News

• Trezor reveals 66,000 users could face phishing attack (coinjournal.net)

Insider Risk and Insider Threats

• Majority of companies not prepared for insider threats (betanews.com)

• Amid Rising Insider Threats, Most Companies are Vulnerable and Lack the Strategies to Protect Themselves, New Research Finds | Business Wire

• Fighting insider threats is tricky but essential work - Help Net Security

Insurance

• Insurance industry responds to evolving risks with innovation and collaboration: Allianz - Reinsurance News

• Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)

Supply Chain and Third Parties

• Panorays Study Finds 94% of CISOs Are Concerned About Third-party Cyber Threats, Yet Only 3% Have Implemented Security Measures (darkreading.com)

• From vulnerability to vigilance: strategies for ensuring supply chain security (techuk.org)

• Bolstering global supply chains: Enhancing resilience, digital logistics, and national security harmony (techuk.org)

• Supply chain security: Responding to emerging cyber threats (techuk.org)

• CISOs' role in identifying tech components and managing supply chains - Help Net Security

• Rethinking supply chain resilience as cyber attacks get more disruptive (techuk.org)

Cloud/SaaS

• On premises vs. cloud pros and cons, key differences | TechTarget

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro

Identity and Access Management

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

Encryption

• Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED

Passwords, Credential Stuffing & Brute Force Attacks

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)

• There's no excuse for having a weak password in 2024

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• Jason’s Deli says customer data exposed in credential stuffing attack (bleepingcomputer.com)

• 88% of organisations use passwords as primary authentication method | Security Magazine

• The biggest cloud security risk in 2024 will be stolen and exposed credentials | ITPro

Social Media

• Meta won't remove fake Instagram profiles that are clearly catfishing (bleepingcomputer.com)

• Watch out for "I can't believe he is gone" Facebook phishing posts (bleepingcomputer.com)

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

Malvertising

• Intro to Digital Fingerprints: Understanding, Manipulating, and Defending Against Online Tracking | HackerNoon

• Google Updates Chrome's Incognito Warning to Admit It Tracks Users in ‘Private’ Mode | WIRED

• Cryptographers Are Getting Closer to Enabling Fully Private Internet Searches | WIRED

Regulations, Fines and Legislation

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• Without clear guidance, SEC’s new rule on incident reporting may be detrimental - Help Net Security

• SEC confirms X account was hacked in SIM swapping attack (bleepingcomputer.com)

• Navigating The 'Fog Of A Cyber Attack' (forbes.com)

• US regulator admits cyber security lapse before rogue Bitcoin post - BBC News

• The CISO Role Undergoes a Major Evolution (darkreading.com)

• Coventry school reprimanded for data breach after IT system 'hacked three times' - CoventryLive (coventrytelegraph.net)

• Countdown for businesses to comply with leaked EU AI Act draft begins | Biometric Update

Models, Frameworks and Standards

• “It is a whole new bar”: Months left to prepare for new EU cyber security rules - The Currency :The Currency

• Prioritising CIS Controls for effective cyber security across organisations - Help Net Security

Careers, Working in Cyber and Information Security

• Top 3 Priorities for CISOs in 2024 (darkreading.com)

• CISOs Struggle for C-Suite Status Even as Expectations Skyrocket (darkreading.com)

• Why we need more continuous hands-on training and fewer cyber security certifications | SC Media (scmagazine.com)

Law Enforcement Action and Take Downs

• BreachForums hacking forum admin sentenced to 20 years supervised release (bleepingcomputer.com)

• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users - SecurityWeek

• Secret Service to revive the Cyber Investigations Advisory Board | CyberScoop

• Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)

• Ukrainian Security Service Nabs Russian Hacker Planning Cyber Attacks on Government Websites - Militarnyi

Misinformation, Disinformation and Propaganda

• Battling Misinformation During Election Season (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

• NCSC: AI to boost nation-states’ malware potency • The Register

China

• Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek

• The small print leaving UK plc exposed to ‘nuclear level’ cyber attacks (telegraph.co.uk)

• Michael Rogers on China's Cyber Threat - The Wire China

• China’s feared spy agency steps out of the shadows

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

Russia

• Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack (thehackernews.com)

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Microsoft Says Russians Hacked It to Find Information About Themselves (businessinsider.com)

• Sneak-and-peek Midnight Blizzard attack highlights “worrying flaws” in Microsoft security processes | ITPro

• Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs (thehackernews.com)

• HP Enterprise was hacked by the same Russian state-sponsored group that targeted Microsoft (engadget.com)

• HPE Says Russian Government Hackers Had Access to Emails for 6 Months - SecurityWeek

• Russian hackers shift to new malware tactics, Google says (siliconrepublic.com)

• Massive cyber attack targets Ukrainian online bank (kyivindependent.com)

• Learning From Ukraine's Pioneering Approaches to Cyber Security (darkreading.com)

• Cyber criminal malice shifts away from Russia and Ukraine | Insurance Times

• Ukrainian energy giant, postal service, transportation agencies hit by cyber attacks (therecord.media)

• Ukraine’s Largest Gas and Oil Company Under Cyber Attack (kyivpost.com)

• Ukrainian Security Service Nabs Russian Hacker Planning Cyber Attacks on Government Websites - Militarnyi

• Medibank hack: Russian sanctioned over Australia's worst data breach - BBC News

• Hundreds of Russian sites breached by Ukrainian hackers | SC Media (scmagazine.com)

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organisations (securityaffairs.com)

• Apple Pays $13 Million Russian Fine, Goes Directly Into Federal Budget (businessinsider.com)

Iran

• Microsoft: Iran's Mint Sandstorm APT Blasts Educators, Researchers (darkreading.com)

• With Iran's cyber attacks on rise since Gaza war, Israel looks to private industry - Al-Monitor: Independent, trusted coverage of the Middle East

North Korea

• North Korea's ScarCruft Attackers Gear Up to Target Cyber Security Pros (darkreading.com)

Vulnerability Management

• 45% of critical CVEs left unpatched in 2023 - Help Net Security

• Patch management: Why firms ignore vulnerabilities at their own risk | ITPro

• What Is Vulnerability Management? Definition, Process Steps, Benefits and More - Security Boulevard

• Security vendors are accused of bending CVE assignment rules • The Register

• German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)

• The effect of omission bias on vulnerability management - Help Net Security

• 52% of Serious Vulnerabilities We Find are Related to Windows 10 (thehackernews.com)

Vulnerabilities

• Cisco warns of critical RCE flaw in communications software (bleepingcomputer.com)

• CISA emergency directive: Mitigate Ivanti zero-days immediately (bleepingcomputer.com)

• Third Ivanti Vulnerability Exploited in the Wild, CISA Reports (darkreading.com)

• Ivanti: VPN appliances vulnerable if pushing configs after mitigation (bleepingcomputer.com)

• Chrome 121 ships with security updates and new AI tools - gHacks Tech News

• Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now (thehackernews.com)

• Accepting a calendar invite in Outlook could leak your password | SC Media (scmagazine.com)

• Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure - SecurityWeek

• Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 - SecurityWeek

• Critical Vulnerabilities Found in Open Source AI/ML Platforms - SecurityWeek

• Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell (securityaffairs.com)

• Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices (cybersecuritynews.com)

• High-Severity Vulnerability Patched in Splunk Enterprise - SecurityWeek

• Patch Your Fortra GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin (thehackernews.com)

• Millions at Risk As 'Parrot' Web Server Compromises Take Flight (darkreading.com)

• Security vendors are accused of bending CVE assignment rules • The Register

• Mozilla Releases Security Updates for Thunderbird and Firefox | CISA

• 5379 GitLab servers vulnerable to zero-click account takeover attacks (securityaffairs.com)

• Hackers target WordPress database plugin active on 1 million sites (bleepingcomputer.com)

Tools and Controls

• Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call - Security Boulevard

• Ransomware recovery – the need for speed | TechRadar

• Resilience: The New Priority for Your Security Model (inforisktoday.com)

• With so much data at hand, should cyber defences be more effective? | TechRadar

• Password Manager Statistics 2024 (coolest-gadgets.com)

• How to Shine in Your Next Cyber Security Audit - Security Boulevard

• AI-driven cyber attacks and defences to create a battle of algorithms in 2024 (securitybrief.co.nz)

• Business continuity vs. disaster recovery vs. incident response | TechTarget

• Why resilience leaders must prepare for polycrises - Help Net Security

• Court charges dev with hacking after cyber security issue disclosure (bleepingcomputer.com)

• German IT Consultant Fined Thousands for Reporting Security Failing (darkreading.com)

• The 9 best incident response metrics and how to use them | TechTarget

• The Cyber Security Horizon: AI, Resilience and Collaboration in 2024 - Security Boulevard

• We Must Consider Software Developers a Key Part of the Cyber Security Workforce | CISA

• Cyber Insurance Industry Suggests Cyber Security Best Practices (networkcomputing.com)

• Emerging trends and strategies in digital forensics - Help Net Security

• Cyber Security Risk Management: Frameworks, Plans, & Best Practices - Security Boulevard

• IT and Security Teams Increasingly United in Battle Against Sophisticated Cyberthreats, Research Finds (prnewswire.com)

• HP CEO justifies blocking third-party ink cartridges by claiming they can inject malware | Tom's Hardware (tomshardware.com)

Reports Published in the Last Week

• Cloudflare Releases 2024 API Security and Management Report (infoq.com)

• The 2024 Specops Breached Password Report Reveals Two Million Compromised Cloud Credentials Used ‘123456’ as Password | Business Wire

• Barracuda's new Cybernomics 101 report uncovers the financial forces driving cyber attacks (prnewswire.com)

Other News

• With so much data at hand, should cyber defences be more effective? | TechRadar

• Threat actors are exploiting web applications - Security Boulevard

• Public Sector Cyber Attacks Rise By 40% in 2023 - IT Security Guru

• Cyber Security Challenges at the World Economic Forum (govtech.com)

• Much-Needed Cyber Security Help for Hospitals May Have Strings Attached | Corporate Counsel (law.com)

• The Threat Landscape Is Always Changing: What to Expect in 2024  | Proofpoint US

• What is Lateral Movement in Cyber Security? - Security Boulevard

• Cyber Security and Trends in 2024 Based on WEF 2024 Outcomes | HackerNoon

• IT and Security Teams Increasingly United in Battle Against Sophisticated Cyberthreats, Research Finds (prnewswire.com)

• US suffered cyber attacks from 168 threat actors in 2023 | Security Magazine

• US continues to be leading cyber threat target | SC Media (scmagazine.com)

• Rise in cyber crime attacks against Industrial IoT sparks alarm (securitybrief.co.nz)

• Offshore wind farms are vulnerable to cyber attacks, study shows (techxplore.com)

• Government Security Vulnerabilities Surge By 151%, Report Finds - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Groups Are Shifting Their Focus Away from Larger Targets

Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.

Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.

Sources: [Techcentral] [Helpnet Security]

Cover-ups Still the Norm as Half of Cyber Attacks go Unreported

A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.

The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.

Sources: [Computer Weekly] [InfoSecurity Magazine]

Reported Cyber Security Breaches Increase Threefold for Financial Services Firms

New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.

Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.

Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]

Attacks on SME’s Surged in The First Half of 2023

According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.

An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices.  Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.

Sources: [Inquirer] [HelpNet Security] [Insurance Times]

The CISO Carousel and Its Effect on Enterprise Cyber Security

The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.

In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.

Source: [Security Week]

Bermuda Struggles to Recover from Ransomware Attack

The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.

The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.

Sources: [Duo] [GovInfo Security] [Bleeping Computer]

Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern

A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.

Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.

Source: [Reinsurance News]

Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations

According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.

Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]

Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign

Booking.com users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.

With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.

Sources: [BleepingComputer] [Inforsecurity Magazine]

Cyber Leaders Worry That AI Will Overwhelm Cyber Defences

A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.

AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.

Source: [Management Issues]

Boards Still Lack Cyber Security Expertise

A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]

4 Legal Surprises You May Encounter After a Cyber Security Incident

In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.

Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Dark Reading]

Governance, Risk and Compliance

• The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week

• Boards Still Lack Cyber Security Expertise - WSJ

• Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)

• It's time to safeguard the financial sector: Navigate employee turnover to defend against escalating cyber attacks (betanews.com)

• Businesses Unprepared for Cyber Attacks Despite Steady Concern (insurancejournal.com)

• Cyber criminals are targeting the financial sector more than ever | TechRadar

• The hidden costs of neglecting cyber security for small businesses - Help Net Security

• Majority of UK SME c-suites lacking awareness of cyber risks | Insurance Times

• Business leaders most anxious about ransomware attacks (techinformed.com)

• Cyber security incident response: Your company's ICU (channelweb.co.uk)

• Cover-ups still the norm in the wake of a cyber incident | Computer Weekly

• Many firms aren't reporting breaches to the proper authorities | TechRadar

• Half of Cyber-Attacks Go Unreported - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs are struggling to get cyber security budgets: Report | CSO Online

• CISOs are spending more on cyber security - but it might not be enough | TechRadar

• Cyber threats remain top concern for businesses in 2023: Travelers Risk Index - Reinsurance News

• Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security

• The Hot Seat: CISO Accountability in a New Era of SEC Regulation (darkreading.com)

• Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)

• Essential guide to cyber security compliance | Intruder

• 4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)

• Moving From Qualitative to Quantitative Cyber Risk Modeling - Security Week

• Financial crime compliance costs exceed $206 billion - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware soars as enterprises struggle to respond - Verdict

• Ransomware groups are once again targeting smaller businesses for more lucrative payouts - TechCentral.ie

• Ransomware groups are shifting their focus away from larger targets - Help Net Security

• Business leaders most anxious about ransomware attacks (techinformed.com)

• Why is Ransomware Such a Prevalent Threat and Popular Tool for Attackers? | MSSP Alert

• ShadowSyndicate: A New Cyber Crime Group Linked to 7 Ransomware Families (thehackernews.com)

• The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt

• FBI: Dual ransomware attack victims now get hit within 48 hours (bleepingcomputer.com)

• Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security

• MOVEit cyber attack is pause for concern | Ary Rosenbaum - The Rosenbaum Law Firm P.C. - JDSupra

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• 'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times

• Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)

• Youth hacking ring at the center of cyber crime spree | CyberScoop

• Current ransomware defencs efforts are not working - Help Net Security

• VMware users anxious about costs and ransomware threats - Help Net Security

• MSP shares details of Kaseya VSA ransomware attack, recovery | TechTarget

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)

• Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)

• Trend Micro Report Reveals Increase of LockBit Ransomware Attacks in US (thedefensepost.com)

• Hospital Ransomware Attacks Go Beyond Health Care Data (securityintelligence.com)

• Patient Care at Risk as Hospitals Increasingly on Frontlines of Ransomware Attacks | The Epoch Times

• Ransomware a threat to the trucking industry - FreightWaves

Ransomware Victims

• Bermuda Struggles to Recover From Cyber Attack (govinfosecurity.com)

• Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security

• Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)

• MGM, Caesars Cyber Attack Responses Required Brutal Choices (darkreading.com)

• Russian ransomware LockBit threatens to leak internal data from The Weather Network on dark web - The Globe and Mail

• City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack. (securityaffairs.com)

• Ransomware Group Claims to Have Breached 'All of Sony Systems' (vgchartz.com)

• 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week

• Youth hacking ring at the center of cyber crime spree | CyberScoop

• MGM Resorts and Caesars face class action lawsuits over September cyber attacks By Investing.com

• UK logistics firm blames ransomware attack for insolvency, 730 redundancies (therecord.media)

• Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware group demands $51 million from Johnson Controls after cyber attack (bitdefender.com)

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars (securityaffairs.com)

• Leekes cyber attack? NoEscape ransomware gang claims breach (techmonitor.ai)

Phishing & Email Based Attacks

• This devious phishing scam makes it look like dodgy emails are actually safe | TechRadar

• Booking.com Customers Targeted in Major Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Use of QR codes in email phishing | Securelist

• How Does Modern Phishing Work? | HackerNoon

• New AtlasCross hackers use American Red Cross as phishing lure (bleepingcomputer.com)

• Hackers Trick Outlook Into Showing Fake AV Scan | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

BEC – Business Email Compromise

• Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)

• BEC Attacks Increase By 279% in Healthcare - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Rise in cyber criminals leveraging voice phishing and OTP theft for data breaches: Report | Tech News (hindustantimes.com)

Artificial Intelligence

• Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)

• No 10 worried AI could be used to create advanced weapons that escape human control | Artificial intelligence (AI) | The Guardian

• The Biggest AI Trends in Cyber Security - CNET

• Google is working to keep Bard chats out of Search • The Register

• Nuclear Brinkmanship in AI-Enabled Warfare: A Dangerous Algorithmic Game of Chicken - War on the Rocks

• New working group to probe AI risks and applications | CyberScoop

• A Primer On Artificial Intelligence And Cyber Security (forbes.com)

• How should organisations navigate the risks and opportunities of AI? - Help Net Security

Malware

• Malware attacks on SMEs surged in H1 | Inquirer Business

• Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)

• 'Culturestreak' Malware Lurks Inside GitLab Python Package (darkreading.com)

• Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (thehackernews.com)

• New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)

• A powerful new malware backdoor is targeting governments across the world | TechRadar

• Researchers uncover thriving market for malware targeting IoT devices - The Hindu

• ZenRAT Malware Uncovered in Bitwarden Impersonation - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Spyware: Spyware can infect your phone or computer via the ads you see online: report - The Economic Times (indiatimes.com)

• China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)

• iOS 17 update secretly changed your privacy settings; here's how to set them back (bitdefender.com)

• Dangerous XenomorphAndroid malware is stealing from 100 banking apps — protect yourself now | Tom's Guide (tomsguide.com)

• Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks - Security Week

• Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)

Botnets

• Bot Swarm: Attacks From Middle East & Africa Are Notably Up (darkreading.com)

• New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)

• Asian banks are a favorite target of cyber cooks, and malicious bots their preferred tool | ZDNET

Denial of Service/DoS/DDOS

• Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Internet of Things – IoT

• If You Have An Amazon Alexa Device, You Need To Check This Security Update List (slashgear.com)

• Researchers uncover thriving market for malware targeting IoT devices - The Hindu

• Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog

Data Breaches/Leaks

• Billions of usernames and passwords leaked online — how to see if you’re affected | Tom's Guide (tomsguide.com)

• ICO sees breach reports from FS firms triple - CIR Magazine

• UK pension schemes reveal 4,000% rise in cyber security breaches - Pensions Age Magazine

• Reported cyber security breaches increase threefold for financial services firms (cityam.com)

• British charities warn supporters their personal data has been breached • Graham Cluley

• Air Canada discloses data breach of employee and 'certain records' (bleepingcomputer.com)

• National Student Clearinghouse data breach impacts 890 schools (bleepingcomputer.com)

• BORN Ontario child registry data breach affects 3.4 million people (bleepingcomputer.com)

• 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week

• Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)

• Hospital alert as 24,000 letters meant for GPs lost in computer error - Mirror Online

Organised Crime & Criminal Actors

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• 'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times

• Asian banks are a favourite target of cyber cooks, and malicious bots their preferred tool | ZDNET

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• NFT Hype Collapse Means 95% of The Digital Assets Are Now 'Worthless' | Tom's Hardware (tomshardware.com)

• Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)

• Yet another hack hits NFT marketplace OpenSea - SiliconANGLE

• Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)

• Bitcoin scammer who was snared by victims sentenced - BBC News

• Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)

Insider Risk and Insider Threats

• 75% who didn't report cyber attack to leadership, felt guilty about it | Security Magazine

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

• Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security

Fraud, Scams & Financial Crime

• Hotel hackers redirect guests to fake Booking.com to steal cards (bleepingcomputer.com)

• Beware: fraud and smishing scams targeting students | Bournemouth University

• Yet another hack hits NFT marketplace OpenSea - SiliconANGLE

• Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)

• Fraud prevention forces scammers to up their game - Help Net Security

• Why young people are more prone to online scams than boomers are (news5cleveland.com)

• Bitcoin scammer who was snared by victims sentenced - BBC News

• Security researcher warns of chilling effect after feds search phone at airport | TechCrunch

AML/CFT/Sanctions

• Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)

• Financial crime compliance costs exceed $206 billion - Help Net Security

Insurance

• Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra

• Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost - IT Security Guru

Dark Web

• Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• How the Okta Cross-Tenant Impersonation Attacks Succeeded (darkreading.com)

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• 3 phases of the third-party risk management lifecycle | TechTarget

Cloud/SaaS

• Guide: SaaS Offboarding Checklist - Help Net Security

Containers

• Kubernetes attacks in 2023: What it means for the future - Help Net Security

Encryption

• The UK just passed an online safety law that could make people less safe (theconversation.com)

• Regulators Are 'Hurting Their Own Country' in Seeking Encryption Backdoors: Nym CEO - Decrypt

Open Source

• Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog

• Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why Shouldn’t You Use the Same Password Everywhere Online (makeuseof.com)

• Are You Willing to Pay the High Cost of Compromised Credentials? (thehackernews.com)

Biometrics

• The multi-national push to ban facial recognition in public spaces | Biometric Update

Social Media

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• X scraps tool to report electoral fake news - researchers - BBC News

Malvertising

• Spyware: Spyware can infect your phone or computer via the ads you see online: report - The Economic Times (indiatimes.com)

Training, Education and Awareness

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

Travel

• Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt

• The UK just passed an online safety law that could make people less safe (theconversation.com)

• Are we about to lose the last pillar of our digital security? | Euronews

• New working group to probe AI risks and applications | CyberScoop

• SEC Gives Finality on Cyber Security Disclosures for Public Companies | Sheppard Mullin Richter & Hampton LLP - JDSupra

• Why California's Delete Act matters for the whole country - Help Net Security

• Financial crime compliance costs exceed $206 billion - Help Net Security

Models, Frameworks and Standards

• MITRE ATT&CK project leader on why the framework remains vital for cyber security pros - Help Net Security

• Why It’s Wrong To Judge SIEM Success Only Against The ATT&CK Framework (forbes.com)

• Urgent actions for protecting utilities against cyber-attack: Navigating NIS 2 - Utility Week

Careers, Working in Cyber and Information Security

• The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week

• Demand for cyber security staff trebled since 2019 | Business Post

• Cyber security and staffing issues key risks for companies | Accountancy Daily

• Cyber security skills employers are desperate to find in 2023 - Help Net Security

• Preventing security professionals from ‘quietly quitting’ due to alert fatigue (securitybrief.co.nz)

Law Enforcement Action and Take Downs

• Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)

• Western District of Washington | French cyber criminal pleads guilty to fraud and aggravated identity theft for hacking private information | United States Department of Justice

Misinformation, Disinformation and Propaganda

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• X scraps tool to report electoral fake news - researchers - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russia’s APT29 intensifies espionage operations | SC Media (scmagazine.com)

• Russian hacking operations target Ukrainian law enforcement | CyberScoop

• Cyber-Attacks on Ukraine Surge 123%, But Success Rates Plummet - Infosecurity Magazine (infosecurity-magazine.com)

• Government of Bermuda blames Russian threat actors for the cyber attack (securityaffairs.com)

• Bermuda probes major cyber attack as officials slowly bring operations back online (thestar.com)

• Ukraine war: Cyber Attack in Crimea after Black Sea fleet HQ hit | News UK Video News | Sky News

• Russian hackers trying to steal evidence of Moscow’s war crimes in Ukraine - cyber chief (ukrinform.net)

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• Examining the Activities of the Turla APT Group (trendmicro.com)

• Scottish Tory MSP has website hacked by 'hostile Russian group' | The National

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)

• Cyber Attack on Russian Air Booking System Sparks Flight Delays - The Moscow Times

China

• China's BlackTech Hacking Group Exploited Cisco Routers to Target US and Japanese Companies (thehackernews.com)

• Chinese hackers stole 60,000 emails from US State Department in Microsoft hack, Senate staffer says (databreaches.net)

• Taiwan is bracing for Chinese cyber attacks, White House official says - POLITICO

• China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - Security Week

• Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org | Symantec Enterprise Blogs (security.com)

• China’s national security minister lists top digital threats • The Register

Misc Nation State/Cyber Warfare

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• Sophisticated APT Clusters Target Southeast Asia - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

• Another Chrome security issue is exploited in the wild (and affecting all Chromium-based browsers) - gHacks Tech News

• Google assigns new maximum rated CVE to libwebp bug exploited in attacks (bleepingcomputer.com)

• Cisco Warns of IOS Software Zero-Day Exploitation Attempts - Security Week

• Researchers Release Details of New RCE Exploit Chain for SharePoint (darkreading.com)

• High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server (thehackernews.com)

• GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica

• Firefox 118 Patches High-Severity Vulnerabilities - Security Week

• Hackers actively exploiting Openfire flaw to encrypt servers (bleepingcomputer.com)

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• China's BlackTech Hacking Group Exploited Cisco Routers to Target US and Japanese Companies (thehackernews.com)

• macOS 14 Sonoma Patches 60 Vulnerabilities - Security Week

Tools and Controls

• Cyber security incident response: Your company's ICU (channelweb.co.uk)

• CISOs are spending more on cyber security - but it might not be enough | TechRadar

• 4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)

• Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost - IT Security Guru

• The 5 most dangerous Wi-Fi attacks, and how to fight them | PCWorld

• The Biggest AI Trends in Cyber Security - CNET

• How SOAR helps improve MTTD and MTTR metrics | TechTarget

• What Is a Network Security Assessment and Why You Need It | MSSP Alert

• Why You Should Phish In Your Own Pond (informationsecuritybuzz.com)

• The pitfalls of neglecting security ownership at the design stage - Help Net Security

• Guide: SaaS Offboarding Checklist - Help Net Security

• A Primer On Artificial Intelligence And Cyber Security (forbes.com)

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

• Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)

• Looking Beyond the Hype Cycle of AI/ML in Cyber Security (darkreading.com)

• The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies (thehackernews.com)

• Moving From Qualitative to Quantitative Cyber Risk Modelling - SecurityWeek

• Cyber security budgets show moderate growth - Help Net Security

• Evaluating Security Outsourcing in the Wake of Recent High-Profile Cyber Attacks: Info-Tech Research Group Publishes New Resource (prnewswire.com)

• Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra

Other News

• Cyber criminals are targeting the financial sector more than ever | TechRadar

• The hidden costs of neglecting cyber security for small businesses - Help Net Security

• SMBs face growing cyber security threats, but basic measures can lower risks | ZDNET

• Why aviation needs to prioritise cyber security – Airport World (airport-world.com)

• The key threats facing ICS/OT environments (betanews.com)

• Are Fire Departments Prepared for a Cyber Attack? | HackerNoon

• Fintechs must brace for rising cyber security challenges | Mint (livemint.com)

• Space Force chief says commercial satellites may need defending | Ars Technica

• UK Cyber Security Council CEO reflects on a year of progress | CSO Online

• Google Loophole Lets Drug Dealers Hijack Nearly Any Website to Sell Narcotics (businessinsider.com)

• Cyber Hygiene: A First Line of  Against Evolving Cyber Attacks (darkreading.com)

• Cyber Attacks hit military, Parliament websites as India hacker group targets Canada (cheknews.ca)

• KnowBe4 Finds US. Healthcare a Top Target For Cyber Attacks (prnewswire.com)

• US Government Shutdown Could Bench 80% of CISA Staff - SecurityWeek

• Recommendations for Managing Cyber Security Threats in the Manufacturing Sector | Foley & Lardner LLP - JDSupra

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Overconfident Organisations Prone to Cyber Breaches

A study found that 95% of UK enterprises were very confident or somewhat confident that they do not have gaps in their security controls, yet despite this, 69% have fallen victim to a cyber attack in the last two years. One of the reasons given for this false sense of confidence was the belief that more tools meant more security; worryingly, 45% of organisations struggled with the implementation of tools due to the need for expertise. Attackers are constantly adapting their tactics to bypass the security controls that most organisations implement. It is difficult for IT teams and business leaders to maintain an objective assessment of how effective their chosen security controls are against today’s attackers. Black Arrow provides the impartial and expert advice that businesses require, including a free initial assessment, with no vested interest other than helping our clients achieve pragmatic and proportionate security.

Source: [IT Security Guru]

Board Members Struggling to Understand Cyber Risks

Board members frequently struggle to understand cyber risks, putting businesses at higher risk of attacks, a new report has found. The report noted that Board interest is being piqued as a result of growing media reporting of cyber incidents, a heightened Board focus on operational resilience post-pandemic, investor pressure and a tightening regulatory environment.

Worryingly, despite the increase in interest and increased internal and external focus on cyber risk, a number of Board-level respondents reported that they felt scared or embarrassed to ask their CISO for fear of exposing their lack of understanding.

Source: [Infosecurity Magazine]

Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them

Senior executives in today's evolving work landscape face growing cyber security threats, including extortion and device theft. The rise of ‘workcations’, which blend work and leisure, has blurred professional and personal boundaries, exposing leaders to heightened risks, and necessitating a strong focus on cyber security.

These executives are particularly attractive targets due to their access to critical information and decision-making authority. To protect their organisations, they must prioritise robust security measures, such as stronger passwords, anti-theft safeguards for devices, multi factor authentication, and, where appropriate or necessary, the use of virtual private networks. As guardians of their businesses' well-being, executives carry the responsibility of upholding stringent cyber security practices, ensuring that the benefits of remote work do not compromise their organisations' security.

Source: [Fortune]

Cyber Attacks Reach Fever Pitch in Q2 2023

A report has found the global landscape of increasing digitisation, political unrest, the emergence of AI and the widespread adoption of work from home, have all contributed to an increase in attacks, which have increased 314% in the first half of this year compared the first half of 2022.  Rather worryingly, between the first and second quarter this year, there was a 387% increase in activity.

Source: [Data Centre & Network News]

Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats

A report from the Information Commissioner’s Office (ICO) in the UK found ransomware attacks on UK organisations reached record levels last year, impacting over 700 organisations. This isn’t the true count though, as it does not factor the overwhelming majority of victims who do not report attacks, so the true number will be many times this. This increase comes as reports are finding that UK companies are struggling to address the growing threats, and this includes a lack of understanding at the Board level. In fact, 59% of directors say their Board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.

Sources: [The Record] [The Fintech Times] [Financial Times]

Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. Referring to one of the groups, Microsoft said “In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,". This tactic has also been used by Russian Nation State Actors.

Source: [Bleeping Computer]

Europol - Financial Crime Makes “Billions” and Impacts “Millions”

The European policing alliance’s first ever European Financial and Economic Crime Threat Assessment was compiled from “operational insights and strategic intelligence” contributed by member states and Europol partners. The assessment highlighted a criminal economy worth billions of euros and that impacts millions of victims each year.

Source: [Infosecurity Magazine]

Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security

A recent report found that 30% of parents have never spoken to their children about cyber security. Additionally, over 40% of parents, who themselves admitted that they didn’t know how to create strong passwords, still give their child access to their mobile phones and almost a third (32%) give them access to their computers. By doing so, parents are not only putting their children at risk, but inadvertently, themselves and the organisations they work for as well.

Black Arrow offers a range of training, including formal and informal training, for individuals, employees and business leaders. Contact us today for a free initial conversation.

Source: [IT Security Guru]

Hackers are Dropping USB Drives Outside Buildings to Target Networks

A mid-year cyber security report found that along with the explosive growth in AI, bad actors are still using tried and tested, but unfortunately still very effective, tactics such as dropping USB drives outside target buildings in the hope that an employee will pick them up and plug them into devices connected to the corporate network. Many times, these actors are banking on their targets lacking protections against these attacks. Think about your organisation, would someone plug a device they found in the street into their work computer out of curiosity? Does your organisation have controls in place to prevent this type of attack?

Source: [Tech Republic]

Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night

According to a recent survey, 55% of IT decision-makers cited data theft as their main concern, with ransomware placed third, after phishing. This comes as ransomware attackers are moving towards more exfiltration-based techniques. Exfiltration creates a significant number of issues for an organisation including the regulatory requirements of telling customers, to not knowing what data has been exfiltrated.

Source: [Information Security Buzz]

If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now

Criminals have had plenty of time to use encryption keys stolen in the 2022 LastPass hack to open vaults, and there has been a reported increase in the number of vaults that have been cracked. For those attackers that haven’t been able to crack your password, they're under no time constraints.

Whilst successful attackers may not directly target your email accounts, PayPal wallets, or banks, these assets can be packaged and sold to other criminal third parties. If any of the passwords stored in a LastPass vault prior to 2022 are still in use, you should change them immediately.

Source: [Make Use Of]

Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web

IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report. The latest haul of new CVEs brings the total number tracked by the vendor to 3,900; a number that has doubled since 2019. Similarly, a separate report from Palo Alto Networks found that 80% of security exposures exist in the cloud.

IBM highlighted that this has led to a number of cloud credentials being actively sold on the dark web, in some cases for the same price as a dozen doughnuts. These credentials are believed to account for almost 90% of goods and services for sale on the dark web.

Sources: [Infosecurity Magazine] [The Register] [TechTarget]

Governance, Risk and Compliance

• More UK companies failing to tackle cyber security, reveals new report - The Intermediary - Latest UK mortgage news

• Deputy PM urges UK plc not to lose focus on cyber | Computer Weekly

• Cyber criminals are now targeting top executives–and could be using sensitive information to extort them | Fortune

• Why Data Theft Is Now The #1 Cyber Security Threat Keeping IT Pros Awake At Night (informationsecuritybuzz.com)

• Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru

• Global companies to hike security spending as threats rise - survey | Reuters

• CISOs need to be forceful to gain leverage in the boardroom - Help Net Security

• Board Members Struggling to Understand Cyber Risks - Infosecurity Magazine (infosecurity-magazine.com)

• Board And CISO Disconnect On Cyber Security Preparedness 'Rings Alarm Bells'– Expert Comments (informationsecuritybuzz.com)

• Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru

• Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard

• Cyber Security risks dampen corporate enthusiasm for tech investments - Help Net Security

• CISOs and Board Reporting – an Ongoing Problem - SecurityWeek

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks hit record level in UK, according to neglected official data (therecord.media)

• Ransomware tracker: The latest figures [September 2023] (therecord.media)

• Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)

• Ransomware thrives as cyber security remains lax, says UK report | Financial Times (ft.com)

• Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family (thehackernews.com)

• Ransomware and the cyber crime ecosystem - NCSC.GOV.UK

• Ransomware in top three threats for 65% of organisations | Security Magazine

• The 10 biggest ransomware attacks in history | TechTarget

• Sophos on the State of Ransomware - GovInfoSecurity

• TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)

• Don’t focus on ransomware variants, say UK’s national cyber and crime agencies (therecord.media)

• Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor (darkreading.com)

• Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors (darkreading.com)

Ransomware Victims

• Greater Manchester Police officers' details targeted in 'ransomware attack' | Breaking News News | Sky News

• A phone call to helpdesk was likely all it took to hack MGM | Ars Technica

• MGM Resorts cyber attack: Casinos warned to be on 'high alert' as £11bn firm remains crippled | Science & Tech News | Sky News

• MGM, Caesars File SEC Disclosures on Cyber Security Incidents (darkreading.com)

• Caesars paid millions in ransom to cybercrime group prior to MGM hack – NECN

• Group in Casino Hacks Skilled at Duping Workers for Access (1) (bloomberglaw.com)

• Ransomware tracker: The latest figures [September 2023] (therecord.media)

• IT Systems Encrypted After UK School Hit By Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Attack Wipes Out Four Months of Sri Lankan Government Data - Infosecurity Magazine (infosecurity-magazine.com)

• Rhysida gang claims to have hacked three more US hospitals (securityaffairs.com)

• Ransomware crew claims to have hit Save The Children • The Register

• Shell says Australian unit BG Group hit by MOVEit cyber security breach | Reuters

• Dutch football association pays ransom to Russian cyber criminals – EURACTIV.com

• Cyber security incident affects services at The Weather Network | CFJC Today Kamloops

Phishing & Email Based Attacks

• New Microsoft Teams Phishing Campaign Targets Corporate Employees - Infosecurity Magazine (infosecurity-magazine.com)

• Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security

• Attackers Abuse Google Looker Studio to Evade DMARC, Email Security (darkreading.com)

• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper (thehackernews.com)

• $24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack

• Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar

• Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)

• Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)

• Journalists, authors, and other writers targeted by phishing emails | TechRadar

• Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach - SecurityWeek

• Windows Systems Targeted in Multi-Stage Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• How should SMBs navigate the phishing minefield? - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Understanding the dangers of social engineering - Help Net Security

• How to Avoid Smishing Attacks Targeting Subscription Service Users (securityintelligence.com)

Artificial Intelligence

• Cyber Criminals Feasting On Artificial Intelligence (forbes.com)

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

• ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)

• Cloud security in the era of artificial intelligence (securityintelligence.com)

• Deepfake cyberthreats keep rising. Here's how to prevent them - SiliconANGLE

2FA/MFA

• Organisation Still Aren't Adopting Enterprisewide Multifactor Authentication — What's the Holdup? (securityintelligence.com)

Malware

• Microsoft Teams phishing attack pushes DarkGate malware (bleepingcomputer.com)

• Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)

• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper (thehackernews.com)

• Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)

• Windows Systems Targeted in Multi-Stage Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Intel-based Macs under attack from new MetaStealer malware — how to stay safe | Tom's Guide (tomsguide.com)

• Protecting Your Microsoft IIS Servers Against Malware Attacks (thehackernews.com)

• 3 Strategies to Defend Against Resurging Infostealers (darkreading.com)

• New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (thehackernews.com)

• Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)

• 'Steal-It' Campaign Uses OnlyFans Models as Lures (darkreading.com)

• Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (welivesecurity.com)

• Cybersecurity alert: Malware hidden in Microsoft Teams messages targeting users - OnMSFT.com

• Iranian Cyberspies Deployed New Backdoor to 34 Organizations - SecurityWeek

Mobile

• 'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users (darkreading.com)

• France halts iPhone 12 sales over radiation levels - BBC News

Denial of Service/DoS/DDOS

• Massive DDoS attack on US financial company thwarted by cyber firm (therecord.media)

• Akamai prevented largest DDoS attack on a US financial company (securityaffairs.com)

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek

• Yukon gov't website back after cyber attack, Nunavut gov't site still down | CBC News

Internet of Things – IoT

• Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)

• Wyze security camera owners report seeing strangers' camera feeds | Mashable

• Hackers Are Salivating Over Electric Cars - The Atlantic

• Hackers will hack anything — including your sex toys - The Hustle

Data Breaches/Leaks

• Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru

• LastPass Hackers Cracking Password Vaults - Experts Warns - Cyber Kendra

• Dymocks Booksellers suffers data breach impacting 836k customers (bleepingcomputer.com)

• Lessons from the DuoLingo data breach – Digital Journal

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Capita class action: 2,000 sign up in wake of data theft • The Register

• Airbus data leaked via infected customer computer • The Register

• Threat actor leaks sensitive data belonging to Airbus (securityaffairs.com)

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Organised Crime & Criminal Actors

• Cyber criminals are now targeting top executives–and could be using sensitive information to extort them | Fortune

• Europol: Financial Crime Makes “Billions” and Impacts “Million" - Infosecurity Magazine (infosecurity-magazine.com)

• How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Influx of Russian fraudsters gives Turkish cyber crime hub new lease of life | Financial Times (ft.com)

• Europol's spotlight report sheds light on evolving cyber attacks (amlintelligence.com)

• Ransomware in the underworld. (thecyberwire.com)

• Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Criminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks (thehackernews.com)

• Top blockchain Cyber security threats to watch out for (att.com)

• $24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack

• Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin

• Hackers steal $53 million worth of cryptocurrency from CoinEx (bleepingcomputer.com)

• Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News

Insider Risk and Insider Threats

• Human behaviour as both threat and defence | Professional Security

Fraud, Scams & Financial Crime

• Latest fraud schemes targeting the payments ecosystem - Help Net Security

• Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News

• Glasgow firm issues warning following recent cyber attack | Glasgow Times

Impersonation Attacks

• Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security

• Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)

Deepfakes

• Deepfake cyber threats keep rising. Here's how to prevent them - SiliconANGLE

AML/CFT/Sanctions

• TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)

Insurance

• Insurance industry grapples with rising cyber crime threat, climate change concerns: PwC - Reinsurance News

• Cyber security is top insurance concern as global attacks increase - Insurance Post (postonline.co.uk)

Dark Web

• Dark Web Threats to Businesses - DevX

• ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)

• Cloud credentials are the hot ticket item on the dark web • The Register

Supply Chain and Third Parties

• Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard

• Lazarus Group Targets macOS in Supply Chain Assault - Infosecurity Magazine (infosecurity-magazine.com)

• Airbus Cyber Attack: Over 3,200 Vendor Data Accessed by Hackers (cybersecuritynews.com)

• Capita class action: 2,000 sign up in wake of data theft • The Register

• The rise and evolution of supply chain attacks - Help Net Security

• A 2-Week Prescription for Eliminating Supply Chain Threats (darkreading.com)

Cloud/SaaS

• New Microsoft Teams Phishing Campaign Targets Corporate Employees - Infosecurity Magazine (infosecurity-magazine.com)

• Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar

• Finding Your Way in Cloud Security - SecurityWeek

• 7 Steps to Kickstart Your SaaS Security Program (thehackernews.com)

• Cloud storage security: What's new in the threat matrix | Microsoft Security Blog

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Cloud credentials are the hot ticket item on the dark web • The Register

• Palo Alto Networks: 80% of security exposures exist in cloud | TechTarget

• Cloud security in the era of artificial intelligence (securityintelligence.com)

Containers

• Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns (darkreading.com)

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)

Identity and Access Management

• Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)

• Companies need to rethink how they implement identity security - Help Net Security

• Enterprises persist with outdated authentication strategies - Help Net Security

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

Encryption

• OpenSSL 1.1.1 reaches end of life... unless you can pay up • The Register

• When a Quantum Computer Is Able to Break Our Encryption, It Won’t Be a Secret | Lawfare (lawfaremedia.org)

API

• API Expanding Attack Surfaces: 74% Reporting Multiple Breaches – Approov Comments (informationsecuritybuzz.com)

• How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)

• Elevating API security to reinforce cyber defence - Help Net Security

• Machine Learning is a Must for API Security - IT Security Guru

Open Source

• Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)

• Linux Malware! Read This If You Use Free Download Manager (itsfoss.com)

Passwords, Credential Stuffing & Brute Force Attacks

• If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now (makeuseof.com)

• Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)

• New WiKI-Eve attack can steal numerical passwords over WiFi (bleepingcomputer.com)

• Wi-Fi radio signal data can be used 'to predict passwords' • The Register

• Cloud credentials are the hot ticket item on the dark web • The Register

• Iranian hackers breach defence orgs in password spray attacks (bleepingcomputer.com)

Social Media

• Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)

Training, Education and Awareness

• How to Transform Security Awareness Into Security Culture (darkreading.com)

• Elevating Cyber Awareness: A Strategic Approach (informationweek.com)

• How end-user phishing training works (and why it doesn’t) (bleepingcomputer.com)

• Great security training is a real challenge - Help Net Security

Digital Transformation

• Was the digital transformation worth it security-wise? (securityintelligence.com)

Parental Controls and Child Safety

• Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security- IT Security Guru

• Parents, children and cyber security: Time for a big conversation – Digital Journal

Cyber Bullying, Cyber Stalking and Sextortion

• How To Answer The General Counsel’s Questions After A Cyber Incident (forbes.com)

Regulations, Fines and Legislation

• SEC Issues Final Rules on Cyber Security Disclosures | Kelley Drye & Warren LLP - JDSupra

• Cyber risk is business risk, and the SEC knows it (fdd.org)

• What Makes an Incident ‘Material’? | Calloquy, PBC - JDSupra

• The International Criminal Court will now prosecute cyberwar crimes | Ars Technica

• Preparing For Cyber Security Disclosures Set For Public Companies (forbes.com)

• UK ICO and NCSC Set to Share Anonymized Threat Intelligence - Infosecurity Magazine (infosecurity-magazine.com)

• One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem (securityintelligence.com)

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Models, Frameworks and Standards

• Understanding the HITRUST CSF and its Benefits | UpGuard

Backup and Recovery

• How to develop a cloud backup ransomware protection strategy | TechTarget

• How To Backup Data From NAS: A Complete Guide (informationsecuritybuzz.com)

Data Protection

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Careers, Working in Cyber and Information Security

• Cyber Security Skills Gap: Roadies & Gamers Are Untapped Talent (darkreading.com)

• Three ways to overcome cyber security staff shortages (securitybrief.co.nz)

Privacy, Surveillance and Mass Monitoring

• Wyze security camera owners report seeing strangers' camera feeds | Mashable

• Your Car Is Spying On You, From Your Sex Life To How Fast You Go | Carscoops

• Google Chrome just rolled out a new way to track you and serve ads. Here's what you need to know (theconversation.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

China

• Risk & Repeat: Big questions remain on Storm-0558 attacks | TechTarget

• Parliamentary researcher ‘who spied for China’ arrested | UK news | The Guardian

• Arrest of alleged spy raises questions around UK’s China policy | Financial Times (ft.com)

• Microsoft, Apple versus China, spyware actors (techrepublic.com)

• Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)

• Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cyber Crime - SecurityWeek

• Spies, Hackers, Informants: How China Snoops on the West - SecurityWeek

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

• China caught with its malware in another nation's power grid • The Register

• China Threat Recap: A Deeper Insight (informationsecuritybuzz.com)

• As China steps up cyber security enforcement, smaller businesses are feeling the heat | South China Morning Post (scmp.com)

• British and Chinese academic research collaborations quadruple despite security fears (telegraph.co.uk)

Iran

• Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)

• ‘Scan-and-exploit’ campaign snares unpatched Exchange servers | SC Media (scmagazine.com)

• Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors (thehackernews.com)

North Korea

• Lazarus Group Targets macOS in Supply Chain Assault - Infosecurity Magazine (infosecurity-magazine.com)

• Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin

Misc Nation State/Cyber Warfare

• ‘Cyber attacks lower warfare bar, rules key’ | Mint (livemint.com)

• Polish election questioned after Pegasus spyware used to smear opposition, investigation finds | Computer Weekly

• How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek

• How Cyber Attacks Are Transforming Warfare (thehackernews.com)

• OODA Loop - The ICC Will Now Investigate Cyber War Crimes

• The Double-Edged Sword of Cyber Espionage (darkreading.com)

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

Vulnerability Management

• Severe vulnerability found in all browsers, and it's being attacked | PCWorldOvercoming the Rising Threat of Session Hijacking (darkreading.com)

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica

Vulnerabilities

• Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws (bleepingcomputer.com)

• Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) - Help Net Security

• Severe vulnerability found in all browsers, and it's being attacked | PCWorld

• Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now (thehackernews.com)

• After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery - SecurityWeek

• CISA Adds Critical RocketMQ Bug to Must-Patch List - Infosecurity Magazine (infosecurity-magazine.com)

• Notepad++ 8.5.7 released with fixes for four security vulnerabilities (bleepingcomputer.com)

• Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (bleepingcomputer.com)

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)

• Cisco warns of VPN zero-day exploited by ransomware gangs (bleepingcomputer.com)

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

Tools and Controls

• Global companies to hike security spending as threats rise - survey | Reuters

• Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru

• What Is XDR and Why It's Changing the Security Industry - ReadWrite

• Organisations Still Aren't Adopting Enterprisewide Multifactor Authentication — What's the Holdup? (securityintelligence.com)

• Remote Desktop Protocol exposures leave 85% of organisations vulnerable to attack - SiliconANGLE

• How CISOs Can Effectively Manage Firewall Vulnerabilities | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• The Dark Web Is Expanding (As Is the Value of Monitoring It) (darkreading.com)

• How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)

• Elevating Cyber Awareness: A Strategic Approach (informationweek.com)

• Great security training is a real challenge - Help Net Security

• Companies need to rethink how they implement identity security - Help Net Security

• Enterprises persist with outdated authentication strategies - Help Net Security

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

• Easy Configuration Fixes Can Protect Your Server from Attack (securityintelligence.com)

Reports Published in the Last Week

• Ransomware and the Cyber Crime ecosystem - NCSC.GOV.UK

• Sophos on the State of Ransomware - GovInfoSecurity

• The State of Pentesting 2023 Report | Cobalt

Other News

• Record number of cyber attacks targeting critical IT infrastructure reported to UK gov’t this year (therecord.media)

• The Weaponization of Operational Technology (securityintelligence.com)

• ICS Computers in Western Countries See Increasing Attacks: Report - SecurityWeek

• Cyber Trends: The Gunpowder of the Twenty-First Century (e-ir.info)

• The 9 Top Technology Trends That Are Shaping the Future of Cyber Security (makeuseof.com)

• Some of TOP universities wouldn’t pass cyber security exam: left websites vulnerable - Security Affairs

• The Cyber Security Risks In Education Cannot Be Ignored (forbes.com)

• A new Repojacking attack exposed over 4,000 GitHub repositories to hack (securityaffairs.com)

• Cyber attacks reach fever pitch in Q2 2023 - Data Centre & Network News (dcnnmagazine.com)

• Rising OT/ICS cyber security incidents reveal alarming trend - Help Net Security

• Building cyber resiliency in public services | UKAuthority

• Brits happy to break cyber law if the price is right | Computer Weekly

• Chilling Lack of Cyber Experts in UK Government: Parliamentary Inquiry - Infosecurity Magazine (infosecurity-magazine.com)

• British Military Hit by Six Million Cyber Attacks in 2022 (thedefensepost.com)

• Trustwave report on hospitality industry security threats | Cyber Magazine

• Cyber security impact on construction, engineering projects (csemag.com)

• Cyber criminals come for schools — and schools aren’t ready (hechingerreport.org)

• Professional Sports: The Next Frontier of Cyber Security? (darkreading.com)

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Poison in the Water: The Physical Repercussions of IoT Security Threats (securityintelligence.com)

• Australia Inc roiled by raft of cyber attacks since late 2022 | Reuters

• Death by digital: attacks on healthcare put people at risk (synack.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Half of UK Businesses Struggle to Fill Cyber Security Skills Gap

Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.

In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.

With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725

https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/

• Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500

The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.

Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.

https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/

https://www.kroll.com/en/insights/publications/cyber/moveit-vulnerability-investigations-uncover-additional-exfiltration-method

https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/

• Why Cyber Security Should Be Part of Your ESG Strategy

Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.

Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.

https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy

• Lawyers Take Frontline Role in Business Response to Cyber Attacks

Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.

In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.

https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331

• Organisations Face Record $4.5M Per Data Breach Incident

In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.

https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident

https://uk.newsroom.ibm.com/24-07-2023-IBM-Security-Report-Cost-of-a-Data-Breach-for-UK-Businesses-Averages-3-4m

• Cryptojacking Soars as Cyber Attacks Diversify

According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.

Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.

https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/

• Ransomware Attacks Skyrocket in 2023

Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.

The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.

https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/

• Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.

Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.

https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/

https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt

https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/

• Protect Your Data Like Your Reputation Depends on It (Because it Does)

Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.

It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.

https://informationsecuritybuzz.com/protect-your-data-like-your-reputation-depends-on-it-because-it-does/

• Why CISOs Should Get Involved with Cyber Insurance Negotiation

Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.

Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.

https://www.darkreading.com/edge-articles/why-cisos-should-get-involved-with-cyber-insurance-negotiation

• Companies Must Have Corporate Cyber Security Experts, SEC Says

A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.

The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.

The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.

https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says

https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/

https://krebsonsecurity.com/2023/07/few-fortune-100-firms-list-security-pros-in-their-executive-ranks/

• Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.

With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.

https://www.bleepingcomputer.com/news/security/over-400-000-corporate-credentials-stolen-by-info-stealing-malware/

https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023

Governance, Risk and Compliance

• Data Breaches Cost Businesses $4.5M on Average (darkreading.com)

• Deciphering The IBM Cost Of A Data Breach Report: A Statistical Perspective For Business Leaders (informationsecuritybuzz.com)

• Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)

• SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)

• Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)

• Companies encounter months-long delays in filling critical security positions - Help Net Security

• Why Today's CISOs Must Embrace Change (darkreading.com)

• Enterprises should layer-up security to avoid legal repercussions - Help Net Security

• Aligning Risk Appetite, Tolerance, And Thresholds With Business Planning: A Comprehensive Guide To Enterprise Risk Management (informationsecuritybuzz.com)

• Explaining risk maturity models and how they work | TechTarget

• Why cyber security should be part of your ESG strategy | Computer Weekly

• The old “trust but verify” adage should be the motto for every CISO | CSO Online

• Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security

• Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security

• The critical cyber security backup plan too many companies are ignoring (cnbc.com)

• Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)

• Why Computer Security Advice Is More Confusing Than It Should Be (darkreading.com)

• Why whistleblowers in cyber security are important and need support | CSO Online

• The challenge of managing unlimited threats in a limited budget: cyber security experts comment | CSO Online

• 4 Cyber security Budget Management Tips (trendmicro.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Clop now leaks data stolen in MOVEit attacks on clearweb sites (bleepingcomputer.com)

• MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method (kroll.com)

• Clop Could Make $100m from MOVEit Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)

• Millions of people's healthcare files accessed by Clop gang • The Register

• Ransomware Attacks Skyrocket in Q2 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Local Governments Targeted for Ransomware – How to Prevent Falling Victim (thehackernews.com)

• New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)

• Dozens of Organisations Targeted by Akira Ransomware - SecurityWeek

• Ransomware Spotlight: Play - Security News (trendmicro.com)

• The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop

• Risk & Repeat: Are data extortion attacks ransomware? | TechTarget

• ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)

• Education Sector Has Highest Ransomware Victim Count - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware: Sophos says most universities pay | Times Higher Education (THE)

Ransomware Victims

• PwC has data leaked on the clear web - Cyber Security Connect

• Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews

• DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)

• Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek

• Millions of people's healthcare files accessed by Clop gang • The Register

• Tampa General Hospital Says Patient Information Stolen in Ransomware Attack - SecurityWeek

• Another Cl0p victim goes public | Cybernews

• Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (therecord.media)

Phishing & Email Based Attacks

• Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Stolen Microsoft key may have opened up more than inboxes • The Register

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (darkreading.com)

• The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)

• How to avoid LinkedIn phishing attacks in the enterprise | TechTarget

• Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works | Tom's Guide (tomsguide.com)

• Critical Infrastructure Workers More Likely to Detect and Report Phishing and Malicious Emails, Study Finds - MSSP Alert

BEC – Business Email Compromise

• Repeatable VEC Attacks Target Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• The Dark Side of AI (darkreading.com)

• Blocking access to ChatGPT is a short term solution to mitigate risk - Help Net Security

• UN Security Council to hold first talks on AI risks | Reuters

• Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security

• ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation (darkreading.com)

• Lots of sensitive data is still being posted to ChatGPT | TechRadar

• Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)

• Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop

• The Good, the Bad and the Ugly of Generative AI - SecurityWeek

• OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop

• Intel's deepfake detector tested on real and fake videos - BBC News

• Are AI-Engineered Threats FUD or Reality? (darkreading.com)

• How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)

Malware

• Over 400,000 corporate credentials stolen by info-stealing malware (bleepingcomputer.com)

• Infostealer incidents more than doubled in Q1 2023 | SC Media (scmagazine.com)

• The Alarming Rise of Infostealers: How to Detect this Silent Threat (thehackernews.com)

• Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks (thehackernews.com)

• Rust-based malware used to hack both Windows and Linux servers - Neowin

• Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets (thehackernews.com)

• Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)

• FIN8 is rewriting its backdoor malware to avoid detection | SC Media (scmagazine.com)

• New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)

• New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)

• HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software (thehackernews.com)

• Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security

Mobile

• Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert

• Spyhide stalkerware is spying on tens of thousands of phones | TechCrunch

• 5 steps to approach BYOD compliance policies | TechTarget

Botnets

• Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

Denial of Service/DoS/DDOS

• Critical UK Infrastructures in the crosshairs of DDoS attacks (link11.com)

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

• Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)

BYOD

• 5 steps to approach BYOD compliance policies | TechTarget

Internet of Things – IoT

• Peloton Bugs Expose Enterprise Networks to IoT Attacks (darkreading.com)

• Microsoft previews  Defender for IoT firmware analysis service (bleepingcomputer.com)

• Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats - SecurityWeek

Data Breaches/Leaks

• Deciphering The IBM Cost Of A Data Breach Report: A Statistical Perspective For Business Leaders (informationsecuritybuzz.com)

• Capita breach class action nears 1,000 sign-ups • The Register

• VirusTotal: We're sorry for mistake that exposed 5,000 users • The Register

• Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews

• NATO investigating apparent breach of unclassified information sharing platform | CyberScoop

• Tampa General Hospital Data Breach Impacts 1.2 Million Patients - Infosecurity Magazine (infosecurity-magazine.com)

• Australian Home Affairs cyber survey exposed personal data of participating firms | Data and computer security | The Guardian

• Data Breach Costs Hit Record High but Fall For Some - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker Claims to Have Stolen Sensitive Medical Records from Egypt's Ministry of Health - Infosecurity Magazine (infosecurity-magazine.com)

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

• Nice Suzuki, sport: shame dealer left your data up for grabs - Security Affairs

• Johns Hopkins hit with class action lawsuit connected to data breach - CBS Baltimore (cbsnews.com)

Organised Crime & Criminal Actors

• The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cryptojacking soars as cyber attacks increase, diversify - Help Net Security

• Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)

• Cryptojacking: Understanding and defending against cloud compute resource abuse | Microsoft Security Blog

• Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)

• New Realst macOS malware steals your cryptocurrency wallets (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)

• Consumers demand more from businesses when it comes to security - Help Net Security

• CISOs gear up to combat the rising threat of B2B fraud - Help Net Security

• Booz Allen Pays $377m to Settle Government Fraud Case - Infosecurity Magazine (infosecurity-magazine.com)

• MPs launch inquiry into prosecution of Norton Motorcycles pension fraud | Crime | The Guardian

Insurance

• Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)

• Brave New World of Cyber Insurance Meets Old-World Contract Principles | New Jersey Law Journal

Dark Web

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

• How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)

Supply Chain and Third Parties

• Capita breach class action nears 1,000 sign-ups • The Register

• DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)

• The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)

• Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)

• Strengthening the weakest links in the digital supply chain - Help Net Security

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• Supply Chain Attack Hits NHS Ambulance Trusts - Infosecurity Magazine (infosecurity-magazine.com)

Software Supply Chain

• Two ambulance services in UK lost access to patient records after a cyber attack on software provider - Security Affairs

Cloud/SaaS

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps (darkreading.com)

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek

• The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)

Shadow IT

• NCSC Publishes New Guidance on Shadow IT - Infosecurity Magazine (infosecurity-magazine.com)

Encryption

• The UK Government Is Very Close To Eroding Encryption Worldwide  | Electronic Frontier Foundation (eff.org)

• Apple could opt to stop iMessage and FaceTime services due to the government's surveillance demands - Security Affairs

• Hacking police radios: 30-year-old crypto flaws in the spotlight – Naked Security (sophos.com)

• Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (vice.com)

API

• Reining in API sprawl | TechCrunch

• ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)

Open Source

• New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)

• Rust-based malware used to hack both Windows and Linux servers - Neowin

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)

• New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA: Most cyber attacks on gov’ts, critical infrastructure involve valid credentials (therecord.media)

Social Media

• How to avoid LinkedIn phishing attacks in the enterprise | TechTarget

• Stanford researchers find Mastodon has a massive child abuse material problem - The Verge

Training, Education and Awareness

• Why are computer security guidelines so confusing? - Help Net Security

Travel

• The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)

Parental Controls and Child Safety

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Stanford researchers find Mastodon has a massive child abuse material problem - The Verge

Regulations, Fines and Legislation

• SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)

• Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Apple could opt to stop iMessage and FaceTime services due to the government's surveillance demands - Security Affairs

• OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop

• EU Agrees On Common Position For Cyber Resilience Act To Enhance Security Of Digital Products (informationsecuritybuzz.com)

Data Protection

• More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)

• Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)

Careers, Working in Cyber and Information Security

• Companies encounter months-long delays in filling critical security positions - Help Net Security

• UK Government Report Finds Cyber security Skills Gap Stagnant - Infosecurity Magazine (infosecurity-magazine.com)

• Bridging the cyber security skills gap through cyber range training - Help Net Security

• Overcoming the cyber security talent shortage with upskilling initiatives - Help Net Security

Law Enforcement Action and Take Downs

• The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop

Privacy, Surveillance and Mass Monitoring

• More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Companies Need to Prove They Can Be Trusted with Technology (hbr.org)

• Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology (darkreading.com)

Misinformation, Disinformation and Propaganda

• China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)

• Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)

• Russian court jails cyber security executive for 14 years in treason case | Reuters

• Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian

• 69% of Russian gamers are pirating after Ukraine invasion pushback | Ars Technica

China

• Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Stolen Microsoft key may have opened up more than inboxes • The Register

• Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)

• The Chinese groups accused of hacking the US and others | Reuters

• Industrial Organisations in Eastern Europe Targeted by Chinese Cyber spies - SecurityWeek

• Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert

• China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)

• China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)

• US Senator Wyden Accuses Microsoft of ‘Cyber security Negligence’ - SecurityWeek

• China’s Wuhan Earthquake Center Suffers Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

North Korea

• North Korean Cyber spies Target GitHub Developers (darkreading.com)

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• GitHub warns of Lazarus hackers targeting devs with malicious projects (bleepingcomputer.com)

• Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)

• Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)

• APT “Mysterious Elephant” Emerges in Q2 2023, Kaspersky Reports - Infosecurity Magazine (infosecurity-magazine.com)

Misc/Other/Unknown

• Advanced Persistent Threats (APTs): Detection and Mitigation (blueteamresources.in)

• Part 1: Historic To 2022 – The APT And Logical Threats (informationsecuritybuzz.com)

Vulnerability Management

• Google: 41 zero-day vulnerabilities exploited in 2022 | TechTarget

• CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem (darkreading.com)

• Want to live dangerously? Try running Windows XP in 2023 • The Register

• A step-by-step guide for patching software vulnerabilities - Help Net Security

Vulnerabilities

• Over 20,000 Citrix Appliances Vulnerable to New Exploit - SecurityWeek

• A flaw in OpenSSH forwarded ssh-agent allows remote code execution-Security Affairs

• Apple fixes new zero-day used in attacks against iPhones, Macs (bleepingcomputer.com)

• Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519 - Security Affairs

• NetScaler RCE bug abused to pilfer critical infrastructure Active Directory data | SC Media (scmagazine.com)

• Ivanti patches MobileIron zero-day bug exploited in attacks (bleepingcomputer.com)

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

• Apache OpenMeetings Wide Open to Account Takeover, Code Execution (darkreading.com)

• Super Admin elevation bug puts 900,000 MikroTik devices at risk (bleepingcomputer.com)

• Norwegian government IT systems hacked using zero-day flaw (bleepingcomputer.com)

• VMware fixes bug exposing CF API admin credentials in audit logs (bleepingcomputer.com)

• Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required (thehackernews.com)

• Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)

• Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks (thehackernews.com)

• Atlassian RCE Bugs Plague Confluence, Bamboo (darkreading.com)

• Zenbleed attack leaks sensitive data from AMD Zen2 processors (bleepingcomputer.com)

• Microsoft shares fix for some Outlook hyperlinks not opening (bleepingcomputer.com)

• Critical Flaws Found in Microsoft Message Queuing Service - Infosecurity Magazine (infosecurity-magazine.com)

• China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)

• Study reveals silent Python package security fixes • The Register

• Windows 10 KB5028244 update released with 19 fixes, improved security (bleepingcomputer.com)

• VMware Patches Vulnerability Exposing Admin Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

• Zimbra patches zero-day vulnerability exploited in XSS attacks (bleepingcomputer.com)

• WordPress Ninja Forms plugin flaw lets hackers steal submitted data (bleepingcomputer.com)

• Two flaws in Linux Ubuntu affect 40% of Ubuntu users - Security Affairs

Tools and Controls

• Aligning Risk Appetite, Tolerance, And Thresholds With Business Planning: A Comprehensive Guide To Enterprise Risk Management (informationsecuritybuzz.com)

• Why cyber security should be part of your ESG strategy | Computer Weekly

• Lawyers take frontline role in business response to cyber attacks | Financial Times (ft.com)

• Explaining risk maturity models and how they work | TechTarget

• Microsoft enhances Windows 11 Phishing Protection with new features (bleepingcomputer.com)

• Shadow Coding Is An Intoxicating Shortcut—And A Security Landmine (forbes.com)

• Zero trust rated as highly effective by businesses worldwide - Help Net Security

• 50% of Zero Trust Programs Risk Failure According to PlainID Survey (darkreading.com)

• Google Chrome to offer 'Link Previews' when hovering over links (bleepingcomputer.com)

• Why are computer security guidelines so confusing? - Help Net Security

• Threat Intelligence Is Growing — Here's How SOCs Can Keep Up (darkreading.com)

• The challenge of managing unlimited threats in a limited budget: cyber security experts comment | CSO Online

• Shaping the future of digital identity - Help Net Security

• How to Put the Sec in DevSecOps (darkreading.com)

• Designing a Security Strategy for Defending Multicloud Architectures (darkreading.com)

• How Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats | Microsoft Security Blog

• Converging networking and security with SASE - Help Net Security

• 5 steps to approach BYOD compliance policies | TechTarget

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (darkreading.com)

• Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works | Tom's Guide (tomsguide.com)

• Artificial Intelligence Continues To Revolutionize Cyber security (forbes.com)

• Key factors for effective security automation - Help Net Security

• Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)

• The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)

• CISOs consider zero trust a hot security ticket - Help Net Security

• How a Cyber Security Platform Addresses the 3 “S” (trendmicro.com)

• 4 Cyber security Budget Management Tips (trendmicro.com)

Reports Published in the Last Week

• The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)

• Cost of a data breach 2023 | IBM

• Internet Organised Crime Threat Assessment (IOCTA) | Europol (europa.eu)

• Q1 Report: Email Threat Trends Discover Q1 trends and stay ahead of email based threats. - VIPRE

Other News

• Maritime Cyber attack Database Launched by Dutch University - SecurityWeek

• Google’s new security pilot program will ban employee Internet access | Ars Technica

• Inspiring secure coding: Strategies to encourage developers' continuous improvement - Help Net Security

• macOS Under Attack: Examining the Growing Threat and User Perspectives (thehackernews.com)

• Why whistleblowers in cyber security are important and need support | CSO Online

• Cyber crime as a Public Health Crisis (darkreading.com)

• 7 in 10 MSPs Name Data Security and Network Security As Their Top IT Priorities for 2023 (darkreading.com)

• TETRA Radio Code Encryption Has a Flaw: A Backdoor | WIRED

• World's most internetty firm tries life off the net • The Register

• Exam board cyber attack investigation: Teenager arrested (schoolsweek.co.uk)

• Companies Need to Prove They Can Be Trusted with Technology (hbr.org)

• Heart monitor manufacturer hit by cyber attack, takes systems offline (bitdefender.com)

• How do companies protect customer data? | TechTarget

• Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Security Industry Still Fighting to Recruit and Retain Talent

Cyber security teams are struggling to find the right talent, with the right skills, and to retain experienced employees. The situation is only likely to worsen, as inflation and a tight labour market push up wages. Universities produce graduates with a strong focus on technical knowledge, but not always the broader skills they need to operate in a business environment. This includes the lack of communications skills, understanding of how businesses operate and even emotional intelligence. One solution is to outsource to a corporate cyber security provider or outsource to infill shortages whilst trying to recruit permanent staff.

https://www.infosecurity-magazine.com/news/cybersecurity-industry-recruit/

• How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools

The world of managed file transfer (MFT) software has become a lucrative target for ransom-seeking hackers, with significant breaches including those of Accellion Inc's File Transfer Appliance in 2021 and Fortra's GoAnywhere MFT earlier this year. These MFT programs, corporate versions of popular file sharing programs like Dropbox or WeTransfer, are highly desirable to hackers for the sensitive data they often transfer between organisations and partners. The recent mass compromise tied to Progress Software Corp's MOVEit transfer product has prompted governments and companies worldwide to scramble in response.

Hackers are shifting their tactics, with an increasing focus on MFT programs which typically face the open internet, making them more vulnerable to breaches. Once inside these file transfer points, hackers have direct access to a wealth of data. In addition, there's a noticeable shift from ransomware groups encrypting a company's network and demanding payment to unscramble it, to a simpler tactic of pure extortion by threatening to leak the data.

https://www.reuters.com/technology/how-moveit-breach-shows-hackers-interest-corporate-file-transfer-tools-2023-06-16/

• Attackers Discovering Exposed Cloud Assets within Minutes

The shift to cloud services, increased remote work, and reliance on third-parties has led to widespread use of Software-as-a-Service (SaaS) applications. This has also opened avenues for attackers to exploit weak security configurations and identities. Over the past year, attackers have intercepted authorisation tokens, bypassed multifactor authentication, and exploited misconfigured systems, targeting critical applications like GitHub, Microsoft 365, Google Workspace, Slack, and Okta. A study revealed alarmingly fast rates of breach discovery and compromise of exposed cloud assets, with assets being discovered within as little as two minutes for some and others within an hour.

https://www.techtarget.com/searchsecurity/news/366542352/Attackers-discovering-exposed-cloud-assets-within-minutes

https://www.darkreading.com/dr-tech/growing-saas-usage-means-larger-attack-surface

• Majority of Users Neglect Best Password Practices

The latest Password Management Report by Keeper Security has shed light on the concerning state of password security practices. The survey found that only 25% of respondents used solid and unique passwords. In comparison, 34% admitted to using repeat variations of passwords, and 30% still relied on simple and easily guessable passwords. The survey also found that 44% of individuals who claimed to have well-managed passwords still admitted to using repeated variations, while 20% acknowledged having had at least one password involved in a data breach or available on the dark web. The document also revealed that 35% of respondents feel overwhelmed when it comes to improving their cyber security. Furthermore, 10% admitted to neglecting password management altogether. More generally, Keeper Security said the survey’s findings highlight a significant gap between perception and reality regarding password security.

https://www.infosecurity-magazine.com/news/users-neglect-best-password/

• One in Three Workers Susceptible to Phishing

More than one in three workers in the UK and Ireland are susceptible to falling for phishing attacks, according to the new 2023 Phishing by Industry Benchmarking Report by KnowBe4. The study found that 35% of users who had received no security training were prone to clicking on suspicious links or engaging in fraudulent actions. Regular training and continual reinforcement can get this figure down but even with training very few organisations ever get click rates down to zero, and you only need one person to click to cause potentially devastating consequences.

Globally, ransomware was responsible for 24% of all data breaches in 2023, with human error accounting for 74% of these incidents. Phishing attacks can often lead to significant reputational damage, financial loss and disruption to business operations.

https://www.infosecurity-magazine.com/news/one-in-three-phishing/

• Ransomware Misconceptions Abound, to the Benefit of Attackers

There is a common ransomware misperception that there's no capability to fight this all too common hostage taking of business data. This is not true. Proactive organisations are increasingly making more strategic use of threat intelligence to prevent or disrupt attacks.

Ransomware has evolved into a massive, often state-sponsored, industry where operators buy, develop, and resell ransomware code, infiltrate networks, and collect ransoms. The perception that a speedy response is critical to prevent data encryption and loss is outdated; attackers now focus on data exfiltration, using ransomware as a distraction. They often target smaller organisations that are linked to larger ones through supply chains, using them as stepping stones. It is important to use in-depth defence measures, including email security to prevent phishing and efficient detection and response systems to identify and recover from changes.

https://www.darkreading.com/vulnerabilities-threats/ransomware-misconceptions-abound-to-the-benefit-of-attackers

• Threat Actors Scale and Commoditise Uncommon Tools and Techniques

Proofpoint’s 2023 Human Factor report highlights significant developments in the cyber attack landscape in 2022. Following two years of pandemic-induced disruption, cyber criminals returned to their usual operations, honing their social engineering skills and commoditising once sophisticated attack techniques. There was a noticeable increase in brute-force and targeted attacks on cloud tenants, conversational smishing attacks, and multifactor authentication (MFA) bypasses. Microsoft 365 formed a large part of organisations' attack surfaces and faced broad abuse, from Office macros to OneNote documents.

Despite some advances in security controls, threat actors continue to innovate and scale their bypasses. Techniques like MFA bypass and telephone-oriented attack delivery are now commonplace. Attackers consistently exploit people, who remain the most critical variable in the attack chain.

https://www.proofpoint.com/uk/newsroom/press-releases/proofpoints-2023-human-factor-report-threat-actors-scale-and-commoditise

• Goodbyes are Difficult, IT Offboarding Processes Make Them Harder

A recent survey found that 68% of organisations recognise the offboarding process as a major cyber security risk, but only 36% have adequate controls in place to secure data access when employees depart. The study revealed that 60% of organisations have discovered former employees still had access to corporate applications after leaving, and 52% have had security incidents linked to former employees. Interestingly, IT professionals are not always alerted when employees leave, leading to access not being revoked and IT assets being mishandled 34% of the time.

https://www.helpnetsecurity.com/2023/06/19/it-offboarding-processes/

• Security Budget Hikes are Missing the Mark, CISOs Say

Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. A recent report found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defences. This lack of understanding shows that a lot of work needs to be done to ensure that information security receives the attention it deserves, especially in the boardroom.

The report found that just 9% of CISOs said information security is always in the top three priorities on the boardroom’s meeting agenda, and less than a quarter (22%) of CISOs are actively participating in business strategy and decision-making processes. Talking to the board about cyber security in a way that is productive can be a significant challenge for CISOs, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organisation.

https://www.csoonline.com/article/3700073/security-budget-hikes-are-missing-the-mark-cisos-say.html

https://www.helpnetsecurity.com/2023/06/22/average-cybersecurity-budget-increase/

• Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security

In today’s interconnected world, the threat of cyber attacks is a constant concern for organisations of all sizes and across all industries. Cyber resilience entails not only making it difficult for attackers to infiltrate your systems but also ensuring that your organisation can bounce back quickly and continue operations successfully.

Cyber resilience offers a holistic approach to cyber security, emphasising the ability to withstand and recover from cyber attacks. By adopting the right mindset, leveraging advanced technology, addressing cyber hygiene, and measuring key metrics, organisations can enhance their cyber resilience. Additionally, collaboration within industries and proactive board engagement are crucial for effective risk management. As cyber threats continue to evolve, organisations must prioritise cyber resilience as an ongoing journey, continuously adapting and refining their strategies to stay ahead of malicious actors.

https://informationsecuritybuzz.com/understanding-cyber-resilience-building-a-holistic-approach-to-cybersecurity/

• Emerging Ransomware Group 8Base Releasing Confidential Data from SMBs Globally

A ransomware group that operated under the radar for over a year has come to light in recent weeks, thanks to a series of business data leaks on the Dark Web. Since at least April 2022, 8base has been conducting double-extortion attacks against small and midsized businesses (SMBs). It all came to a head in May, when the group dumped data belonging to 67 organisations on the cyber underground.

Not much is known yet about the group's tactics, techniques, and procedures (TTPs), likely due to the low profile of their victims. The victims span science and technology, manufacturing, retail, construction, healthcare, and more, with victims from as far afield as India, Peru, Madagascar and Brazil, amongst others.

https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally

• Financial Firms to Build Resilience in Face of Growing Cyber-Threats

Cyber resilience is now a key component of operational resilience for the UK’s financial markets, according to a Bank of England official. Cyber attacks have increased by 38% in 2022, and the range of firms and organisations being impacted seems to grow broader and broader.

Regulators want to see how financial firms will cope with an attack, and its impact on the wider financial services ecosystem. Similar work is being done at an international level by the G7, which has its own cyber expert group. In the UK, the main tools for improving resilience are threat intelligence sharing, better coordination between firms, regulators, the Bank and the Treasury, and penetration testing including CBEST. Financial services firms should have scenario specific playbooks, to set out how to contain intruders and stop them spreading to clients and counterparties. In the past, simulation exercises have been used to model terrorist incidents and pandemics and they are now being used to model cyber attacks.

https://www.infosecurity-magazine.com/news/financial-firms-to-build-resilience/

• Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level

The US Securities and Exchange Commission (SEC) is expected to introduce a rule requiring demonstration of cyber security expertise at the board level for public companies. A recent study found that currently up to 90% of companies in the Russell 3000 lack even a single director with the necessary cyber expertise. The simplest and speediest solution would be to promote the existing CISO, provided they have the appropriate qualities and experience, to the board but that would require transplanting a focused operational executive into a strategic business advisory role. A credible alternative is to bring in a cyber focused Non-Executive Director with the appropriate skills and experience.

https://www.securityweek.com/fulfilling-expected-sec-requirements-for-cybersecurity-expertise-at-board-level/

Governance, Risk and Compliance

• Why assessing third parties for security risk is still an unsolved problem | CSO Online

• How DORA Will Force Financial Firms to Adopt Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• Navigating the Complex World of Cyber security Compliance - MSSP Alert

• Security budget hikes are missing the mark, CISOs say | CSO Online

• Understanding Cyber Resilience: Building A Holistic Approach To Cyber security (informationsecuritybuzz.com)

• How to Weather the Coming Cyber security Storm - Infosecurity Magazine (infosecurity-magazine.com)

• Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)

• Increased spending doesn't translate to improved cyber security posture - Help Net Security

• Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)

• CISOs’ New Stressors Brought on by Digitalization: Report - SecurityWeek

• Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek

• Decrypting Cyber Risk Quantification (trendmicro.com)

• From details to big picture: how to improve security effectiveness | CIO

• IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters

• Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cyber crime group C10p (afr.com)

• Ransomware Misconceptions Abound, to the Benefit of Attackers (darkreading.com)

• US Offers $10m Reward For MOVEit Attackers - Infosecurity Magazine (infosecurity-magazine.com)

• Data leak at Australian law firm spooks government, business • The Register

• Moveit hack: attack on BBC and BA offers glimpse into the future of cyber crime (theconversation.com)

• Fresh Ransomware Gangs Emerge As Market Leaders Decline (darkreading.com)

• Emerging Ransomware Group 8Base Doxxes SMBs Globally (darkreading.com)

• A Russian national charged for committing LockBit Ransomware attacks - Security Affairs

• Rorschach Ransomware: What You Need to Know (darkreading.com)

• Ransomware is only getting faster: Six steps to a stronger defence (bleepingcomputer.com)

• Ransomware gang preys on cancer centers, triggers alert | SC Media (scmagazine.com)

• Ransomware attacks pose communications dilemmas for local governments | CSO Online

• LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems (darkreading.com)

Ransomware Victims

• MOVEit victim list | KonBriefing.com

• PwC and EY impacted by MOVEit cyber attack (cshub.com)

• Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek

• Hackers threaten to release photos of Beverly Hills plastic surgery patients (bitdefender.com)

• Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack - SecurityWeek

• BlackCat gang threatens to leak plastic surgery photos • The Register

• Reddit confirms BlackCat ransomware gang stole its data • The Register

• Adur and Worthing Councils investigating after contractor data breach | The Argus

• Iowa’s largest school district confirms ransomware attack, data theft (bleepingcomputer.com)

• Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)

• MOVEit cyber attack: US Energy Department gets two ransom notices as MOVEit hack claims more victims - The Economic Times (indiatimes.com)

• USDA is investigating a 'possible data breach' related to global Russian cyber criminal hack | CNN

• Avast, Norton Parent Latest Victim of MOVEit Ransomware Attacks (darkreading.com)

• MOVEit Vulnerability Breaches Targeted Fed Agencies (trendmicro.com)

Phishing & Email Based Attacks

• One in Three UK&I Workers Susceptible to Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber crime: what does psychology have to do with phishing? – podcast | Science | The Guardian

• Hackers Will Be Quick to Bypass Gmail's Blue Check Verification System (darkreading.com)

• UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)

• Insurance companies neglect basic email security - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• The Simplest Social Engineering Hack Of Them All | Hackaday

• Attackers Create Synthetic Security Researchers to Steal IP (darkreading.com)

Artificial Intelligence

• Civil servants told not to share state secrets with ChatGPT, leaked guidance reveals (telegraph.co.uk)

• How generative AI is creating new classes of security threats | VentureBeat

• Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces (thehackernews.com)

• ‘With hackers adopting AI, it’s a cat-and-mouse game’ | Mint (livemint.com)

• ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security

• Biden Discusses Risks and Promises of Artificial Intelligence With Tech Leaders in San Francisco - SecurityWeek

• The next wave of cyber threats: Defending your company against cyber criminals empowered by generative AI | VentureBeat

• Google Tells Employees to Stay Away from Its Bard Chatbot (gizmodo.com)

Malware

• Experts Uncover Year-Long Cyber Attack on IT Firm Utilising Custom Malware RDStealer (thehackernews.com)

• Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)

• Hackers use fake OnlyFans pics to drop info-stealing malware (bleepingcomputer.com)

• Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems (thehackernews.com)

• Mysterious Mystic Stealer Spreads Like Wildfire in Mere Months (darkreading.com)

• Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)

• To kill BlackLotus malware, patching is a good start, but... • The Register

• Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)

• APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)

• ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)

• Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)

• USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)

• NSA shares tips on blocking BlackLotus UEFI malware attacks (bleepingcomputer.com)

• Chinese malware accidentally infects networked storage • The Register

• ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)

Mobile

• New Version of Android GravityRAT Spyware Targets WhatsApp Backups - Infosecurity Magazine (infosecurity-magazine.com)

• SMS delivery reports can be used to infer recipient's location (bleepingcomputer.com)

• Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)

• This Android app with over 50,000 installs steals your files and microphone recordings — what to do | Tom's Guide (tomsguide.com)

• Android spyware camouflaged as VPN, chat apps on Google Play (bleepingcomputer.com)

Botnets

• Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online

• New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)

• Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)

• Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)

• Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west | Cyber crime | The Guardian

• European Investment Bank hit by cyber attack after Russian hackers vow to bring down financial system (telegraph.co.uk)

• New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)

• Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times

• From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)

Internet of Things – IoT

• Thousands left vulnerable after severe weakness is discovered in home security system's mobile app | TechSpot

• Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online

• Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)

• Security for embedded devices is ignored by too many companies, expert says | Fierce Electronics

• Our cities are becoming increasingly automated—and we’re not ready (fastcompany.com)

• US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek

• Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)

Data Breaches/Leaks

• Data leak at Australian law firm spooks government, business • The Register

• Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek

• 3CX data exposed, third-party to blame - Security Affairs

• Mondelez says crooks stole staff data in security breach • The Register

• UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)

• Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)

• Australia Inc roiled by raft of cyber attacks since late 2022 - The Economic Times (indiatimes.com)

• SSD missing from SAP datacenter turns up on eBay • The Register

• Millions of UK University Credentials Found on Dark Web - Infosecurity Magazine (infosecurity-magazine.com)

• Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Darknet Parliament is now a thing | Cybernews

• Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)

• Moveit hack: attack on BBC and BA offers glimpse into the future of cyber crime (theconversation.com)

• Cyber attackers Got More Creative Post-Pandemic, Proofpoint Study Finds - MSSP Alert

• The Great Exodus to Telegram: A Tour of the New Cyber crime Underground (bleepingcomputer.com)

• Cyber crime Doesn't Take a Vacation (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)

• Blockchain security: Everything you should know for safe use | TechTarget

• From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)

Insider Risk and Insider Threats

• Cost-of-Living Crisis increasing chances of Insider threats - IT Security Guru

• Preventing breaches through cyber awareness: How every federal employee contributes to cyber security | Federal News Network

Fraud, Scams & Financial Crime

• Influencers in firing line as France tackles scams - BBC News

• Keep Job Scams From Hurting Your Organisation (darkreading.com)

• Job Seekers, Look Out for Job Scams (darkreading.com)

Impersonation Attacks

• Attackers Create Synthetic Security Researchers to Steal IP (darkreading.com)

AML/CFT/Sanctions

• EU agrees new sanctions against Russia, targeting Chinese companies suspected of circumvention | Euronews

Dark Web

• Darknet Parliament is now a thing | Cybernews

• Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces (thehackernews.com)

• Millions of UK University Credentials Found on Dark Web - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Capita faces first legal Letter of Claim over mega breach • The Register

• Why assessing third parties for security risk is still an unsolved problem | CSO Online

• 3CX data exposed, third-party to blame - Security Affairs

• Mondelez says crooks stole staff data in security breach • The Register

• Untangling the web of supply chain security with Tony Turner - Help Net Security

Software Supply Chain

• CISA SBOM standards efforts stymied by confusion, inertia | TechTarget

Cloud/SaaS

• Growing SaaS Usage Means Larger Attack Surface (darkreading.com)

• Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters

• A new threat to financial stability lurks in the cloud | Financial Times (ft.com)

• Cloud CISO Perspectives: Early June 2023 | Google Cloud Blog

• Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west | Cyber crime | The Guardian

• Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek

• Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)

• Attackers discovering exposed cloud assets within minutes | TechTarget

• Cloud-native security hinges on open source - Help Net Security

• Hybrid Microsoft network/cloud legacy settings may impact your future security posture | CSO Online

• US cyber ambassador says China can win on AI, cloud • The Register

Hybrid/Remote Working

• Home working puts confidential data at risk, GCHQ warns law firms (telegraph.co.uk)

Shadow IT

• Ending the ‘forever war’ against shadow IT | CIO

Identity and Access Management

• The future of passwords and authentication - Help Net Security

Encryption

• Intel to start shipping a quantum processor | Ars Technica

• Quantum hacking alert: Critical vulnerabilities found in quantum key distribution (techxplore.com)

• The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica

• Physics - Long-Range Quantum Cryptography Gets Simpler (aps.org)

API

• Why API Security Could Be the Next Big Thing in Cyber - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)

• Beware bad passwords as attackers co-opt Linux servers into cyber crime – Naked Security (sophos.com)

• Cloud-native security hinges on open source - Help Net Security

• ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Majority of Users Neglect Best Password Practices: Keeper Security - Infosecurity Magazine (infosecurity-magazine.com)

• Forging a Path to Account Takeover: Copy Password Reset Link Vulnerability worth $$$$. | by Manav Bankatwala | Jun, 2023 | InfoSec Write-ups (infosecwriteups.com)

• The future of passwords and authentication - Help Net Security

• These are the most hacked passwords. Is yours on the list? | ZDNET

• Beware bad passwords as attackers co-opt Linux servers into cyber crime – Naked Security (sophos.com)

Social Media

• Influencers in firing line as France tackles scams - BBC News

• Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)

Training, Education and Awareness

• Preventing breaches through cyber awareness: How every federal employee contributes to cyber security | Federal News Network

• Security Training Fail Impacting Digital Transformation - Infosecurity Magazine (infosecurity-magazine.com)

• Security Training Needs to Nudge, Not Nag - Infosecurity Magazine (infosecurity-magazine.com)

Digital Transformation

• Security Training Fail Impacting Digital Transformation - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security

• Bill allowing CISA to assist foreign governments passes Senate committee | SC Media (scmagazine.com)

• Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek

Models, Frameworks and Standards

• The significance of CIS Control mapping in the 2023 Verizon DBIR - Help Net Security

• What is PCI Compliance? 12 Requirements and More Explained | Definition from TechTarget

Secure Disposal

• SSD missing from SAP datacenter turns up on eBay • The Register

Data Protection

• ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security

• Consumer Data: The Risk and Reward for Manufacturing Companies (darkreading.com)

• IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)

Careers, Working in Cyber and Information Security

• 8 notable entry-level cyber security career and skills initiatives in 2023 | CSO Online

• UK military is struggling to recruit tech experts, says report | Financial Times (ft.com)

• Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)

• The Quintessential Toolkit: Five Essential Skills For Advancing In The Cyber security Realm (informationsecuritybuzz.com)

• Cyber security Industry Still Fighting to Recruit and Retain Talent - Infosecurity Magazine (infosecurity-magazine.com)

• It’s Time to Think Creatively to Combat Skills Shortages - Infosecurity Magazine (infosecurity-magazine.com)

• Google announces $20 million investment for cyber clinics | CyberScoop

Law Enforcement Action and Take Downs

• Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)

• Megaupload duo will go to prison at last, but Kim Dotcom fights on… – Naked Security (sophos.com)

• A Russian national charged for committing LockBit Ransomware attacks - Security Affairs

Privacy, Surveillance and Mass Monitoring

• SMS delivery reports can be used to infer recipient's location (bleepingcomputer.com)

• US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Killnet Threatens Imminent SWIFT, World Banking Attacks (darkreading.com)

• A Newly Named Group of GRU Hackers is Wreaking Havoc in Ukraine | WIRED

• Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west | Cyber crime | The Guardian

• UK Pledges Millions in Cyber-Defence Aid to Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• European Investment Bank hit by cyber attack after Russian hackers vow to bring down financial system (telegraph.co.uk)

• Russia sent its reserve team to wipe Ukrainian hard drives • The Register

• Russian APT Group Caught Hacking Roundcube Email Servers - SecurityWeek

• Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)

• Russian APT28 hackers breach Ukrainian govt email servers (bleepingcomputer.com)

• Strategies for staying ahead of modern cyber warfare - CyberTalk

• German intelligence services point to increased hybrid security threats – EURACTIV.com

Nation State Actors

• Microsoft Pins Early June DDoS Attacks on Russian-linked Cyber Crew - MSSP Alert

• US DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors - SecurityWeek

• Cooperation or Competition? China’s Security Industry Sees the US, Not AI, as the Bigger Threat - SecurityWeek

• US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek

• USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)

• CISA orders govt agencies to patch bugs exploited by Russian hackers (bleepingcomputer.com)

• US Cyber Ambassador says China can win on AI, cloud • The Register

• Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog

• State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments (thehackernews.com)

• The Israeli weapons and spyware falling into the hands of despots | Financial Times (ft.com)

• The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica

• Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times

• A Russian national charged for committing LockBit Ransomware attacks - Security Affairs

• Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)

• APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)

• ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)

• 20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks (darkreading.com)

• Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)

• North Korean APT targets defectors, activists with infostealer malware | SC Media (scmagazine.com)

• RedEyes Group Targets Individuals with Wiretapping Malware - Infosecurity Magazine (infosecurity-magazine.com)

• US Justice Department Launches New National Security Cyber Section - Infosecurity Magazine (infosecurity-magazine.com)

• China-sponsored APT group targets government ministries in the Americas | CSO Online

• Chinese malware accidentally infects networked storage • The Register

• Trellix Detects Leading Threat Actor Countries Behind Nation-State Activity - MSSP Alert

Vulnerability Management

• Guess what happened to this US agency that didn't patch? • The Register

• EU Council mulls pan-European platform to handle cyber vulnerabilities – EURACTIV.com

• The Benefits of Red Zone Threat Intelligence - SecurityWeek

Vulnerabilities

• VMware warns of critical vRealize flaw exploited in attacks (bleepingcomputer.com)

• Microsoft Teams Vulnerability: The GIFShell Attack (latesthackingnews.com)

• Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari (thehackernews.com)

• Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild (darkreading.com)

• Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices - Security Affairs

• Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)

• Chrome and Its Vulnerabilities - Is the Web Browser Safe to Use? - SecurityWeek

• Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites - SecurityWeek

• SMB Edge Devices Walloped With Asus, Zyxel Patch Warnings (darkreading.com)

• VMware fixes vCenter Server bugs allowing code execution, auth bypass (bleepingcomputer.com)

• Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands (darkreading.com)

• Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek

• Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks | TechTarget

• ASUS warns router customers: Patch now, or block all inbound requests – Naked Security (sophos.com)

• Firmware Backdoor Discovered in Gigabyte Motherboards, Hundreds of Models Affected - CPO Magazine

• Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)

• A (cautionary) tale of two patched bugs, both under exploit • The Register

• Millions of GitHub repos likely vulnerable to RepoJacking, researchers say (bleepingcomputer.com)

• Windows 11 KB5027231 also breaks Chrome for Cisco, WatchGuard EDR users (bleepingcomputer.com)

• Gaps in Azure Service Fabric’s Security Call for User Vigilance (trendmicro.com)

Tools and Controls

• Getting Over the DNS Security Awareness Gap (darkreading.com)

• Zscaler CEO: Firewalls Are Going The Way Of The Mainframe | CRN

• The future of passwords and authentication - Help Net Security

• Understanding Cyber Resilience: Building A Holistic Approach To Cyber security (informationsecuritybuzz.com)

• Increased spending doesn't translate to improved cyber security posture - Help Net Security

• Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)

• Security investments that help companies navigate the macroeconomic climate - Help Net Security

• The Benefits of Red Zone Threat Intelligence - SecurityWeek

Reports Published in the Last Week

• Proofpoint’s 2023 Human Factor Report: Threat Actors Scale and Commoditise Uncommon Tools and Techniques | Proofpoint UK

• Trellix Detects Leading Threat Actor Countries Behind Nation-State Activity - MSSP Alert

• The Threat Report: June 2023 | Trellix

• Navigating The Cyber Threat Landscape: Key Insights From Trellix ARC's Q1 2023 Report (informationsecuritybuzz.com)

Other News

• Boris Johnson’s notebooks cause national security alarm (thetimes.co.uk)

• ‘It could be taken down by an enthusiastic child’: Whitehall wide open to cyber attack, warn campaigners | Cyber crime | The Guardian

• Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation - SecurityWeek

• Cyber attacks on OT, ICS Lay Groundwork for Kinetic Warfare (darkreading.com)

• Why CISOs should be concerned about space-based attacks | CSO Online

• Legal firms urged to strengthen cyber defences with latest... - NCSC.GOV.UK

• 6 Attack Surfaces You Must Protect (darkreading.com)

• GCHQ’s top hacker James Babbage quits to join NCA in blow to UK cyber force (telegraph.co.uk)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month

March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.

Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.

The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.

https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/

• Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces

Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.

The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:

• Keeping up with threat intelligence (70%)

• Allocating cyber security resources and budget (47%)

• Visibility into all assets connected to the network (44%)

• Compliance and regulation (39%)

• Convergence of IT and OT (32%)

The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.

https://www.msspalert.com/cybersecurity-news/organizations-overwhelmed-with-cybersecurity-alerts-threats-and-attack-surfaces-armis-study-shows/

• One in Three Businesses Faced Cyber Attacks Last Year

Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.

Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.

https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html

• Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged

Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.

The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.

https://www.darkreading.com/vulnerabilities-threats/why-your-anti-fraud-identity-cybersecurity-efforts-should-be-merged

• Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security

With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.

Cobalt’s recent report found:

• Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.

• Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.

• Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.

https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/

• Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes

Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.

Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.

https://www.hivesystems.io/blog/are-your-passwords-in-the-green

• 83% of Organisations Paid Up in Ransomware Attacks

A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.

Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.

https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/

• Security is a Revenue Booster, Not a Cost Centre

Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.

For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.

In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.

https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center

• Ex-CEO Gets Prison Sentence for Bad Security

A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.

Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.

The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.

https://nakedsecurity.sophos.com/2023/04/18/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence-for-bad-data-security/

• Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers

There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.

https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/

• KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend

KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.

The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.

Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.

https://www.itsecurityguru.org/2023/04/19/knowbe4-q1-phishing-report-reveals-it-and-online-services-emails-drive-dangerous-attack-trend/

• Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack

Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.

While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.

https://www.theguardian.com/business/2023/apr/20/capita-admits-customer-data-may-have-been-breached-during-cyber-attack

• Outdated Cyber Security Practices Leave Door Open for Criminals

A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.

https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/

• Quantifying Cyber Risk Vital for Business Survival

Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.

https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/

• Recycled Network Devices Exposing Corporate Secrets

Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.

Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.

In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.

The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.

https://www.infosecurity-magazine.com/news/recycled-network-exposing/

Threats

Ransomware, Extortion and Destructive Attacks

• 83% of organisations paid up in ransomware attacks  | VentureBeat

• March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

• Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)

• RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• UK Education Sector Suffered Most from Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs

• Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek

• LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)

• Abuse victims' data stolen in ransomware attack (rte.ie)

• Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch

• Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs

• Black Basta claims it's selling off stolen Capita data • The Register

• An Analysis of the BabLock Ransomware (trendmicro.com)

• Ransomware reinfection and its impact on businesses - Help Net Security

• Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)

• Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)

• Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)

• Medusa ransomware crew boasts of Microsoft code leak • The Register

• New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• New Qbot campaign delivers malware by hijacking business emails | CSO Online

• KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend - IT Security Guru

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET

• UK government employees receive average of 2,246 malicious emails per year - IT Security Guru

BEC – Business Email Compromise

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• US charges three men with six million dollar business email compromise plot | Tripwire

2FA/MFA

• How to Prevent 2 Common Attacks on MFA (darkreading.com)

Malware

• Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)

• New Chameleon banking trojan is stealing account info — what you need to know | Tom's Guide (tomsguide.com)

• US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)

• New QBot campaign delivered hijacking business correspondenceSecurity Affairs

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• MacStealer - newly-discovered malware steals passwords and exfiltrates data from infected Macs • Graham Cluley

• 'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)

• What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)

Mobile

• Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

Botnets

• 'Zaraza' Bot Targets Google Chrome to Extract Login Credentials (darkreading.com)

Internet of Things – IoT

• Military helicopter crash blamed on missing software patch • The Register

• Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

• Five Eye nations release new guidance on smart city cyber security | CSO Online

Data Breaches/Leaks

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)

• Volvo retailer leaks sensitive files - Security Affairs

• Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek

• Cyber attack on Insurance Information Bureau of India; data at risk - The Economic Times (indiatimes.com)

• Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek

Organised Crime & Criminal Actors

• Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• Standardized data collection methods can help fight cyber crime | TechTarget

• Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

Insider Risk and Insider Threats

• Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Top risks and best practices for securely offboarding employees | CSO Online

• Critical Infrastructure Firms Concerned Over Insider Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How to Strengthen your Insider Threat Security - IT Security Guru

Fraud, Scams & Financial Crime

• Pre-pandemic techniques are fueling record fraud rates - Help Net Security

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• Trial and error in Kuwait | CyberScoop

• US extradites Nigerian charged in $6m email fraud scam • The Register

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• Three charged over banking fraud for hire website | Computer Weekly

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

• Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur

• FTC orders payments firm to pay $650k over tech support scam • The Register

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Fraudsters impersonating genuine providers cost £177.6m in 2022, UK Finance data suggests | Business News | Sky News

• Scammers using social media to dupe people into becoming money mules - Help Net Security

AML/CFT/Sanctions

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)

• Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek

• Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online

Dark Web

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

Supply Chain and Third Parties

• Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)

• 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant

• Capita admits customer, supplier or colleague data may have been accessed by hackers | Business News | Sky News

• Lazarus APT group employed Linux Malware in recent attacks-Security Affairs

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

Software Supply Chain

• CISA Introduces Secure-by-design and Secure-by-default Development Principles – Security Week

Cloud/SaaS

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• Is there really a march from the public cloud back on-prem? | TechCrunch

• Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs

Attack Surface Management

• Recycled Core Routers Expose Sensitive Corporate Network Info (darkreading.com)

Shadow IT

• The staying power of shadow IT, and how to combat risks related to it - Help Net Security

Identity and Access Management

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)

• The biggest data security blind spot: Authorization - Help Net Security

Encryption

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

API

• Triple-digit Increase in API and App Attacks on Tech and Retail - Infosecurity Magazine (infosecurity-magazine.com)

• There's Been a 400% Increase in Unique API Attackers - The New Stack

Open Source

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Security beyond software: The open source hardware security evolution - Help Net Security

• Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com

Passwords, Credential Stuffing & Brute Force Attacks

• How Long It Would Take A Hacker To Brute Force Your Password In 2023, Ranked | Digg

Social Media

• LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Scammers using social media to dupe people into becoming money mules - Help Net Security

Regulations, Fines and Legislation

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Brit cops rapped over app that recorded 200k phone calls • The Register

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Governance, Risk and Compliance

• Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)

• Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• 'One in three firms faced cyber attacks last year' (aol.co.uk)

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

• Quantifying cyber risk vital for business survival - Help Net Security

• Wargaming an effective data breach playbook - Help Net Security

• Outdated cyber security practices leave door open for criminals - Help Net Security

• CISOs struggling to protect sensitive data records - Help Net Security

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Gartner Top Strategic Cyber security Trends 2023

• 3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)

• Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-CIO must pay £81k over Total Shambles Bank migration • The Register

• Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security

• Top risks and best practices for securely offboarding employees | CSO Online

• How companies are struggling to build and run effective cyber security programs - Help Net Security

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)

Secure Disposal

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

Backup and Recovery

• CISOs struggling to protect sensitive data records - Help Net Security

Data Protection

• Government reprimanded for serious breaches of data protection law - Jersey Evening Post

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Brit cops rapped over app that recorded 200k phone calls • The Register

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Careers, Working in Cyber and Information Security

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

Law Enforcement Action and Take Downs

• Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes (bitdefender.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• US extradites Nigerian charged in $6m email fraud scam • The Register

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

• Three charged over banking fraud for hire website | Computer Weekly

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Privacy, Surveillance and Mass Monitoring

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• What the Recent Collapse of SVB Means for Privacy (darkreading.com)

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

Artificial Intelligence

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register

• AI-created malware sends shockwaves through cybersecurity world | Fox News

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)

• ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Misinformation, Disinformation and Propaganda

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers targeting UK more frequently (thetimes.co.uk)

• UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure | CSO Online

• Russian hackers want to ‘disrupt or destroy’ UK infrastructure, minister warns | Hacking | The Guardian

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)

• Meet the hacker armies on Ukraine's cyber front line - BBC News

• Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)

• Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• How cyber support to Ukraine can build its democratic future | CyberScoop

• Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)

• Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)

• Britain sounds alarm on spyware, mercenary hacking market | Reuters

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

• The UK will need more than words in this cyber war | Financial Times (ft.com)

• Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)

Nation State Actors

• BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)

• 3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)

• UK security chief’s alert over threat from China (thetimes.co.uk)

• Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites (thehackernews.com)

• APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)

• China starts ‘surgical’ retaliation against foreign companies after US-led tech blockade | Financial Times

• Iranian-Russian cooperation on hack attacks may challenge Israeli cyber supremacy | The Times of Israel

• US charges 44 members of alleged Chinese troll army • The Register

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets - Microsoft Security Blog

• MuddyWater Uses SimpleHelp to Target Critical Infrastructure Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)

• Iranian Nation-State Actor "Mint Sandstorm" Weaponizes N-day Flaws - Infosecurity Magazine (infosecurity-magazine.com)

• Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)

• Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Vulnerability Management

• Military helicopter crash blamed on missing software patch • The Register

• Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

Vulnerabilities

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• CISA: Patch Bug Exploited by Chinese E-commerce App - Infosecurity Magazine (infosecurity-magazine.com)

• Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)

• Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)

• Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs

• VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek

• Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products (thehackernews.com)

• Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)

Tools and Controls

• CISA Asks Manufacturers to Prioritize Cybersecurity in Product Design - Infosecurity Magazine (infosecurity-magazine.com)

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• 7 countries unite to push for secure-by-design development | CSO Online

• Wargaming an effective data breach playbook - Help Net Security

• Where There's No Code, There's No SDLC (darkreading.com)

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)

• Microsoft opens up Defender with file hash, URL search • The Register

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

• How to build a cybersecurity deception program | TechTarget

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

• Threat Posed by 'Irresponsible' Use of Commercial Hacking Tools Increasing, NCSC Warns - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs struggling to protect sensitive data records - Help Net Security

• Generative AI in SecOps and how to prepare | TechTarget

• AI defenders ready to foil AI-armed attackers • The Register

• Newer Authentication Tech a Priority for 2023 (darkreading.com)

Other News

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop

• Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)

• How to defend against TCP port 445 and other SMB exploits | TechTarget

• Criminal Records Service still disrupted 4 weeks after hack - BBC News

• Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)

• Cyberspace Solarium Commission says space systems should be considered critical infrastructure | CyberScoop

• UK Strengthens Cyber security Audits for Government Agencies - Infosecurity Magazine (infosecurity-magazine.com)

• EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com

 Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 1 in 3 Employees Don’t Understand Why Cyber Security Is Important

According to a new Tessian report, 30% of employees do not think they personally play a role in maintaining their company’s cyber security posture.

What’s more, only 39% of employees say they’re very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, 42% of employees said they wouldn’t know if they had caused an incident in the first place, and 25% say they just don’t care enough about cyber security to mention it.

Virtually all IT and security leaders agreed that a strong security culture is important in maintaining a strong security posture. Yet, despite rating their organisation’s security 8 out 10, on average, three-quarters of organisations experienced a security incident in the last 12 months.

The report suggests this could stem from a reliance on traditional training programs: 48% of security leaders say training is one of the most important influences on building a positive security posture. But the reality is that employees aren’t engaged; just 28% of UK and US workers say security awareness training is engaging and only 36% say they’re paying full attention. Of those who are, only half say it’s helpful, while another 50% have had a negative experience with a phishing simulation. With recent headlines depicting how phishing simulations can go awry, negative experiences like these further alienate employees and decrease engagement.

https://www.helpnetsecurity.com/2022/07/28/employees-dont-understand-why-cybersecurity-is-important/

• As Companies Calculate Cyber Risk, the Right Data Makes a Big Difference

The proposed US Securities and Exchange Commission’s stronger rules for reporting cyber attacks will have ramifications beyond increased disclosure of attacks to the public. By requiring not just quick reporting of incidents, but also disclosure of cyber policies and risk management, such regulation will ultimately bring more accountability for cyber security to the highest levels of corporate leadership. Other jurisdictions will very likely follow the US in requiring more stringent cyber controls and governance.

This means that boards and executives everywhere will need to increase their understanding of cyber security, not only from a tech point of view, but from a risk and business exposure point of view. The CFO, CMO and the rest of the C-suite and board will want and need to know what financial exposure the business faces from a data breach, and how likely it is that breaches will happen. This is the only way they will be able to develop cyber policies and plans and react properly to the proposed regulations.

Companies will therefore need to be able to calculate and put a dollar value on their exposure to cyber risk. This is the starting point for the ability to make cyber security decisions not in a vacuum, but as part of overall business decisions. To accurately quantify cyber security exposure, companies need to understand what the threats are and which data and business assets are at risk, and they then need to multiply the cost of a breach by the probability that such an event will take place in order to put a dollar figure on their exposure.

While there are many automated tools, including those that use artificial intelligence (AI), that can help with this, the key to doing this well is to make sure calculations are rooted in real and relevant data – which is different for each company or organisation.

https://venturebeat.com/2022/07/22/as-companies-calculate-cyber-risk-the-right-data-makes-a-big-difference/

• Only 25% Of Organisations Consider Their Biggest Threat to Be from Inside the Business

A worrying 73.5% of organisations feel they have wasted the majority of their cyber security budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal, according to Gurucul.

Only 25% of organisations consider their biggest threat to be from inside the business, despite insider threats increasing by 47% over the past two years. With only a quarter of businesses seeing their biggest threat emanating from inside their organisation, it seems over 70% saw the biggest cyber security challenges emanating from external threats such as ransomware. In fact, although external threats account for many security incidents, we must never forget to look beyond those external malicious and bad actors to insider threats to effectively secure corporate data and IP.

The survey also found 33% of respondents said they are able to detect threats within hours, while 27.07% even claimed they can detect threats in real-time. However, challenges persist with 33% of respondents stating that it still takes their organisation days and weeks to detect threats, with 6% not being able to detect them at all.

https://www.helpnetsecurity.com/2022/07/28/biggest-threat-inside-the-business/

• The Global Average Cost of a Data Breach Reaches an All-Time High of $4.35 Million

IBM Security released the 2022 Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organisations.

With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organisations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

The perpetuality of cyber attacks is also shedding light on the “haunting effect” data breaches are having on businesses, with the IBM report finding 83% of studied organisations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organisations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.

The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organisations globally between March 2021 and March 2022. The research, which was sponsored and analysed by IBM Security, was conducted by the Ponemon Institute.

https://www.helpnetsecurity.com/2022/07/27/2022-cost-of-a-data-breach-report/

• Race Against Time: Hackers Start Hunting for Victims Just 15 Minutes After a Bug Is Disclosed

Attackers are becoming faster at exploiting previously undisclosed zero-day flaws, according to Palo Alto Networks.  This means that the amount of time that system admins have to patch systems before exploitation happens is shrinking fast..

The company warns in its 2022 report covering 600 incident response (IR) cases that attackers typically start scanning for vulnerabilities within 15 minutes of one being announced.

Among this group are 2021's most significant flaws, including the Exchange Server ProxyShell and ProxyLogon sets of flaws, the persistent Apache Log4j flaws aka Log4Shell, the SonicWall zero-day flaws, and Zoho ManageEngine ADSelfService Plus.

While phishing remains the biggest method for initial access, accounting for 37% of IR cases, software vulnerabilities accounted of 31%. Brute-force credential attacks (like password spraying) accounted for 9%, while smaller categories included previously compromised credentials (6%), insider threat (5%), social engineering (5%), and abuse of trusted relationships/tools (4%).    

Over 87% of the flaws identified as the source of initial access fell into one of six vulnerability categories.

https://www.zdnet.com/article/race-against-time-hackers-start-hunting-for-victims-just-15-minutes-after-a-bug-is-disclosed/

• Ransomware-as-a-Service Groups Forced to Change Tack as Payments Decline

Ransomware-as-a-service (RaaS) operators are evolving their tactics yet again in response to more aggressive law enforcement efforts, in a move that is reducing their profits but also making affiliates harder to track, according to Coveware.

The security vendor’s Q2 2022 ransomware report revealed that concerted efforts to crack down on groups like Conti and DarkSide have forced threat actors to adapt yet again.

It identified three characteristics of RaaS operations that used to be beneficial, but are increasingly seen as a hinderance.

The first is RaaS branding, which has helped to cement the reputation of some groups and improve the chances of victims paying, according to Coveware. However, branding also makes attribution easier and can draw the unwanted attention of law enforcement, it said.

“RaaS groups are keeping a lower profile and vetting affiliates and their victims more thoroughly,” Coveware explained.

“More RaaS groups have formed, resulting in less concentration among the top few variants. Affiliates are frequently shifting between RaaS variants on different attacks, making attribution beyond the variant more challenging.”

In some cases, affiliates are also using “unbranded” malware to make attribution more difficult, it added.

The second evolution in RaaS involves back-end infrastructure, which used to enable scale and increase profitability. However, it also means a larger attack surface and a digital footprint that’s more expensive and challenging to maintain.

As a result, RaaS developers are being forced to invest more in obfuscation and redundancy, which is hitting profits and reducing the amount of resources available for expansion, Coveware claimed.

Finally, RaaS shared services used to help affiliates with initial access, stolen data storage, negotiation management and leak site support.

https://www.infosecurity-magazine.com/news/raas-groups-forced-change-payments/

• Phishers Targeted Financial Services Most During H1 2022

Banks received the lion’s share of phishing attacks during the first half of 2022, according to figures published by cyber security company Vade.

The analysis also found that attackers were most likely to send their phishing emails on weekdays, with most arriving between Monday and Wednesday. Attacks tapered off towards the end of the week, Vade said.

While financial services scored highest on a per-sector basis, Microsoft was the most impersonated brand overall. The company’s Microsoft 365 cloud productivity services are a huge draw for cyber-criminals hoping to access accounts using phishing attacks.

Phishing attacks on Microsoft customers have become more creative, according to Vade, which identified several phone-based attacks. It highlighted a campaign impersonating Microsoft’s Defender anti-malware product, fraudulently warning that the company had debited a subscription fee. It encouraged victims to fix the problem by phone.

Facebook came a close second, followed by financial services company Crédit Agricole, WhatsApp and Orange.

https://www.infosecurity-magazine.com/news/phishers-financial-services-h1-2022/

• HR Emails Dupe Employees the Most – KnowBe4 research reveals

In phishing tests conducted on business emails, more than half of the subject lines clicked imitated Human Resources communications.

New research has revealed the top email subjects clicked on in phishing tests were those related to or from Human Resources, according to the latest ‘most clicked phishing tests‘ conducted by KnowBe4. In fact, half of those that were clicked on had subject lines related to Human Resources, including vacation policy updates, dress code changes, and upcoming performance reviews. The second most clicked category were those send from IT, which include requests or actions of password verifications that were needed immediately.

KnowBe4’s CEO commented “More than 80% of company data breaches globally come from human error, so security awareness training for your staff is one of the least costly and most effective methods to thwart social engineering attacks. Training gives employees the ability to rapidly recognise a suspicious email, even if it appears to come from an internal source, causing them to pause before clicking. That moment where they stop and question the email is a critical and often overlooked element of security culture that could significantly reduce your risk surface.”

This research comes hot off the heels of the recent KnowBe4 industry benchmarking report which found one in three untrained employees will click on a phishing link. The worst performing industries were Energy & Utilities, Insurance and Consulting, with all labelled the most at risk for social engineering in the large enterprise category.

https://www.itsecurityguru.org/2022/07/27/hr-emails-dupe-employees-the-most-knowbe4-research-reveals/

• 84% Of Organisations Experienced an Identity-Related Breach in the Past 18 Months

60% of IT security decision makers believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20%), treading water (13%), or merely running to keep up (27%), according to a survey by Sapio Research.

The report also highlights differences between the perceived and actual effectiveness of security strategies. While 40% of respondents believe they have the right strategy in place, 84% of organisations reported that they have experienced an identity-related breach or an attack using stolen credentials during the previous year and a half.

Promisingly, many organisations are hungry to make a change, particularly when it comes to protecting identities. In fact, 90% of respondents state that their organisations fully recognise the importance of identity security in enabling them to achieve their business goals, and 87% say that it is one of the most important security priorities for the next 12 months.

However, 75% of IT and security professionals also believe that they’ll fall short of protecting privileged identities because they won’t get the support they need. This is largely due to a lack of budget and executive alignment, with 63% of respondents saying that their company’s board still doesn’t fully understand identity security and the role it plays in enabling better business operations.

While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks. This means that the majority of organisations will continue to fall short of protecting privileges, leaving them vulnerable to cyber criminals looking to discover privileged accounts and abuse them.

https://www.helpnetsecurity.com/2022/07/28/identity-related-breach/

• Economic Downturn Raises Risk of Insiders Going Rogue

Declining economic conditions could make insiders more susceptible to recruitment offers from threat actors looking for allies to assist them in carrying out various attacks.

Enterprise security teams need to be aware of the heightened risk and strengthen measures for protecting against, detecting, and responding to insider threats, researchers from Palo Alto Network's Unit 42 threat intelligence team recommended in a report this week.