Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox

The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.

Sources: [IT Security Guru] [Emerging Risks]

Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery

The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.

According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.

Sources: [The Hacker News] [Huntress] [SC Media]

Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy

Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.

Source: [Forbes]

Ransomware Double-Dip: Re-Victimisation in Cyber Extortion

A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.

Sources: [Security Magazine] [The Hacker News] [SC Media]

AI is a Major Threat and Many Financial Organisations Are Not Doing Enough

Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.

Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.

Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]

[Biometric Update]

6 out of 10 Businesses Struggle to Manage Cyber Risk

A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.

Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.

Sources: [PR Newswire] [Beta News]

'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs

Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.

Source: [Security Brief] [Tripwire]

Penetration Testing Infrequency Leaves Security Gaps

Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.

The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.

Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.

Source: [MSSP Alert]

Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance

A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.

Source: [The Register]

The Psychological Impact of Phishing Attacks on Your Employees

Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.

Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.

Source: [Beta News]

Where Hackers Find Your Weak Spots

A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.

Source: [Dark Reading]

The Role of Threat Intelligence in Financial Data Protection

The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.

Source: [Security Boulevard]

Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say

According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.

Source: [TechRadar] [Security Magazine]

Governance, Risk and Compliance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• Six out of 10 businesses struggle to manage cyber risk (betanews.com)

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress

• Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)

• Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar

• Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur

• Bank banned from opening new accounts over IT risks • The Register

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com

• 73% of SME security pros missed or ignored critical alerts - Help Net Security

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• 4 steps CISOs can take to raise trust in their business | TechTarget

• NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)

• Uncertainty is the most common driver of noncompliance - Help Net Security

• More and more businesses now have CISOs - but they're increasingly taking the blame for attacks | TechRadar

• Cyber metrics journey | Professional Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine

• Risks to ransomware attack payment | Professional Security

• Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)

• 'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)

• Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget

• Behavioural patterns of ransomware groups are changing - Help Net Security

• Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)

• Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)

• Hackers use developing countries as testing ground for new ransomware attacks (ft.com)

• Ransomware Still On Rise Despite Better Defences, Firm Says - Law360

• Hackers are using developing countries for ransomware practice | Ars Technica

• Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! - Help Net Security

• CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra

• Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)

• Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

• DragonForce Ransomware Group Uses LockBit’s Leaked Builder - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities  | CISA

• Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)

• Preventing Ransomware Attacks at Scale (hbr.org)

Ransomware Victims

• Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)

• UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert

• UnitedHealth admits breach could affect large chunk of US • The Register

• Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)

• UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert

• Will the Change Healthcare case finally make providers do a business impact analysis? | SC Media (scmagazine.com)

• UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)

• Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week

• Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)

• Authentication failure blamed for Change Healthcare ransomware attack | CSO Online

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Carpetright unable to trade after cyber attack - Retail Gazette

• Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)

Phishing & Email Based Attacks

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• The psychological impact of phishing attacks on your employees (betanews.com)

• Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike (thehackernews.com)

• LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)

BEC

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

Other Social Engineering

• LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Artificial Intelligence

• AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra

• AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)

• Security Leaders Braced for Daily AI-Driven Attacks by Year-End - Infosecurity Magazine (infosecurity-magazine.com)

• CSOs say AI is 'biggest cyber threat' to organisations | TechRadar

• Man arrested for 'framing colleague' with AI-generated voice • The Register

• Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)

• People doubt their own ability to spot AI-generated deepfakes - Help Net Security

• A National Security Insider Does the Math on the Dangers of AI | WIRED

• 40% of organisations have AI policies for critical infrastructure | Security Magazine

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• 25 cyber security AI stats you should know - Help Net Security

• Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard

• The Dark Side of Deepfakes: How Malicious Actors Use Synthetic Media to Manipulate and Deceive | Metaverse Post (mpost.io)

• 6 security items that should be in every AI acceptable use policy | CSO Online

• 'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence

• The use of AI in war games could change military strategy (theconversation.com)

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

Malware

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)

• Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Antivirus updates hijacked to drop dangerous malware | TechRadar

• Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica

• Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)

• Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Mobile

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• iPhone password reset attacks are real – how to protect yourself | Mashable

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)

• Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users (thehackernews.com)

• Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET

• A Briefing on SIM Hijacking | Intel471

Data Breaches/Leaks

• 5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)

• Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News

• AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)

• AT&T faces class action lawsuit over massive data breach exposing 70 million customers’ personal information (click2houston.com)

• App bug exposes 1M neighbourhood watchers to data harvesters • The Register

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)

Insider Risk and Insider Threats

• Most people still rely on memory or pen and paper for password management - Help Net Security

• The rise of the outsmarted insider (betanews.com)

• CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch

Insurance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget

• Munich Re on the impact of cyber rate changes | Insurance Business America (insurancebusinessmag.com)

Supply Chain and Third Parties

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

Cloud/SaaS

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

Identity and Access Management

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• Identity-based security threats are growing rapidly: report | CSO Online

Encryption

• Europol asks tech firms, governments to get rid of E2EE • The Register

• How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)

• Australian authorities call for Big Tech help with decryption • The Register

Linux and Open Source

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Passwords, Credential Stuffing & Brute Force Attacks

• Most people still rely on memory or pen and paper for password management - Help Net Security

• Apple @ Work: Over 52% of workers try to memorize and reuse the same password across multiple apps at work - 9to5Mac

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)

Social Media

• Dutch govt body: Don't use Facebook if unsure about privacy • The Register

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Malvertising

• Windows 11 now comes with its own adware (engadget.com)

Training, Education and Awareness

• 10 colleges and universities shaping the future of cyber security education - Help Net Security

Regulations, Fines and Legislation

• What is the EU Cyber Solidarity Act? | UpGuard

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra

• Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)

• Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)

• A view from Brussels: To be sovereign, or not to be (iapp.org)

• Cyber Security | UK Regulatory Outlook April 2024 - Lexology

• Net neutrality has been restored in the US - Help Net Security

Models, Frameworks and Standards

• Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard

Data Protection

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• A view from Brussels: To be sovereign, or not to be (iapp.org)

Careers, Working in Cyber and Information Security

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• Pluralsight Study Finds the Biggest Technical Skills Gaps are in Cyber Security, Cloud, and Software Development (prnewswire.com)

• Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard

• Addressing the cyber skills shortage: 5 key steps to take | CSO Online

• Five Essential Steps To Land Your First Cyber Security Job (forbes.com)

• Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru

Law Enforcement Action and Take Downs

• Exploring Law Enforcement Hacking as a Tool Against Transnational Cyber Crime - Carnegie Endowment for International Peace

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan | Trend Micro (US)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

• Man arrested for 'framing colleague' with AI-generated voice • The Register

Misinformation, Disinformation and Propaganda

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)

China

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)

• FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)

• Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters

• New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ads on .gov.uk websites raise eyebrows over privacy • The Register

• China's Vision for Global Security: Implications for Southeast Asia | United States Institute of Peace (usip.org)

Russia

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• Who Are APT29? - Security Boulevard

• Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)

• Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)

• Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)

• Rare Computer Virus Detected in Ukrainian Network, Confidential Document Potentially Compromised (kyivpost.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)

• Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)

Iran

• $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defence Contractors - Security Week

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop

• The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)

North Korea

• Over 10 Defence Industry Firms Targeted in Concentrated Cyber Attacks by N. Korean Hackers l KBS WORLD

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)

• North Korean Hackers Target Dozens of Defence Companies - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

Vulnerability Management

• Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert

• Automated patch management: 9 best practices for success | TechTarget

• Vulnerability Exploitation on the Rise as Attacker Ditch Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Vulnerabilities

• 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)

• Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)

• Nation-state actors exploited two zero-days in Cisco ASA and FTD firewalls to breach government networks - Security Affairs

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• 'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Google Patches Critical Chrome Vulnerability - Security Week

• Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)

• PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)

• Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)

• Dependency Confusion Vulnerability Found in Apache Project - Infosecurity Magazine (infosecurity-magazine.com)

• Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)

• Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)

• GitHub vulnerability leaks sensitive security reports | TechTarget

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)

Tools and Controls

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert

• The Role of Threat Intelligence in Financial Data Protection - Security Boulevard

• Automated patch management: 9 best practices for success | TechTarget

• Rethinking How You Work with Detection and Response Metrics (darkreading.com)

• Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard

• Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

• Explore CASB use cases before you decide to buy | TechTarget

• SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek

• Identity-based security threats are growing rapidly: report | CSO Online

• Microsoft criticized for charging for security add-ons • The Register

• 5 insights from new Microsoft CNAPP guide | Microsoft Security Blog

• The Peril of Badly Secured Network Edge Devices (inforisktoday.com)

• VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)

• The first steps of establishing your cloud security strategy - Help Net Security

• 40% of organizations have AI policies for critical infrastructure | Security Magazine

• Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Reports Published in the Last Week

• M-Trends 2024 | Google Cloud

• Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)

• Coalition's 2024 Cyber Claims Report (coalitioninc.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• 2024 Cisco Cyber Security Readiness Index

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Cyber Security in the UK - House of Commons Library (parliament.uk)

Other News

• These sectors are top targets for cyber crime, and other cyber security news to know this month | World Economic Forum (weforum.org)

• Online Banking Security Still Not Up to Par, Says Which? - Infosecurity Magazine (infosecurity-magazine.com)

• Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)

• Where Hackers Find Your Weak Spots (darkreading.com)

• Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)

• Microsoft is reportedly making security improvements its current top priority at the company - Neowin

• UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)

• Internet cable at Cali airport cut in apparent sabotage • The Register

• DOD establishes Office of the Assistant Secretary of Defence for Cyber Policy (securityintelligence.com)

• EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)

• US: The European Union and the United States hold the 9th Cyber Dialogue in Brussels | EEAS (europa.eu)

• Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)

• Microsoft needs to win back trust - The Verge

• AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga

• Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Why Cyber Security Is Key To Solving Global Crises (forbes.com)

• Cyber Security is Relentless! | Gray Reed - JDSupra

• Colleges spending more than ever on cyber security efforts (insidehighered.com)

• Foreign states targeting UK universities, MI5 warns - BBC News

• Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)

• Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

94% of Ransomware Victims Have Their Backups Targeted by Attackers

Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.

Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.

Source: [Tech Republic]

Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability

The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.

The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.

The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.

Sources: [The Banker] [IMF]

Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist

A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.

Source: [TechCrunch]

Your Annual Cyber Security Is Not Working, But There is a Solution

Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.

To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.

Source: [TechRadar]

73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert

A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.

Source: [Business Wire]

Russia and Ukraine Top Inaugural World Cyber Crime Index

The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.

Top ten Countries in full:

1.       Russia

2.       Ukraine

3.       China

4.       United States

5.       Nigeria

6.       Romania

7.       North Korea

8.       United Kingdom

9.       Brazil

10.   India

Source: [Infosecurity Magazine]

Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?

The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.

Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.

Sources: [ITPro] [The Guardian]

Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat

Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.

The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.

Sources: [Claims Journal] [Inc.com]

The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).

Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.

Source: [Infosecurity Magazine] [TechRadar]

Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts

Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.

Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.

Sources: [Ars Technica] [Data Breach Today]

Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss

93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.

Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.

Sources: [Infosecurity Magazine] [Help Net Security]

Charities Doing Worse than Private Sector in Staving off Cyber Attacks

Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.

Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.

Source: [TFN]

Governance, Risk and Compliance

• Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Security breaches are causing more damage than ever before | TechRadar

• 73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert | Business Wire

• Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)

• Where Are You on the Cyber Security Readiness Index? Cisco Thinks You’re Probably Overconfident | Network Computing

• Experts say shocking level of cyber security breaches revealed in new government report “are avoidable” | LawNews.co.uk

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• 51% of enterprises experienced a breach despite large security stacks - Help Net Security

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)

• Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• New LockBit Variant Exploits Self-Spreading Features - Infosecurity Magazine (infosecurity-magazine.com)

• Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate - Help Net Security

• FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)

• Infiltrating ransomware gangs on the dark web - CBS News

• What if we made ransomware payments illegal? | SC Media (scmagazine.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

• Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyber Attacks - IT Security Guru

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• A whole new generation of ransomware makers are attempting to shake up the market | TechRadar

• Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly

• Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)

Ransomware Victims

• Change Healthcare’s ransomware attack costs reach nearly $1B • The Register

• Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia  (securityaffairs.com)

• Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)

• Ransomware attack compromises UN agency data | SC Media (scmagazine.com)

• 840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)

• US think tank Heritage Foundation hit by cyber attack | TechCrunch

• Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Cyber Attack Takes Frontier Communications Offline (darkreading.com)

Phishing & Email Based Attacks

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Microsoft Most Impersonated Brand in Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)

Other Social Engineering

• Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)

Artificial Intelligence

• CISOs not changing priorities in response to AI threats (betanews.com)

• 92% of enterprises unprepared for AI security challenges - Help Net Security

• AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)

• Enterprise Endpoints Aren't Ready for AI (darkreading.com)

• Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

2FA/MFA

• Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

Malware

• LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)

• TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)

• A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack | TechRadar

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

• New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)

Mobile

• Government spyware is another reason to use an ad blocker | TechCrunch

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Enterprises face significant losses from mobile fraud - Help Net Security

• SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS attacks saw a huge surge in the first part of 2024, with one particular country badly hit | TechRadar

• 68% of Companies are More Vulnerable to DDoS Than They Think - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks are still growing and there are new threats on the horizon | ITPro

Internet of Things – IoT

• How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security

• CISA warns of critical vulnerability in Chirp smart locks • The Register

• New rules for security of connected products in the UK and EU - Lexology

Data Breaches/Leaks

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• Panama Papers: Money laundering trial of 27 defendants begins

• Over half a million Roku subscribers are the victims of the latest cyber security attack - PhoneArena

• Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)

• Wells Fargo Says It Has Suffered Data Breach, Blames Employee for Exposing Personal Information on Pair of Customers - The Daily Hodl

• 5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)

• Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)

Organised Crime & Criminal Actors

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

• Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)

• Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch

• Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)

Insider Risk and Insider Threats

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Underestimating the dangers within: mitigating the insider cyber threat | TechRadar

Insurance

• Cyber threats increase as insurance costs fall - report (emergingrisks.co.uk)

Cloud/SaaS

• Exposing the top cloud security threats - Help Net Security

• What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• The cloud is benefiting IT, but not business | InfoWorld

Identity and Access Management

• Identity in the Shadows: Shedding Light on Cyber Security's Unseen Threats (thehackernews.com)

Linux and Open Source

• Open source groups say more software projects may have been targeted for sabotage (yahoo.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Attackers are pummelling networks around the world with millions of login attempts | Ars Technica

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

• Threat actors look to stolen credentials | Computer Weekly

• Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)

• Bad Bots Drive 10% Annual Surge in Account Takeover Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)

Social Media

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• EU tells Meta it can't paywall privacy • The Register

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Malvertising

• Government spyware is another reason to use an ad blocker | TechCrunch

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Training, Education and Awareness

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Cyber security training: How to make it more motivating (hrexecutive.com)

Regulations, Fines and Legislation

• US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online

• New rules for security of connected products in the UK and EU - Lexology

• Congress votes to kick Uncle Sam’s data broker habit • The Register

• Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica

Models, Frameworks and Standards

• Rebalancing NIST: Why 'Recovery' Can't Stand Alone (darkreading.com)

Backup and Recovery

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

Data Protection

• 5 Common Data Protection Challenges That Businesses Face (techtarget.com)

Careers, Working in Cyber and Information Security

• IT and security professionals demand more workplace flexibility - Help Net Security

• National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)

• Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)

Law Enforcement Action and Take Downs

• UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost - Infosecurity Magazine (infosecurity-magazine.com)

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Preparing for Cyber Warfare: 6 Key Lessons From Ukraine (darkreading.com)

• State-sponsored cyber attacks: The new frontier | ITPro

China

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Risks are higher than ever for US- China cyber war | Responsible Statecraft

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• Singapore infosec boss: splinternet hinders interoperability • The Register

• FBI says Chinese hackers preparing to attack US infrastructure | Reuters

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

Russia

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Microsoft breach allowed Russia to steal Feds' emails • The Register

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch

• Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes

• Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget

• Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register

• Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Singapore infosec boss: splinternet hinders interoperability • The Register

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

Iran

• Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)

• Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)

• Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)

• Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)

North Korea

• DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse (darkreading.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• “There are no borders in cyber space. We have to fight global terrorism together.” | Ctech (calcalistech.com)

• Furry Hackers Target Far-Right Outlet 'Real America's Voice' (dailydot.com)

• Government spyware is another reason to use an ad blocker | TechCrunch

Vulnerability Management

• Cyber Security Pros Urge US Congress to Help NIST Restore NVD Operation - Infosecurity Magazine (infosecurity-magazine.com)

• How to conduct security patch validation and verification | TechTarget

• Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack

• The importance of the Vulnerability Operations Centre for cyber security | TechRadar

Vulnerabilities

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• “Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica

• Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)

• PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)

• Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA

• Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)

• Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)

• Juniper Networks Publishes Dozens of New Security Advisories - Security Week

• Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)

• Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)

• Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard

Tools and Controls

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• 6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Monitoring: What's the Value? (bleepingcomputer.com)

• 5 Steps Toward Military-Grade API Security - The New Stack

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• Cyber security training: How to make it more motivating (hrexecutive.com)

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• AI set to enhance cyber security roles, not replace them - Help Net Security

• Why You Still Shouldn't Trust Zero Trust (forbes.com)

• Stateful vs. stateless firewalls: Understanding the differences | TechTarget

Reports Published in the Last Week

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

Other News

• Why home cyber security is important (xda-developers.com)

• Microsoft remains in the US government's good graces despite its high susceptibility to attacks | Windows Central

• Charities doing worse than private sector in staving off cyber attacks - TFN

• Private companies operating critical infrastructure are not taking cyber security threats seriously enough. | USAPP (lse.ac.uk)

• The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)

• Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg

• The invisible seafaring industry that keeps the internet afloat (theverge.com)

• Do we have a plan on how to deal with subsea cables sabotage? | Euronews

• Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week

• Trust in Cyber Takes a Knock as CNI Budgets Flatline - Infosecurity Magazine (infosecurity-magazine.com)

• University chiefs to get security service Cobra briefing on hostile states | The Argus

• SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week

• Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Risk-based spending: An Imperative for Cyber Security That Demands Board Attention

Staying ahead of the latest cyber security developments is essential to keeping your organisation safe. But with the rise of artificial intelligence and attackers dreaming up new techniques every day, a lot of organisations are left to question how they can create proactive, agile cyber security strategies and what approach gives the best return on investment, mitigating risks and maximising the value of their cyber security investments.

Unfortunately, most organisations do not have an unlimited budget, and for small and medium-sized businesses, there is even less to work with. What is needed is a risk-based approach, where organisations identify and prioritise their greatest vulnerabilities, correlating these to business impact; this is then used to form the cyber risk strategy for the organisation.

Sources: [Security Week] [The Hacker News] [Risk.net]

If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks

Recent research from Proofpoint has found that 69% of organisations experienced a successful ransomware incident in the past year, a rise of 5% compared to the previous year. The report found that 60% reported four or more separate ransomware incidents and of the total involved, 54% admitted to paying a ransom. In a separate report, it was found that 78% of organisations suffering a ransomware attack suffered repeat attacks even after they paid.

Sources: [databreaches.net] [Infosecurity Magazine] [Infosecurity Magazine] [Claims Journal]

Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business

Cyber resilience unites cyber security with business continuity and organisational durability, with proper implementation allowing the continuation of routine operations during adverse cyber incidents. Cyber hygiene, on the other hand, refers to having strong cyber security processes and procedures, to help the organisation mitigate the chance of an incident. The combination of both of these allows an organisation to reduce their likelihood of suffering a cyber incident, whilst improving their likelihood of continuing operations in the event of such an incident.

Sources: [Information Week] [Security Boulevard]

Why Governance, Risk and Compliance Must be Integrated with Cyber Security

With pressure from regulators, the evolving threat landscape and requirements for stronger oversight, governance, risk and compliance (GRC) has even more of an argument for alignment with cyber security. After all, cyber security is still security. Incorporating cyber security into the GRC programme of an organisation allows for cyber to become a business enabler.

Source: [CSO Online]

More and More UK Firms Concerned About Insider Threats

A report has found that 54% of UK business decision makers are concerned about the likelihood of their employees disclosing sensitive information or providing network access to fraudsters. In a separate report, 35% of respondents cited overworked and distracted staff making mistakes as a reason why they thought their business experienced insider risk. Certainly, insider risk does not just involve malicious employees; it can also include negligence and in some cases, employees may not be trained enough to identify the risk they are placing on the organisation such as not knowing or following an organisation’s call back procedure. It is important for organisations to consider whether their current training addresses this and whether the programme is doing enough to ensure that insider risk is mitigated.

Source: [Infosecurity Magazine]

98% of Businesses Linked to Breached Third Parties

A new report has found that 98% of organisations are associated with a third party that has experienced a breach, and these breaches often take months or more to be discovered. 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services. Third party security is an important part of an organisation’s cyber security and to manage it correctly, organisations need to implement a third party risk management programme.

Source: [Help Net Security]

Phishing, Smishing and Vishing Skyrocket 1,265%

According to a report, since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%. Despite different techniques, these attacks all have one focus, and that’s on the user. Organisations looking to protect themselves should consider a blend of mitigations, including advanced email filtering, enabling multi-factor authentication and arguably the most important, effective user education and awareness training. This training should go beyond ticking boxes, by instead teaching employees how to both recognise and report phishing attempts.

A separate report analysed over 1 billion emails. Some of the key findings included that the majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are on the rise. When it came to spoofs, Microsoft was the most spoofed entity and financial services were amongst those most targeted sectors.

Source: [Bleeping Computer] [Help Net Security] [Security Affairs]

Business Email Compromise Attacks Are Evolving, But What Can Be Done About It

Business Email Compromise (BEC) attacks remain a dominant danger, with a staggering $51 billion lost over the last decade. A recent report underscores the prevalence of email as the primary battlefield, far outstripping other cyber attack methods. The low-cost, high-reach nature of email makes it an attractive starting point for cyber criminals. As organisations embrace cloud-based infrastructures, these attacks have morphed, presenting new challenges. Attackers have progressed from direct phishing attempts, to compromising business partners, vendors and other third parties. In this arms race, artificial intelligence (AI) assumes a pivotal role as an essential ally, efficiently discerning between benign and malicious content. This development signifies a significant milestone in the realm of email security resilience.

Source: [ITPro]

Vulnerabilities Count Set to Rise by 25% in 2024

The cyber threat landscape is rapidly evolving, with an anticipated 25% increase in published systems vulnerabilities for 2024. This surge, reaching approximately 2,900 vulnerabilities per month, underscores the critical need for robust vulnerability management strategies. Vulnerabilities serve as prime entry points for ransomware actors, heightening the urgency for organisations to fortify their defences. However, the sheer volume of vulnerabilities poses a daunting challenge for security and IT teams already thinly stretched. Timely risk-scoring remains a significant issue, leaving defenders vulnerable to exploits with threat actors often gaining a head start. Honeypot data reveals a concerning uptick in scans targeting remote desktop protocol (RDP), with businesses running end-of-life (EOL) software at heightened risk. In this dynamic cyber security climate, proactive risk management and expert intervention, such as Managed Detection and Response (MDR), are imperative to safeguarding against emerging threats.

Source: [Help Net Security]

BYOD Increases Mobile Phishing; Risks Have Never Been Higher

The risk of cyber attacks looms large, with stolen employee login credentials serving as a prime target for malicious actors. Mobile phishing has emerged as a significant threat, with data revealing a surge in encounter rates, especially in hybrid work environments and amid Bring Your Own Device (BYOD) policies. Personal devices, once considered outside the realm of corporate security, now pose substantial risks, as attackers exploit social engineering schemes to breach organisational networks. The financial implications of a successful phishing attack are staggering, with estimates suggesting potential losses of up to $4 million for organisations. As phishing encounter rates continue to rise, it's imperative for businesses to bolster their security strategies, ensuring comprehensive protection against mobile phishing threats across all employee devices. To navigate this evolving landscape and safeguard sensitive data, organisations must stay vigilant and adopt proactive measures.

Source: [MSSP Alert]

What Companies Should Know About Rising Legal Threats

The cyber security landscape is witnessing a significant shift as legal actions increasingly target both corporations and individual security officers. Recent cases including lawsuits by Tesla against ex-employees for cyber security breaches and charges by regulatory bodies like the US FTC and SEC, underscore the mounting legal risks associated with cyber security breaches. Notably, private companies are not exempt from such liabilities, facing scrutiny from authorities, regulators, customers and other affected parties. This environment has prompted many cyber security leaders to reconsider their roles, with concerns raised about the future of the profession. Amidst escalating threats and enforcement actions, there's a pressing need for enhanced cyber security budgets, robust risk-based controls and proactive audits or other independent assurance.

Source: [Darkreading]

CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments

As organisations embrace the cloud, CIOs recognise that a one-size-fits-all approach may not be optimal. Many now favour a nuanced strategy, shifting workloads from public clouds to platforms offering productivity gains and cost savings; a trend known as ‘cloud exit.’ CIOs are rethinking cloud strategies, assessing each application’s suitability and fostering context-aware hosting decisions.

This comes as a recent advisory issued jointly by cyber security agencies from the UK, US, Australia, Canada, and New Zealand reveals that Russian cyber espionage units, including APT29 and Cozy Bear, are adapting tactics to target cloud environments used by both public and private organisations. These sophisticated attacks pose significant threats across industries. Implementing basic cloud security measures is crucial to regularly evaluate dormant accounts, limit system-issued token validity, and enforce stringent device policies. As cloud adoption rises, prioritise cyber security fundamentals for effective defence.

Sources: [CyberScoop] [CIO]

Governance, Risk and Compliance

• Why governance, risk, and compliance must be integrated with cyber security | CSO Online

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Why Cyber Resilience May Be More Important Than Cyber Security (informationweek.com)

• Beating the drum on cyber risk: the battle for boardroom attention - Risk.net

• What is cyber hygiene and why businesses should know about it - Security Boulevard

• Bridging the Gap: Connecting Cyber Security Spending to Business Results - Security Boulevard

• What Companies & CISOs Should Know About Rising Legal Threats (darkreading.com)

• Essential Guide To Security Metrics For Businesses (informationsecuritybuzz.com)

• Essential Guide To Information Security Compliance (informationsecuritybuzz.com)

• Mastering Risk Management: The Art Of Effective Strategy (informationsecuritybuzz.com)

• The CISO: 2024’s Most Important C-Suite Officer (forbes.com)

• UK Unveils Draft Cyber Security Governance Code - Infosecurity Magazine (infosecurity-magazine.com)

• How to Prioritize Cyber Security Spending: A Risk-Based Strategy for the Highest ROI (thehackernews.com)

• Cyber security 'blind spot' leaves businesses exposed - Accountancy Age

• MTTR: The Most Important Security Metric (darkreading.com)

• Building Your Cyber Incident Response Team - Security Boulevard

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• AWS on why CISOs should track 'the metric of no' | TechTarget

• 2024 will see more cyber threats emerge – here is what SMEs need to know | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• If you pay ransom, you may not get your data back and worse, you probably WILL get hit again – Cybereason Survey (databreaches.net)

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying - Infosecurity Magazine (infosecurity-magazine.com)

• 69% of Organisations Infected by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Stages of LockBit Grief: Anger, Denial, Faking Resurrection? (inforisktoday.com)

• What CISOs Need To Know About The Lockbit Takedown - Security Boulevard

• Ransomware crews lean into infostealers for initial access • The Register

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying (claimsjournal.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Do ransomware attackers keep their word? - TechCentral.ie

• What Are Ransomware Attacks and Can They Be Stopped? Explainer - Bloomberg

• Study: Ransom payment not a shield against future attacks | SC Media (scmagazine.com)

• FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (bleepingcomputer.com)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Is Now the Right Time for a Ransomware Payment Ban? (govtech.com)

• What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future

• 3 Ways Your Organisation Could Be Susceptible To Ransomware Attacks (forbes.com)

• What the war on terrorism teaches us about the war on ransomware | SC Media (scmagazine.com)

• Cyber criminals follow the money to hit manufacturing sector • The Register

• Why your legitimate software is not safe from ransomware attacks (networkingplus.co.uk)

Ransomware Victims

• Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust | WIRED

• LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - Security Week

• Rhysida ransomware wants $3.6 million for children’s stolen data (bleepingcomputer.com)

• Stolen Donald Trump Court Files Will Be Published February 29, Hackers Say (forbes.com)

• Epic Games attacked by new ransomware group Mogilevich | SC Media (scmagazine.com)

• Hackers claim to have stolen 7GB of data from Irish Department of Foreign Affairs | Independent.ie

• Insomniac Games alerts employees hit by ransomware data breach (bleepingcomputer.com)

• German Steelmaker Thyssenkrupp Confirms Ransomware Attack - Security Week

• US pharmacy outage caused by Blackcat attack on Optum (securityaffairs.com)

• MGM Resorts Says Regulators Probing September Cyber Attack (claimsjournal.com)

Phishing & Email Based Attacks

• European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack - Help Net Security

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• SMBs are being targeted by this new phishing scam — make sure you don't fall victim | TechRadar

• Need to Know: Key Takeaways from the Latest Phishing Attacks (bleepingcomputer.com)

• Unmasking 2024's Email Security Landscape (securityaffairs.com)

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails | TechSpot

Other Social Engineering

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• The Silent Threat: Why Vishing is Causing Major Problems for Businesses - Security Boulevard

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• How to stay safe from cyber criminal "quishing" attacks | TechRadar

• Scammers Often Rely on This Psychological Trick | TIME

Artificial Intelligence

• Blackstone's Schwarzman sees peril in “not bright” criminals getting their hands on AI | Fortune

• AI threats: The importance of a concrete strategy in fighting novel attacks | ITPro

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• AI in cyber security presents a complex duality - Help Net Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Cyber experts raise AI fears security fears in Parliament | IT Reseller Magazine (itrportal.com)

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

• BEAST AI attack can break LLM guardrails in a minute • The Register

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

Malware

• Ransomware crews lean into infostealers for initial access • The Register

• BobTheSmuggler: Open-source tool for undetectable payload delivery - Help Net Security

• New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT (thehackernews.com)

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub (thehackernews.com)

• GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica

• Pikabot returns with new tricks up its sleeve - Help Net Security

• TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users (thehackernews.com)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Cloud-focused malware campaigns on the increase (betanews.com)

• Hackers are infecting Macs with malware using calendar invites and meeting links | Tom's Guide (tomsguide.com)

• New Backdoor Targeting European Officials Linked to Indian Diplomatic Events (thehackernews.com)

Mobile

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023 (darkreading.com)

• Meet 'XHelper,' the All-in-One Android App for Global Money Laundering (darkreading.com)

Denial of Service/DoS/DDOS

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• DDoS attacks against web apps and APIs surge (betanews.com)

Internet of Things – IoT

• Half of IT Leaders Identify IoT as Security Weak Point - Infosecurity Magazine (infosecurity-magazine.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

Data Breaches/Leaks

• U-Haul says 67K customers' data was stolen in cyber attack • The Register

• Pharma giant hit by major cyber attack — Cencora confirms data was stolen | TechRadar

Organised Crime & Criminal Actors

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• 8 Worrying Cyber Security Statistics You Need to Know in 2024 (tech.co)

• It’s only February and cyber crime is already running rampant (techinformed.com)

• Scottish Police Face Toil and Trouble From Cyber Crime (govinfosecurity.com)

• How active adversaries divide labour to more effectively target victims | SC Media (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SonicWall: Cryptojacking Attacks Spike 659% in 2023 | MSSP Alert

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

Insider Risk and Insider Threats

• US man accused of making $1.8m from listening in on wife’s remote work calls | Securities and Exchange Commission | The Guardian

• Are remote workers at greater risk of cyber security threats? | TechRadar

• Over Half of UK Firms Concerned About Insider Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding employees' motivations behind risky actions - Help Net Security

• The human element of cyber security: Why people are the ultimate defence. (thecyberwire.com)

Insurance

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• A Cyber Insurance Backstop - Schneier on Security

Supply Chain and Third Parties

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• 98% of businesses linked to breached third parties - Help Net Security

Cloud/SaaS

• Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

• CIOs rethink all-in cloud strategies | CIO

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

• Your Data Has Moved to the Cloud: Can Your Security Strategy Keep Up? | MSSP Alert

• Cloud-focused malware campaigns on the increase (betanews.com)

Identity and Access Management

• Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management (thehackernews.com)

• How organisations can navigate identity security risks in 2024 - Help Net Security

• Echoes of SolarWinds in New 'Silver SAML' Attack Technique (darkreading.com)

Linux and Open Source

• From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

Social Media

• Rights groups file GDPR suits on Meta's pay-or-consent model • The Register

• Meta Patches Facebook Account Takeover Vulnerability - Security Week

Malvertising

• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED

• Google faces $2.27 billion lawsuit over advertising practices (searchengineland.com)

Training, Education and Awareness

• Cyber awareness education is a change-management initiative | CSO Online

• Cyber Security Training Not Sticking? How to Fix Risky Password Habits (bleepingcomputer.com)

• 4 Ways Organisations Can Drive Demand for Software Security Training (darkreading.com)

• Creating a cyber security training curriculum for SMBs and MSPs | TechRadar

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

Regulations, Fines and Legislation

• 81% of security leaders predict SEC rules will impact their businesses | Security Magazine

• Orgs Face Major SEC Penalties for Failing to Disclose Breaches (darkreading.com)

• Getting Ahead of Cyber Security Materiality Mayhem - Security Boulevard

• NIST Publishes Final “Cyber Security Resource Guide” on Implementing the HIPAA Security Rule | Foley & Lardner LLP - JDSupra

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

Backup and Recovery

• MTTR: The Most Important Security Metric (darkreading.com)

Models, Frameworks and Standards

• NIST CSF 2.0 released, to help all organisations, not just those in critical infrastructure - Help Net Security

• NIST Adds “Govern” Function to Cybersecurity Framework | MSSP Alert

• Top 3 NIST Cyber Security Framework 2.0 takeaways | SC Media (scmagazine.com)

• Preparing for the NIS2 Directive - Help Net Security

Data Protection

• UK ICO issues warning on biometric employee tracking, guidance for businesses | Biometric Update

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Rights groups file GDPR suits on Meta's pay-or-consent model • The Register

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• A Perfect Cyber Storm is Leading to Burnout | Network Computing

• The Next Gen of Cyber Security Could Be Hiding in Big Tech (darkreading.com)

• Lost to the Highest Bidder: The Economics of Cyber Security Staffing - Security Boulevard

Law Enforcement Action and Take Downs

• Is the LockBit gang resuming its operation? (securityaffairs.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)

Misinformation, Disinformation and Propaganda

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• US leading global alliance to counter foreign government disinformation | Cyberwar | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 15 Countries with Cyber Warfare Capabilities (yahoo.com)

• Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

China

• Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica

• US Official Warns Of China’s Growing Offensive Cyber Power – Analysis – Eurasia Review

• When Hackers Are Hacked, A Chinese Spy Story - Worldcrunch

• Chinese Cyber Attacks:A 12-month Outlook (greydynamics.com)

• Chinese Cyber Espionage Set To Ramp Up This Year (forbes.com)

• The Drums of US-China Cyber War by Stephen S. Roach - Project Syndicate (project-syndicate.org)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

• Foreign Firms in China Flag Lack of Feedback on Data Security (bloomberglaw.com)

• Beijing Silent Over Russia's Reported War-Gaming of China Invasion

Russia

• Two Years On: How Ukraine's Cyber Warfront Is Redefining Global Cyber Security Strategies | HackerNoon

• Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica

• Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop

• Russia may have just carried out its first direct action against the West (yahoo.com)

• Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

• Ukraine signs security deals with Western allies to help counter Russian cyber attacks (therecord.media)

• Russia cyber spies behind SolarWinds breach adopting new tactics, warn Five Eyes agencies (therecord.media)

• Cyber Security Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)

• Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)

• Russia warns of "military-technical" response to Sweden's NATO membership (newsweek.com)

• Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)

• Russia and Belarus targeted by at least 14 nation-state hacker groups, researchers say (therecord.media)

• Beijing Silent Over Russia's Reported War-Gaming of China Invasion

• Russia subjected to deluge of nation-state, hacktivist cyber threats | SC Media (scmagazine.com)

• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED

Iran

• Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defence Sectors (thehackernews.com)

North Korea

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)

Vulnerability Management

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• CVE count set to rise by 25% in 2024 - Help Net Security

• Most Commercial Code Contains High-Risk Open Source Bugs - Infosecurity Magazine (infosecurity-magazine.com)

• The rising threat of zero-day attacks | Security Magazine

Vulnerabilities

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)

• Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)

• Cisco Patches High-Severity Vulnerabilities in Data Center OS - Security Week

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities (thehackernews.com)

• One of Apple's best iOS productivity tools had a pretty concerning security flaw, so patch now | TechRadar

• Critical Flaw in Popular 'Ultimate Member' WordPress Plugin - Security Week

• Meta Patches Facebook Account Takeover Vulnerability - Security Week

• MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs (darkreading.com)

• Citrix, Sophos software impacted by 2024 leap year bugs (bleepingcomputer.com)

• Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns | CyberScoop

• Zyxel fixed four bugs in firewalls and access points (securityaffairs.com)

Tools and Controls

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Cyber awareness education is a change-management initiative | CSO Online

• Why Cyber Security Must Include Protective DNS (hyas.com)

• Championing ethical hackers: a vital defence for the financial industry during turbulent times (finextra.com)

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• How Zero Trust Data Detection & Response is Changing the Game - Security Boulevard

• APIs become the leading attack vector, cyber security research shows (securitybrief.co.nz)

• Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management (thehackernews.com)

• How organisations can navigate identity security risks in 2024 - Help Net Security

• MTTR: The Most Important Security Metric (darkreading.com)

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• Artificial Arms Race: What Can Automation and AI do to Advance Red Teams - Security Week

• Savvy Seahorse gang uses DNS CNAME records to power investor scams (bleepingcomputer.com)

• Cloud Apps Make the Case for Pentesting-as-a-Service (darkreading.com)

Reports Published in the Last Week

• A Comparative Study on Cyber Risk: Business vs. Security Perspectives (inforisktoday.com)

• Cyber threat landscape report | Professional Security

• Email Security in 2024: An Expert Look at Email-Based Threats - VIPRE

Other News

• Cyber attacks on UK law firms on the rise - Spear's (spearswms.com)

• IntelBroker claimed the hack of the Los Angeles International Airport (securityaffairs.com)

• It's time to stop trusting your antivirus software | Digital Trends

• Three new advanced threat groups targeted industrial organisations last year | CSO Online

• What’s on the Radar for Aviation Industry Cyber Security? - Security Boulevard

• Business leaders warn of rising cyber security threat | The Herald (heraldscotland.com)

• Why Health Care Is Top Target for Cyber Criminals (govtech.com)

• RCMP investigating cyber attack as its website remains down (bleepingcomputer.com)

• Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.