Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 30 June 2023

Black Arrow Cyber Threat Briefing 30 June 2023:

-Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

-Employees Worry Less About Cyber Security Best Practices in the Summer

-Businesses are Ignoring Third-Party Security Risks

-Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

-Over 130 Organisations and Millions of Individuals Believed to Be Impacted by MOVEit Hack, it Keeps Growing

-Widespread BEC Attacks Threaten European Organisations

-Lloyd’s Syndicates Sued Over Cyber Insurance

-95% Fear Inadequate Cloud Security Detection and Response

-The Growing Use of Generative AI and the Security Risks They Pose

-The CISO’s Toolkit Must Include Political Capital Within The C-Suite

-Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

-SMBs Plagued by Exploits, Trojans and Backdoors

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.

The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.

https://cybernews.com/zurich-insurance-data-leak/

  • Employees Worry Less About Cyber Security Best Practices in the Summer

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.

In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.

https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/

  • Businesses are Ignoring Third-Party Security Risks

With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.

https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/

  • Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.

When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.

https://theconversation.com/fear-trumps-anger-when-it-comes-to-data-breaches-angry-customers-vent-but-fearful-customers-dont-come-back-203109

  • Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing

The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.

https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

https://arstechnica.com/security/2023/06/casualties-keep-growing-in-this-months-mass-exploitation-of-moveit-0-day/

  • Widespread BEC Attacks Threaten European Organisations

Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.

BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?

This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.

https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/

  • Lloyd’s Syndicates Sued Over Cyber Insurance

The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.

UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.

https://www.wsj.com/articles/university-of-california-sues-lloyds-syndicates-over-cyber-insurance-da4675f5

  • 95% Fear Inadequate Cloud Security Detection and Response

A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.

It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.

https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/

  • The Growing Use of Generative AI and the Security Risks They Pose

A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.

Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.

https://www.csoonline.com/article/643516/survey-reveals-mass-concern-over-generative-ai-security-risks.html

https://www.darkreading.com/operations/malwarebytes-chatgpt-survey-reveals-81-are-concerned-by-generative-ai-security-risks

https://www.darkreading.com/vulnerabilities-threats/generative-ai-projects-cybersecurity-risks-enterprises

  • The CISO’s Toolkit Must Include Political Capital Within The C-Suite

Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.

https://www.csoonline.com/article/643199/the-cisos-toolkit-must-include-political-capital-within-the-c-suite.html

  • Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.

This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.

https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah

https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html

  • SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics

Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.

This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.

The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.

https://www.msspalert.com/cybersecurity-research/cyberattackers-still-rely-on-decades-old-security-weaknesses-tactics-barracuda-reports/

https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Travel

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Misc/Other/Unknown


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 14 April 2023

Black Arrow Cyber Threat Briefing 14 April 2023:

-Almost Half of Former Employees Say Their Passwords Still Work

-Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

-Printers Pose Persistent Yet Overlooked Threat

-Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

-Over 90% of Organisations Find Threat Hunting a Challenge

-75% of Organisations Have Suffered a Cyber Security Breach

-Leak Shows Evolving Russian Cyber War Capabilities

-Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

-When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

-Insider Threat and Ransomware: A Growing Issue

-How LockBit Changed Cyber Security Forever

-Hybrid Work Environments Are Stressing CISOs

-Protect Your Data with a USB Condom

-Strategising Cyber Security: Why a Risk-based Approach is Key

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Almost Half of Former Employees Say Their Passwords Still Work

An alarming number of organisations are not properly offboarding employees when they leave, especially in regard to passwords. In a new survey of 1,000 workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.

According to the survey one in three respondents said they had been using the passwords for upwards of two years, which is a distressingly long time for organisations not to be aware of who is accessing those accounts and services.

When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. A concerning 10% of respondents said they were trying to disrupt company activities.

https://www.darkreading.com/edge-threat-monitor/almost-half-of-former-employees-say-their-passwords-still-work

  • Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

A recent cyber security report analysed over 60 million security exposures, or weaknesses that could give an attacker access to systems. The report found that only 2% enabled attackers access to critical assets, while 75% of exposures along attack paths lead to “dead ends”. Further, the report shows that average organisations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organisations and exploits accounting for over 70% of all identified security exposures.

The report found that most security alerts were benign and did not lead to critical assets. By applying efficient risk based patch management and reducing unnecessary access to critical assets, organisations can mitigate a significant amount of risk. This isn’t a simple task however, for an organisation to be able to employ efficient risk based patch management it must have a sufficient level of cyber maturity and internal vulnerability scanning accompanied by a dynamic threat intelligence component.

https://www.infosecurity-magazine.com/news/eliminating-2-exposures-protect-90/

  • Printers Pose Persistent Yet Overlooked Threat

A rash of printer-related vulnerabilities in 2023 have punctuated security expert warnings that printers continue to be a significant vulnerability within companies — especially as remote workers require printing resources or access to corporate printers. So far in 2023, Lexmark advised that a publicly available remote exploit had already targeted a code execution flaw in its printers, HP warned of a vulnerable firmware version on some of its enterprise printers, and Microsoft fixed three remote code execution vulnerabilities in its printer drivers.

Printers remain a likely soft spot in most companies’ attack surface area, particularly because they are not always part of a company’s asset management process and are often left out of security assessments and risk registers. Many organisations don’t know where their printers are, their security status, configuration, monitoring or logging activity. Research has shown that 67% of companies are worried about the risk home printers may pose and only 26% of information technology and cyber security professionals are confident in their organisation’s printing infrastructure security.

https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat

  • Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

Employees and cyber criminals cause similar numbers of data leakages. Kaspersky’s 2022 IT Security Economics survey found cyber-attacks caused 23% of data leakages, while employees caused a similar proportion, at 22%. The rise in employees causing leakages may be linked with more remote working since the pandemic, with new staff laptops, tablets, and virtual private networks (VPNs) featuring among the extra endpoints and systems needing security. Although innocent mistakes or ignoring cyber-security policy were behind most leakages, security managers reported 36% of employee-triggered leakages were deliberate acts of sabotage or espionage. The high number of cyber-incidents stemming from employee action shows all organisations need thorough cyber-security awareness training to teach all staff how to avoid common security mistakes.

https://www.independent.co.uk/news/business/business-reporter/employees-cyber-criminals-cyber-incidents-b2314225.html

  • Over 90% of Organisations Find Threat Hunting a Challenge

Executing essential cyber security operations tasks during the threat hunting process is an increasingly challenging proposition to the vast majority of organisations, with 93% of those polled for a Sophos report saying they find basic security operations a chore.

In the report, “The state of cybersecurity 2023: The business impact of adversaries on defenders”, Sophos said these findings were likely the result of the ongoing cyber security skills shortage, which is creating a domino effect in security operations: a lack of skilled personnel makes investigating alerts take longer, which reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.

Organisations that suffer the most are those with revenues of less than $10m (£8m), which are more likely to lack the necessary skillsets, followed by organisations with revenues of more than $5bn, where organisational and system complexity likely play a more prominent role.

https://www.computerweekly.com/news/365534612/Over-90-of-organisations-find-threat-hunting-a-challenge

  • 75% of Organisations Have Suffered a Cyber Security Breach

Most organisations need stronger security controls to stop cyber security breaches and cyber attacks, according to “The Data Dilemma: Cloud Adoption and Risk Report” from security service edge (SSE) company Skyhigh Security. Key takeaways from the report include:

  • 97% of organisations indicated they are experiencing private cloud problems.

  • 75% have experienced a cyber security breach, threat and/or theft of data.

  • 75% said shadow IT “impairs their ability to keep data secure.”

  • 60% allow employees to download sensitive data to their personal devices.

  • 52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.

  • 37% said they do not trust the public cloud to secure their sensitive data.

https://www.msspalert.com/cybersecurity-research/skyhigh-security-report-75-of-organizations-have-suffered-a-cybersecurity-breach/

  • Leak Shows Evolving Russian Cyber War Capabilities

The leak of thousands of pages of secret documentation related to the development of Moscow’s cyber and information operations capabilities paint a picture of a government obsessed with social control and committed to scaling their capacity for non-kinetic interference.

The leaked documents detail methods and training simulations intended to prepare an operator workforce for offensive operations against critical infrastructure targets. Tools revealed by these recent leaks suggest a desire and an ability to extensively map foreign vulnerabilities and make the job of Russia’s cyber conflict operators as accessible and scalable as possible.

This leak reinforces the significant concern regarding the threat posed by Russian cyber forces to firms across the globe.

https://www.csoonline.com/article/3692821/ntc-vulkan-leak-shows-evolving-russian-cyberwar-capabilities.html#tk.rss_news

  • Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

Belgian headquartered HR and payroll giant SD Worx has suffered a cyber attack causing them to shut down all IT systems for their UK and Ireland services. While the login portals for other European countries are working correctly, the company's UK customer portal was not accessible. As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for their client's employees.

According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.

https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/

  • When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

If that happens it might be time for your management to clear their desks. The prospect of financial penalties and reputational damage is very real. You need to know your obligations — for instance, reporting the breach to applicable authorities and regulators within strict timeframes — understand the breach, and prioritise. Then you communicate and remedy. If you haven’t planned well, it’s going to be tough.

You need to understand the data breach. Who is affected — is it staff or customer data? What exactly have the cyber criminals accessed? Consider the type of information: salary details and passport copies, or customer payment information.

If personal data has been lost or compromised, you will likely have an obligation under data protection regulations to report the breach to your applicable data protection authority within 72 hours, and if you are a regulated business there will likely be similar requirements to report to your regulator within a similar timeframe. Knowing your obligations — ideally before any hack takes place — will guide how well you respond.

https://www.thetimes.co.uk/article/who-should-i-inform-after-a-data-hack-dcrzvgp2x

  • Insider Threat and Ransomware: A Growing Issue

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cyber criminals. Cyber criminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage. Organisations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.

Even if you have good technical controls, the low-hanging fruit is capitalising on the human element and gaining entrance through a person within your organisation. Insider threats come in all shapes and sizes and roles, including employees, executives, former employees, board members, contractors, and service providers. Insider threats, by their very nature, pose a unique challenge for organisations.

https://informationsecuritybuzz.com/insider-threat-and-ransomware-a-growing-issue/

  • How LockBit Changed Cyber Security Forever

LockBit are one of the most prolific ransomware gangs globally, accounting for almost half of ransomware attacks in 2022. They not only maintain a high profile, but they’ve also turned ransom monetisation upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. LockBit made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million. This has since been expanded and now offers bounties for creative ways to enhance ransomware operations.

https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/

  • Hybrid Work Environments Are Stressing CISOs

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to a new report.

Among the report’s most critical findings is the revelation that browsing-based threats ranked as CISOs’ number one concern, regardless of whether their organisation was operating primarily in an in-office, hybrid, or remote setting.

And as for the risks posed by hybrid and remote workers specifically, insecure browsing also topped the list of CISOs’ concerns.

https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/

  • Protect Your Data with a USB Condom

USB isn't just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data. Equally, an employee plugging their personal phone into a corporate USB port may present a danger to the corporate network through the phone. A USB condom is a small dongle that adds a layer of protection between your device and the charging point you're attaching it to by blocking the data being transferred through the port. If you must use a charger, cable, or charging port that isn't under your control, it makes sense to use a USB condom.

https://www.zdnet.com/article/protect-your-data-with-a-usb-condom/

  • Strategising Cyber Security: Why a Risk-based Approach is Key

By 2027, cyber crime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cyber security is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organisations.

Modern and effective cyber security management entails more than managing technology risk; it encompasses managing business risk. Organisations must recognise cyber security as a strategic imperative integrated into their overall risk management framework — and this starts at the board level.  In some cases, board members may find it beneficial to seek help in assessing appropriate levels of control.

https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Shadow IT

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities



Reports Published in the Last Week



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 31 March 2023

Black Arrow Cyber Threat Briefing 31 March 2023:

-Phishing Emails Up a Whopping 569% in 2022

-The End User Password Mistakes Putting Your Organisation at Risk

-Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse

-71% of Employees Keep Work Passwords on Personal Devices

-Cyber Crime Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe

-Security Flaws Cost Fifth of Executive’s Businesses

-Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats

-Only 10% of Workers Remember All Their Cyber Security Training

-Silence Gets You Nowhere in a Data Breach

-Just 1% of Cloud Permissions are Actively Used

-Dangerous Misconceptions About Emerging Cyber Threats

-‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Phishing Emails Up a Whopping 569% in 2022

The volume of phishing emails sent in 2022 spiked by a jaw-dropping 569% according to a new report. Based on data from 35 million users, the report details the astronomical rise of email phishing as a tactic among threat actors in 2022. Key findings from the report include the number of credential phishing emails sent spiked by 478% and, for the eighth consecutive year, business email compromise (BEC) ranked as the top cyber crime.

https://www.darkreading.com/attacks-breaches/phishing-emails-up-whopping-569-percent-2022

  • The End User Password Mistakes Putting Your Organisation at Risk

Businesses rely on their end users, but those same users often don't follow the best security practices. Without the right password security policies, a single end user password mistake can be a costly breach of your organisation's defences. End users want to do their work quickly and efficiently, but sharing, reusing and weak passwords can put your organisation at risk so having the right policies in place is essential for security.

https://www.bleepingcomputer.com/news/security/the-end-user-password-mistakes-putting-your-organization-at-risk/

  • Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse

The risk score for the average company worsened in the past year as companies fail to adapt to data exfiltration techniques and adequately protect web applications. Companies' effective data-exfiltration risk increased to 44 out of 100 (with 100 indicating the riskiest posture) in 2022, from an average score of 30 in the previous year, indicating that the overall risk of data being compromised has increased. That's according to rankings by Cymulate, who crunched data on 1.7 million hours of offensive cyber security testing. The research noted that while many companies are improving the adoption of strict network and group policies, attackers are adapting to sidestep such protections. They also found that four of the top-10 CVEs (known vulnerabilities) identified in customer environments were more than two years old.

https://www.darkreading.com/cloud/millions-pen-tests-companies-security-posture-getting-worse

  • 71% of Employees Keep Work Passwords on Personal Devices

71% of employees store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work, according to a new mobile bring your own device (BYOD) security report this week, with the report also suggesting 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps. With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information. The use of personal devices and personal apps was the direct cause of many high-profile corporate breaches and this is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals as threat actors know there are fewer security controls on personal mobile devices than on corporate ones.

https://www.infosecurity-magazine.com/news/70-employees-keep-work-passwords/

  • Cyber Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe

More than a year into the war in Ukraine, hackers have extended the cyber battleground to Eastern and Northern Europe with the number of incidents in those geographies spiking noticeably. A new report shows that cyber warfare inside the conflict has “clearly moved on” from the beginnings of the war. Over the last 12 months, the research reports that the majority of incidents only affecting Ukraine in the first quarter of 2022 (50.4%) sank to 28.6% in the third period. But European Union countries have seen a spike in incidents related to the war in the past six months from 9.8% to 46.5%. Indeed, the number of attacks on EU countries in the third quarter of 2022 totalled just slightly less than those in the Ukraine. And, in the first quarter of this year, more than 80% of incidents occurred inside the European Union. Cyber is now a crucial weapon in the arsenal of new instruments of war, alongside disinformation, manipulation of public opinion, economic warfare, sabotage and guerrilla tactics. With the lateralisation of the conflict from Ukraine to the rest of Europe, Western Europe should be wary of possible attacks on critical infrastructure in the short term if the conflict continues to accelerate.

https://www.msspalert.com/cybersecurity-research/cybercrime-front-lines-in-russia-ukraine-war-move-to-eastern-and-northern-europe/

  • Security Flaws Cost Fifth of Executives New Business

Boards continue to under-appreciate the value of cyber security to the business, despite acknowledging its critical role in winning new business and talent, according to Trend Micro. The security giant polled 2,718 business decision makers globally to compile its Risky Rewards study and it found that half (51%) believe cyber security is a necessary cost but not a revenue contributor. 48% argue that its value is limited to threat prevention and two-fifths (38%) see security as a barrier rather than a business enabler. That’s despite a fifth (19%) acknowledging that poor security posture has already impacted their ability to win new business, and 57% thinking there is a strong connection between cyber and client acquisition.

 https://www.infosecurity-magazine.com/news/fifth-execs-security-flaws-cost/

  • Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats

Insider risk is emerging as one of the most challenging threats for organisations to detect, mitigate and manage, Code42 Software said in its annual Data Exposure Report for 2023. To compile data for the study they surveyed some 700 cyber security leaders, managers and practitioners and whilst more than 72% of companies indicated they have an insider risk management (IRM) program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%. 71% of respondees expect data loss from insider events to increase in the next 12 months. Insider incidents are costing organisations $16 million per incident on average, and chief information security officers (CISOs) say that insider risks are the most challenging type of threat to detect. Data loss from insiders is not a new problem but it has become more complex with workforce turnover and cloud adoption.

https://www.msspalert.com/cybersecurity-research/companies-struggle-to-build-and-run-effective-programs-to-protect-data-from-insider-threats/

  • Only 10% of Workers Remember All Their Cyber Security Training

New research has found that only 10% of workers remember all their cyber security training. Furthermore, only half of employees are undergoing regular training, and a quarter aren’t receiving any training at all. Organisations should look to carry out effective and regular training that is tailored to their employees to increase the chance of training content being retained, with a programme of ongoing continual reinforcement.

https://www.itsecurityguru.org/2023/03/30/only-10-of-workers-remember-all-their-cyber-security-training/

  • Silence Gets You Nowhere in a Data Breach

In cyber security, the phrase “what they don’t know won’t hurt them” is not only wrong, it’s dangerous. Despite this, it’s a motto that remains in many organisations’ PR playbooks, as demonstrated by the recent LastPass and Fortra data breaches. Smaller companies, too, are employing a silent-treatment approach to data breaches, and cyber attacks are now a fact of doing business with almost half of US organisations having suffered a cyber attack in 2022. Attackers are increasingly targeting smaller businesses due to the fact they are seen as easier targets than large companies.

 https://techcrunch.com/2023/03/29/silence-gets-you-nowhere-in-a-data-breach/

  • Just 1% of Cloud Permissions are Actively Used

According to Microsoft, a surge in workload identities, super admins and “over-permissioning” is driving the increase in cyber risk for organisations. Just 1% of users are using the permissions granted to them for day-to-day work. Worryingly, this leaves a significant number of unnecessary permissions which could be used by an attacker to elevate their privileges.

https://www.infosecurity-magazine.com/news/just-1-of-cloud-permissions-used/

  • Dangerous Misconceptions About Emerging Cyber Threats

Organisations are leaving common attack paths exposed in their quest to combat emergent threats, according to a new report that delves into the efficacy of different security controls, the most concerning threats as tested by organisations worldwide, and top cyber security best practices for 2023. One of the key findings of the report is that many organisations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats, and whilst this is good, it should not take away from assessing threats and exposures that are more likely actively targeting the business.

https://www.helpnetsecurity.com/2023/03/30/misconceptions-emerging-cyber-threats/  

  • ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns

Europol has warned that criminals are set to take advantage of artificial intelligence to commit fraud and other crimes. Europol highlighted that ChatGPT could be used to speed up criminal research, impersonate speech styles for phishing and write code. Furthermore, despite ChatGPT having safeguards, Europol note that these can be circumvented.

https://www.securityweek.com/grim-criminal-abuse-of-chatgpt-is-coming-europol-warns/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Shadow IT

Identity and Access Management

Encryption

API

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Backup and Recovery

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 24 March 2023

Black Arrow Cyber Threat Briefing 24 March 2023:

-Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

-Controlling Third-Party Data Risk Should Be a Top Cyber Security Priority

-IT Security Spending to Reach Nearly $300 Billion by 2026

-2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

-Board Cyber Shortage: Don’t Get Caught Swimming Naked

-Should Your Organisation Be Worried About Insider Threats?

-UK Ransomware Incident Volumes Surge 17% in 2022

-Financial Industry Hit by Rising Ransomware Attacks and BEC

-55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

-Security Researchers Spot $36m BEC Attack

-New Victims Come Forward After Mass Ransomware Attack

-Ransomware Gangs’ Harassment of Victims is Increasing

-Wartime Hacktivism is Spilling Over Into the Financial Services Industry

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.

https://www.msspalert.com/cybersecurity-research/majority-of-smbs-lack-dedicated-cyber-experts-incident-response-plan/

  • Controlling Third-Party Data Risk Should be a Top Cyber Security Priority

Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.

https://www.darkreading.com/attacks-breaches/controlling-third-party-data-risk-should-be-a-top-cybersecurity-priority-

  • IT Security Spending to Reach Nearly $300 Billion by 2026

Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.

https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/

  • 2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th  globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.

https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

  • Board Cyber Shortage: Don’t Get Caught Swimming Naked

The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors. 

https://www.forbes.com/sites/forbestechcouncil/2023/03/20/board-cyber-shortage-dont-get-caught-swimming-naked/?sh=6ea732895af8

  • Should your Organisation be Worried about Insider Threats?

Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.

https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/

  • UK Ransomware Incident Volumes Surge 17% in 2022

According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.

https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/

  • Financial Industry Hit by Rising Ransomware Attacks and BEC

According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.

https://www.bloomberg.com/news/articles/2023-03-21/banks-financial-industry-buffeted-by-rising-ransomware-attacks?

  • 55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.

https://www.csoonline.com/article/3691609/55-zero-day-flaws-exploited-last-year-show-the-importance-of-security-risk-management.html#tk.rss_news

  • Security Researchers Spot $36m BEC Attack

Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.

https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/

  • New Victims Come Forward After Mass Ransomware Attack

Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

  • Ransomware Gangs’ Harassment of Victims is Increasing

Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.

https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/

  • Wartime Hacktivism is Spilling Over into the Financial Services Industry

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.

https://www.scmagazine.com/analysis/risk-management/report-wartime-hacktivism-is-spilling-over-into-the-financial-services-industry


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Identity and Access Management

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 March 2023

Black Arrow Cyber Threat Briefing 17 March 2023:

-Almost Half of IT Leaders Consider Security as an Afterthought

-Over $10bn Lost To Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

-Over 721 Million Passwords Were Leaked in 2022

-How Much of a Cyber Security Risk are Suppliers?

-90% of £5m+ Businesses Hit by Cyber Attacks

-Rushed Cloud Migrations Result in Escalating Technical Debt

-17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

-Microsoft Warns of Large-Scale Use of Phishing Kits

-BEC Volumes Double on Phishing Surge

-The Risk of Pasting Confidential Company Data in ChatGPT

-Ransomware Attacks have Entered a New Phase

-MI5 Launches New Agency to Tackle State-Backed Attacks

-Why Cyber Awareness Training is an Ongoing Process

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Almost Half of IT Leaders Consider Security as an Afterthought

A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.

https://www.itsecurityguru.org/2023/03/14/almost-half-of-it-leaders-consider-security-as-an-afterthought-research-reveals

  • Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.

https://www.darkreading.com/application-security/pig-butchering-investment-scams-3b-cybercrime-threat-overtaking-bec

  • Over 721 Million Passwords were Leaked in 2022

A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.

https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/

  • How Much of a Cyber Security Risk are Suppliers?

When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.

https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2

  • 90% of £5m+ Businesses Hit by Cyber Attacks

A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.

https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/

  • Rushed Cloud Migrations Result in Escalating Technical Debt

A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.

https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/

  • Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.

https://www.securityweek.com/microsoft-17-european-nations-targeted-by-russia-in-2023-as-espionage-ramping-up/

  • Microsoft Warns of Large-Scale Use of Phishing Kits

Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.

https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html

  • BEC Volumes Double on Phishing Surge

The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.

https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/

  • The Risk of Pasting Confidential Company Data in ChatGPT

Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.

https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html

  • Ransomware Attacks have Entered a Heinous New Phase

With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.

https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

  • MI5 Launches New Agency to Tackle State-Backed Attacks

British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.

https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/

  • Why Cyber Awareness Training is an Ongoing Process

A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.

https://www.hornetsecurity.com/en/security-information/why-cyber-awareness-training-is-an-ongoing-process/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

AML/CFT/Sanctions

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More