Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment

According to the UK Parliament’s Joint Committee on the National Security Strategy (JCNSS), the UK is one of the most targeted countries in the world for cyber attacks, predominantly coming from Russian-linked threat actors. The report describes the UK as being at high risk from catastrophic ransomware attacks, and warns that the country could face significant challenges in managing future attacks.

Further, the report noted that the UK’s regulatory frameworks are insufficient and large amounts of national infrastructure are still vulnerable to ransomware because of their reliance on legacy IT systems.

Sources: [ITPro] [Emerging Risks Media Ltd]

Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions

Despite increased investments in third-party cyber security risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions, according to a new Gartner survey. This is reinforced by a separate survey, in which 97% of respondents reported having suffered negative impacts from a breach in a third party or supplier partner in the last year; a figure that has remained unchanged for the past three years.

The results show that despite the increase in attention and investments in third party risk management, organisations are not carrying these out in a way that is decreasing the risk.

Sources: [CIR Magazine] [Gartner]

Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies

Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. Its mobile app and website were down but they managed to restore some of its landline services on the same day of the attack. 24 million Kyivstar users have been urged to change all passwords following the attack.

So far, two Russia-aligned hacker groups have claimed responsibility for the hack: Killnet and Solntsepek. While Killnet have not provided any evidence of the attack, Solntsepek posted several screenshots of Kyivstar systems that it allegedly hacked, on its Telegram channel. The group said it “destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage, and backup systems”.

Further, Russia is expected to ramp up their cyber campaign efforts targeting Ukraine’s allies as part of the ongoing conflict in the region. Last winter saw an increase in attacks that is likely to be repeated this year. The use of wiper malware to target critical national infrastructure (CNI) outside of Ukraine), similar to the attack on Kyivstar above, is just one tactic that could be deployed to disrupt Western allies’ ability, and motivation, to continue military support to Ukraine.

Sources: [Record Media] [New Voice of Ukraine] [Hacker news] [Infosecurity Magazine] [Gov Info Security]

81% of Companies had Malware, Phishing and Password Attacks in 2023

According to Verizon, 81% of organisations faced malware, phishing and password attacks last year, and these attacks were mainly targeted at users. Further, it was found that 62% percent of companies suffered a security breach connected to remote working. Certainly, attacks are not limited to particular sectors or organisations. Everyone can be a target and it is important to keep that in mind when focusing on securing the organisation; yet despite cyber security affecting everyone, 91% of CEOs/CFOs put the responsibility for cyber security squarely with IT.

Source: [Security Magazine]

Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors

According to SentinelOne, mid-sized businesses are being targeted by cyber criminals who are displaying skills previously limited to expert government hackers. Cyber criminals are more organised than ever and have a better understanding of how businesses run; this, paired with technical acumen and AI, has created a difficult environment for medium-sized businesses who don’t possess the budget of a large organisation.

Sources: [Washington Times] [SiliconANGLE]

Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact

The US National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that the Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and allied countries. To raise awareness and help organisations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released a Cyber Security Advisory (CSA) on SVR’s exploiting of JetBrain’s TeamCity software, widely used by developers and software providers.

The advisory warns that APT29, the notorious Russian group behind the 2020 SolarWinds hack, are actively exploiting this vulnerability, joining state-sponsored actors from North Korea. The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes.

Sources: [NSA] [Dark Reading] [The Register]

Why Cyber Security Is a Competitive Advantage: Reaching Digital Success

In the tech-driven world, cyber security’s importance is paramount for protecting sensitive data and critical systems. Significant increases in vulnerabilities and breaches have led to stricter guidelines and regulations for most sectors; a trend we expect to see increasing with regulations becoming more and more stringent. Increased regulation can only be good for affected industries and sectors to drive increased security.

However, beyond regulatory compliance, cyber security is a critical competitive differentiator and should be seen as such, rather than simply as a tick box exercise to satisfy a regulator or viewed as an increase in regulatory burden. Data breaches can lead to severe financial setbacks and damage to a company's reputation and customer trust. The legal and financial consequences of non-compliance with cyber security regulations are significant.

Building a comprehensive cyber security strategy that includes risk assessments, incident response plans, and proactive measures is essential in this era of rapid vulnerability exploitation. Embracing cyber security is not just a choice but a necessity for success in the digital age.

Source: [Forbes]

Ransomware-as-a-Service: The Growing Threat You Can't Ignore

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cyber security. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This latest ransomware business model allows inexperienced hackers to use on-demand tools for attacks, reducing time and cost. They pay a fee, choose a target, and launch an attack with the provider’s tools. The effects of RaaS are starting to be noticed, as a recent survey showed the time from network breach to file encryption has dropped below 24 hours for the first time.

Source: [Hacker News]

66% of Employees Prioritise Daily Tasks Over Cyber Security

According to a recent survey, 66% of respondents stated that completing daily tasks is more crucial than cyber security, such as cyber security training. The tasks that were being prioritised over cyber security training include monthly targets, manager-assigned tasks and emails.

The survey highlights the need for improved cyber security training in organisations, with 64% of employees wanting time for this training during work hours, and 43% referring more engaging methods like videos and interactive sessions. The data suggests a shift from the annual training model, with 29% receiving quarterly training, 13% semi-quarterly, and 11% monthly. Addressing these needs is crucial for cyber security readiness.

Source: [Security Magazine]

Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days

Last week, a cyber attack on a small Irish water utility disrupted the water supply for two days, affecting 180 people. The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed devices or controllers that are either not protected at all or protected by a default password. This follows a warning from the US Government about the CyberAv3ngers group, an Iranian affiliated threat actor, which has been actively attacking water facilities in multiple US states.

Source: [Security Week]

Who Is Responsible for Cyber Security? You.

Cyber security is a concern that should resonate with every member of the C-suite and senior staff because when it fails, the entire business is impacted. Recent examples like the “bleach breach” at Clorox and the cyber attack on MGM Resorts illustrate the financial and reputational consequences of cyber security incidents, with losses estimated in the hundreds of millions of dollars. To effectively address this, C-suite executives and their teams must actively support cyber security initiatives led by CIOs and CISOs. The introduction of new government regulations, such as those from the US Securities and Exchange Commission (SEC), require organisations to swiftly report and manage cyber security incidents, impacting various departments beyond just the security team. To succeed in this environment, organisations must make cyber security information accessible across teams, allocate budgets for cyber security, and view cyber security as a catalyst for innovation and growth rather than a burden. For this to happen every single person within an organisation, from the very top to the very bottom, has a role to play in keeping the organisation secure and no one can think that security is someone else’s job.

Source: [Forbes]

Many Popular Websites Still Cling to Password Creation Policies From 1985

Website security, particularly password creation policies and login practices, requires immediate attention. A study of over 20,000 websites uncovers significant vulnerabilities with 75% of websites permitting passwords even shorter than 8 characters (which was the recommendation all the way back in 2012), and 12% even allow single-character passwords. Furthermore, 40% limit password length to being far shorter than current recommendations, and worse 72% permit dictionary words or known breached passwords.

The study also reveals that a third of websites do not support special characters in passwords. Remarkably, many websites continue to adhere to outdated password policies from 2004 or even 1985, and only 5.5% comply with stricter modern guidelines. This underscores the immediate need for standardising and strengthening password policies across the web, as well as enhancing education and outreach efforts to address these critical security weaknesses. Such passwords can influence people’s password choice, which can then enter the corporate environment. This can lead to their account having a higher risk of compromise, and in turn, risks to the data belonging to the organisation.

Source: [Help Net Security]

Governance, Risk and Compliance

• Who Is Responsible For Cyber Security? You. (forbes.com)

• How C-Level Executives Can Increase Cyber Resilience (forbes.com)

• Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)

• Ex-Uber CSO: Lessons Learned from the Breach and Legal Case (darkreading.com)

• The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online

• How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast

• 7 Must-Ask Questions for Leaders on Security Culture | MSSP Alert

• Why Cyber Security Is A Competitive Advantage: Reaching Digital Success (forbes.com)

• Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur

• Tech prediction #2: Businesses will turn to Cyber Security as a Service - Digital Journal

• Is Cyber Security as a Service (CSaaS) the Answer? (automation.com)

Threats

Ransomware, Extortion and Destructive Attacks

• UK ransomware attack could bring country to a "standstill" as scathing report calls for greater security investment | ITPro

• UK Downplays Ransomware Threat at Its Peril, Says Committee (inforisktoday.com)

• Ransomware Surge is Driving UK Inflation, Says Veeam - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Groups' Latest Tactic: Weaponized Marketing (inforisktoday.com)

• CNI 'vulnerable to ransomware' | Professional Security

• Ransomware-as-a-Service: The Growing Threat You Can't Ignore (thehackernews.com)

• Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)

• The end of ransomware payments: how businesses fit into the fight | ITPro

• Vulnerabilities Now Top Initial Access Route For Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• OpenText Cyber Security 2023 Global Ransomware Survey | MSSP Alert

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

• US reveals email addresses used to send ransomware demands • The Register

• Virtual Kidnapping: The Dark World of Cyber Extortion (govinfosecurity.com)

Ransomware Victims

• Kraft Heinz launches investigation after ransomware gang claims to have stolen data - SiliconANGLE

• Norton Healthcare disclosed a data breach after ransomware attack (securityaffairs.com)

• US healthcare giant Norton says hackers stole millions of patients’ data during ransomware attack | TechCrunch

• Insomniac Reportedly Hacked, Blackmailed With Game Leaks And Doxing (thegamer.com)

• BAUER Group is operational again after cyber attack | Corporate - EQS News (eqs-news.com)

• Nissan dealerships in ANZ crippled by cyber attack - Drive

Phishing & Email Based Attacks

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• 39% of security leaders cite phishing as most feared cyber attack | Security Magazine

• Quishing is the new phishing: Why you need to think before you scan that QR code | ZDNET

• Cyber Criminals Exploit OAuth Apps for BEC, Phishing Attacks (petri.com)

• Google Forms Used in Call-Back Phishing Scam | Tripwire

• Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US reveals email addresses used to send ransomware demands • The Register

• Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)

Artificial Intelligence

• SMEs "losing" battle against AI-powered cyber attacks, say experts - Tech Monitor

• ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)

• AI in 2024: More business use, more fraud risks | Premium | Compliance Week

• Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week

• The White House's private fears over the rise of AI in the Middle East (telegraph.co.uk)

• Holiday Scams Propelled By Artificial Intelligence | Foodman CPAs & Advisors - JDSupra

• Responsibly Implementing AI, the Unstoppable Force (darkreading.com)

• How to stop Dropbox from sharing your personal files with OpenAI (cnbc.com)

• Israel's AI can produce 100 bombing targets a day in Gaza. Is this the future of war? (theconversation.com)

Malware

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques (thehackernews.com)

• Hacker Uses Infostealer Data to Gain Access to Brazil’s Police Portal | Info Stealers

• Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica

• Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans (thehackernews.com)

• Recruiters, beware of cyber crooks posing as job applicants! - Help Net Security

• How criminals disguise URLs | Kaspersky official blog

• Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)

• 29 malware families targeted 1800 banking apps in 61 countries | Security Magazine

• Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar

• Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)

• Surge in deceptive simplicity exploitation by cyber attackers (securitybrief.co.nz)

Mobile

• Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)

• Apple Testing New Stolen Device Protection Feature for iPhones - Security Week

• Hackers outsmart Apple to install keyloggers on iPhones - PhoneArena

• Android barcode scanner app exposes user passwords (securityaffairs.com)

• New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands (thehackernews.com)

• Six of the most popular Android password managers are leaking data | ZDNET

• SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users (thehackernews.com)

• '5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week

• WhatsApp, Slack, Teams, and other messaging platforms face constant security risks - Help Net Security

• 29 malware families targeted 1800 banking apps in 61 countries | Security Magazine

• Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• Websites down as Newsquest hit by cyber attack - Journalism News from HoldtheFrontPage

Internet of Things – IoT

• How Cyber Security Can Build Consumer Trust In Self-Driving Vehicles (forbes.com)

Data Breaches/Leaks

• Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches (darkreading.com)

• UK Ministry of Defence Fined For Afghan Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• DNA companies should receive severe penalties for losing our data | TechCrunch

• Why the 23andMe Data Breach Is Such a Disaster (gizmodo.com)

• US nuclear research lab data breach impacts 45,000 people (bleepingcomputer.com)

• Ubiquiti users claim to have access to other people’s devices (securityaffairs.com)

• 2.5m people's data lost in Norton hospital ransomware hit • The Register

• Dubai’s largest taxi app exposes 220K+ users (securityaffairs.com)

• Toyota Financial Services discloses data breach (securityaffairs.com)

• US Air Force Disciplines 15 as IG Finds That Security Failures Led to Massive Classified Documents Leak - Security Week

• DonorView exposes 1M records for unknown time frame • The Register

• Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)

Organised Crime & Criminal Actors

• Cyber criminals hit businesses with skills once limited to Chinese, Russian government hackers - Washington Times

• Cyber Crime Orgs Increasingly Use Human Trafficking to Staff Scam Mills (darkreading.com)

• Interpol strikes slavers who force people to scam you online • The Register

• Microsoft goes after a cyber criminal group that sold millions of fraudulent accounts online - Neowin

• Cyber criminals and nation states up their game in persistent global attacks - SiliconANGLE

• Dark web forums reveal next year’s cyber security threats - Digital Journal

• Trafficking for cyberfraud an increasingly globalized crime, Interpol says (nbcnews.com)

• Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)

• Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)

• New cyber crime market 'OLVX' gains popularity among hackers (bleepingcomputer.com)

• How cyber criminals are using Wyoming shell companies for global hacks | Reuters

• Exploitation of the internet and the mind: How cyber criminals operate | TechRadar

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto Startup Ledger Users’ Wallets Drained in Hack - Bloomberg

• Ledger says attacker conducted phishing attack on former employee - Blockworks

Insider Risk and Insider Threats

• 66% of employees prioritize daily tasks over cyber security | Security Magazine

• Privilege elevation exploits used in over 50% of insider attacks (bleepingcomputer.com)

• Prison for man who wiped bank's data after being fired for accessing porn in the office (bitdefender.com)

• Employees are weaponizing private emails with colleagues | Fortune

Insurance

• Making Cyber Insurance Available for Small Biz, Contractors (darkreading.com)

Supply Chain and Third Parties

• Gartner Survey Finds 45% of Organisations Experienced Third Party-Related Business Interruptions During the Past Two Years

• UK firms increasing their focus on supply chain cyber risk – report - CIR Magazine

• US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters

• Manchester Public Schools Lose $180K to Hacked Vendor (govtech.com)

• Software & Security: How to Move Supply Chain Security Up the Agenda (darkreading.com)

Cloud/SaaS

• Multi-Cloud vs. Hybrid Cloud: The Main Difference (techtarget.com)

• SAP's attempt to migrate security tools to cloud failed • The Register

• Cloud engineer wreaks havoc on bank's network after firing • The Register

Linux and Open Source

• Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• 81% of companies had malware, phishing and password attacks in 2023 | Security Magazine

• Almost 90 percent say they're prepared for password-based attacks -- but half still fall for them (betanews.com)

• Android barcode scanner app exposes user passwords (securityaffairs.com)

• Six of the most popular Android password managers are leaking data | ZDNET

• Many popular websites still cling to password creation policies from 1985 - Help Net Security

Social Media

• How a social engineering hack turned these Facebook pages into a dumping ground for spam (engadget.com)

Regulations, Fines and Legislation

• Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)

• ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)

• How European countries are implementing new cyber security framework – EURACTIV.com

• Cyber Solidarity Act moves ahead in EU Parliament with key committee vote – EURACTIV.com

• Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week

• FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure  - Security Week

• The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online

• SEC Cyber Security Breach Rule: What it Means for MSSPs | MSSP Alert

• Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction | TechCrunch

• Government plans to regulate to tackle datacentre threats | Computer Weekly

• eIDAS: EU’s internet reforms will undermine a decade of advances in online security - Help Net Security

Models, Frameworks and Standards

• MITRE Launches Critical Infrastructure Threat Model Framework - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• UK IT staff working nearly as much overtime as law enforcement | ITPro

• Getting Into Cyber Security: A Guide for IT Security Careers | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Law Enforcement Action and Take Downs

• Cloud engineer wreaks havoc on bank's network after firing • The Register

• Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)

• Microsoft goes after a cyber criminal group that sold millions of fraudulent accounts online - Neowin

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Another Cyber Attack on Critical Infrastructure and the Outlook on Cyberwarfare (informationweek.com)

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• International justice – France offers support to the International Criminal Court to step up cyber security (12 Dec. 2023) - Ministry for Europe and Foreign Affairs (diplomatie.gouv.fr)

• Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)

• Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register

Nation State Actors

• What CISOs Need to Know About Nation State Actors (informationweek.com)

China

• Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)

• China's Cyber Attacks Target US Infrastructure In Preparation For Potential Conflict: Report - Benzinga

• Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs (darkreading.com)

• China’s cyber intrusions have hit ports and utilities, officials say - The Washington Post

• CISA unveils Google Workspace guidelines informed by Chinese breach of Microsoft | CyberScoop

• Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet  - Security Week

• Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar

• China warns its geographic data breach puts industry at risk (techinformed.com)

Russia

• Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator (thehackernews.com)

• Ukraine’s Largest Phone Operator Hacked in “Act of War” - Infosecurity Magazine (infosecurity-magazine.com)

• 24 million Kyivstar users urged to change all passwords due to cyber attack / The New Voice of Ukraine (nv.ua)

• Hackers damaged some infrastructure of Ukraine’s Kyivstar telecom company (therecord.media)

• Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)

• Russia Set to Ramp Up Attacks on Ukraine’s Allies This Winter - Infosecurity Magazine (infosecurity-magazine.com)

• UK government takes steps to thwart Russia's FSB hackers (techmonitor.ai)

• Cyber criminals hit businesses with skills once limited to Chinese, Russian government hackers - Washington Times

• Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign (thehackernews.com)

• US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters

• Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare (darkreading.com)

• NCSC warning on Russian targeting | Professional Security

• Iranian Parliament Approves Information Security Deal With Russia | Iran International (iranintl.com)

• Ukrainian intelligence takes down Russia's tax system in major cyber warfare operation

• MI6 chief thanks Russian state television for its 'help' in encouraging Russians to spy for the UK | AP News

• Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)

• User activity showed greater increase in traffic on 3G network compared to 4G (LTE) network / The New Voice of Ukraine (nv.ua)

• Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)

• Russian banker of Hive ransomware network arrested in Paris (databreaches.net)

Iran

• Another Cyber Attack on Critical Infrastructure and the Outlook on Cyberwarfare (informationweek.com)

• Two-day water outage in remote Irish region caused by pro-Iran hackers (therecord.media)

• Iranian Parliament Approves Information Security Deal With Russia | Iran International (iranintl.com)

• Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)

North Korea

• Stronger action against North Korean cyber threats pushed by US, South Korea, Japan | SC Media (scmagazine.com)

• Lazarus sub-group targets South Korean defence firms | SC Media (scmagazine.com)

• Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)

• Lazarus Operation Blacksmith Attacking Organisations Worldwide (cybersecuritynews.com)

• Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA - Infosecurity Magazine (infosecurity-magazine.com)

• Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)

• Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register

• Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)

• Cyber Attack Disrupts TV Services Across UAE, AI Anchor Broadcasts Graphic Content from Gaza | Metaverse Post (mpost.io)

Vulnerability Management

• Vulnerabilities Now Top Initial Access Route For Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Over 30% of Log4J apps use a vulnerable version of the library (bleepingcomputer.com)

• One in four apps remain exposed to Log4Shell • The Register

Vulnerabilities

• Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical (thehackernews.com)

• New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) - Help Net Security

• Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)

• SAP Security Patch Day December 2023 | SAP Blogs

• Adobe Releases Security Updates for Multiple Products | CISA

• Chrome 120 Update Patches High-Severity Vulnerabilities - Security Week

• 50K WordPress sites exposed to RCE attacks by critical bug in backup plugin (bleepingcomputer.com)

• '5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week

• Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)

• Sophos backports RCE fix after attacks on unsupported firewalls (bleepingcomputer.com)

• One in four apps remain exposed to Log4Shell • The Register

• Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)

• This is how to protect your computers from LogoFAIL attacks | ZDNET

• Over 1,450 pfSense servers exposed to RCE attacks via bug chain (bleepingcomputer.com)

Tools and Controls

• Attacks abuse Microsoft DHCP to spoof DNS records • The Register

• Balancing AI advantages and risks in cyber security strategies - Help Net Security

• What is Cyber security threat intelligence sharing (att.com)

• The Cyber Security Conundrum: Best-Of-Breed Vs. Single Pane Of Glass (forbes.com)

• Discord adds Security Key support for all users to enhance security (bleepingcomputer.com)

• Modern Attack Surface Management (ASM) for SecOps (trendmicro.com)

• Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur

• Are business cyber security measures really fit for purpose? - Digital Journal

• New Microsoft Incident Response team guide shares best practices for security teams and leaders | Microsoft Security Blog

• Which cyber security controls are organisations struggling with? - Help Net Security

Other News

• UK must improve cyber risk management in face of catastrophic threats - Emerging Risks Media Ltd

• Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)

• Sellafield nuclear plant: I pray fears of a leak at the site are being taken seriously | The Independent

• Is macOS as secure as its users think? | Kaspersky official blog

• The 3 Most Prevalent Cyber Threats of the Holidays (darkreading.com)

• Over 3,800 Ministry of Defence passes lost or stolen (ukdefencejournal.org.uk)

• My home, my castle: Only 1 in 6 Brits are concerned about cyberthreats at home – PCR (pcr-online.biz)

• NCSC CEO Lindy Cameron to step down in 2024 | Computer Weekly

• Reflecting On The Evolution Of Cyber Security In 2023 (forbes.com)

• Unveiling the Cyber Threats to Healthcare: Beyond the Myths (thehackernews.com)

• This is how to protect your computers from LogoFAIL attacks | ZDNET

• Polish train maker denies claims it geofenced trains • The Register

• Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)

• Cyber criminals continue targeting open remote access products - Help Net Security

• Threat actors misuse OAuth applications to automate financially driven attacks | Microsoft Security Blog

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Now Ranks As UK’s Top Cyber Security Danger

Ransomware hackers are now the biggest cyber security threat in the UK for the majority of individuals and businesses in the region, Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC), said in a speech. “For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,” Cameron said in the speech at the second annual cyber security meeting at the Royal United Services Institute (RUSI), the oldest independent defense and security think tank worldwide.

https://www.pymnts.com/news/security-and-risk/2021/ransomware-now-ranks-as-uks-top-cybersecurity-danger/

54% of all employees reuse passwords across multiple work accounts

Results of a study into current attitudes and adaptability to at-home corporate cyber security, employee training, and support in the current global hybrid working era revealed some interesting results. The report surveyed 3,006 employees, business owners, and C-suite executives at large organisations (250+ employees), who have worked from home and use work issued devices in the UK, France and Germany.

According to the findings 54% of all employees use the same passwords across multiple work accounts. 22% of respondents still keep track of passwords by writing them down, including 41% of business owners and 32% of C-level executives.

42% of respondents admit to using work-issued devices for personal reasons daily while working from home. Of these, 29% are using work devices for banking and shopping, and 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with 23% of business owners and 15% of C-level respondents using them for illegal streaming/watching TV.

A year after the pandemic began and work-from-home policies were implemented, 37% of all employees across all sectors are yet to receive cyber security training to work from home, leaving businesses largely exposed to evolving risks. 43% of all employees suggest that cyber security isn’t the responsibility of the workforce, with 60% believing this should be handled by IT teams.

https://www.helpnetsecurity.com/2021/06/10/employees-reuse-passwords-across-multiple-work-accounts/

VPN Attacks Up Nearly 2000% As Companies Embrace A Hybrid Workplace

In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware. “2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organisations, which is what we started to see in Q1 and are continuing to see today.”

https://www.helpnetsecurity.com/2021/06/15/vpn-attacks-up/

Most Firms Face Second Ransomware Attack After Paying Off First

Most businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack. And almost half of those that pay up say some or all their data retrieved were corrupted. Some 80% of organisations that paid ransom demands experienced a second attack, of which 46% believed the subsequent ransomware to be caused by the same hackers. Amongst those that paid to regain access to their systems, 46% said at least some of their data was corrupted, according to a survey released Wednesday. The study polled 1,263 security professionals in seven markets worldwide, including 100 in Singapore, as well as respondents in Germany, France, the US, and UK.

https://www.zdnet.com/article/most-firms-face-second-ransomware-attack-after-paying-off-first/

Over 65,000 Ransomware Attacks Expected In 2021: Former Cisco CEO

U.S. companies are expected to endure over 65,000 ransomware attacks this year — and that's “a conservative number,” according to John Chambers, former CEO of Cisco Systems. With McDonald’s, JBS, and Colonial Pipeline Co. all recently coming under cyber attacks, Chambers does not foresee an end to the onslaught of cyber security threats anytime soon. He estimated that the number of ransomware attacks in 2021 could end up being as high as 100,000, with each one costing companies an average of $170,000. In the case of Colonial, just one password was needed for hackers to compromise the entire company’s IT infrastructure. This led to Colonial and JBS paying a combined $15 million in ransom against FBI advice.

https://finance.yahoo.com/news/over-65000-ransomware-attacks-expected-in-2021-former-cisco-ceo-125100793.html

Business Leaders Now Feel More Vulnerable To Cyber Attacks

Geographically speaking, 55% of US and 49% of UK respondents have experienced the most severe impact to their network security due to these attacks (suggesting that their businesses are more of a target than those in continental Europe) which, in turn, has resulted in a clear majority of respondents (60%) increasing their investment in this area. A sizeable 68% of leaders said their company has experienced a DDoS attack in the last 12 months with the UK (76%) and the US (73%) experiencing a significantly higher proportion compared to 59% of their German and 56% French counterparts. Additionally, over half of the leaders who participated in the survey confirmed that they specifically experienced a DDoS ransom or extortion attack in that time, with a large number of them (65%) targeted at UK companies, compared with the relatively low number in France (38%).

https://www.helpnetsecurity.com/2021/06/14/business-leaders-feel-vulnerable-cyber-attacks/

Ransomware Gang Turns To Revenge Porn

At least one ransomware gang has taken a rare and highly invasive step in order to convince its victims to pay: leaking nude images allegedly uncovered as part of their hack of a target company. The news presents an escalation in the world of ransomware and digital extortion, and comes as the U.S. government and other countries discuss new measures to curb the spike in ransomware incidents. Ransomware groups have recently targeted, and in some cases extracted payment from, the Colonial Pipeline Company, meat producer JBS, and the Irish healthcare system. Locking down computers with ransomware can already have a substantial impact on business operations; leaking information on top of that can present victims with another risk. But posting nude images publicly on the internet threatens to make extortion of organisations a much more personal matter.

https://www.vice.com/en/article/z3xzby/ransomware-gang-revenge-porn-leaks-nude-images

Bank Of America Spends Over $1 Billion Per Year On Cyber Security

Bank of America CEO Brian Moynihan said Monday that the company has ramped its cyber security spending to over $1 billion a year. “I became CEO 11 and a half years ago, and we probably spent three to $400 million [per year] and we’re up over a billion now,” Moynihan said on CNBC’s “Squawk Box.” “The institutions around us, other institutions and my peers, spend like amounts, and our contracting parties spend like amounts,” he added. “In other words, we cause spending in third parties that provide services to us to protect us in the same way. So there’s a lot of money being spend on this, and I think one of the things our industry has done a great job of is work together.”

https://www.cnbc.com/2021/06/14/bank-of-america-spends-over-1-billion-per-year-on-cybersecurity.html

Bad Cyber Security Behaviours Plaguing The Remote Workforce

According to the report, younger employees are most likely to admit they cut cyber security corners, with 51% of 16-24 year olds and 46% of 25-34 year olds reporting they’ve used security workarounds. In addition, 39% say the cyber security behaviours they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.

https://www.helpnetsecurity.com/2021/06/16/cybersecurity-behaviors/

Threats

Ransomware

• Why Backups Are Not The Panacea For Recovery From A Ransomware Attack

• Microsoft Systems Targeted By 'Black Kingdom' Ransomware

• Takeaways From The Colonial Pipeline Ransomware Attack

• Police Bust Major Ransomware Gang Cl0p

• Ryuk Ransomware Recovery Cost Us $8.1m And Counting, Says Baltimore School Authority

• Paradise Ransomware Source Code Released On A Hacking Forum

• Experts Shed Light On Distinctive Tactics Used By Hades Ransomware

• How Remote Work Opened The Floodgates To Ransomware

• The latest Revil Ransomware Victim? Sol Oriens. Oh, A US Nuclear Weapons Contractor

• Ransomware Attackers Are Leveraging Old SonicWall SRA Flaw

BEC

• Microsoft Takes Down Large‑Scale BEC Operation

• Behind The Scenes Of Business Email Compromise: Using Cross-Domain Threat Data To Disrupt A Large BEC Campaign

• Microsoft: Scammers Bypass Office 365 MFA In BEC Attacks

Phishing

• Threat Actors Use Google Docs To Host Phishing Attacks

Malware

• Malicious PDFs Flood the Web, Lead To Password-Snarfing

• Alarming Malware Discovery Reveals 1.2 TB Data Theft From Millions Of Windows PCs

Vulnerabilities

• Update Your Chrome Browser To Patch Yet Another 0-Day Exploited In-The-Wild

• Vulnerability In Microsoft Teams Granted Attackers Access To Emails, Messages, And Personal Files

• McAfee Finds Security Vulnerability In Peloton Products

• Critical Remote Code Execution Flaw In Thousands Of VMWare vCenter Servers Remains Unpatched

Data Breaches

• UK Listed Law Firm Gateley Admits Client Data Lost Through Cyber Attack

• Alibaba Suffers Billion-Item Data Leak Of Usernames And Mobile Numbers

• Maritime Firm HMM Suffers Security Breach And Cyber Attack On Its Email Systems

• Mensa Data Spillage Was Due to 'Unauthorised Internal Download'

• Volkswagen, Audi Disclose Data Breach Impacting Over 3.3 Million Customers, Interested Buyers

Organised Crime & Criminal Actors

• Police Grab Slilpp, Biggest Stolen-Logins Market

Cryptocurrency

• Criminals Are Mailing Altered Ledger Devices To Steal Crypto Currency

Supply Chain

• NoxPlayer Supply-Chain Attack Is Likely The Work Of Gelsemium Hackers

OT, ICS, IIoT and SCADA

• Utilities ‘Concerningly’ At Risk from Active Exploits

Nation State Actors

• Biden Says He Told Putin U.S. Will Hack Back Against Future Russian Cyber Attacks

• Little-Noticed Cyber Spying Campaign Blamed On China Was Much Wider Than Thought

Denial of Service

• 100% Increase In Daily DDoS Traffic In 2020 As Potential Grows For 10 TBPS Attack

Cloud

• Unsecured Servers And Cloud Services: How Remote Work Has Increased The Attack Surface That Hackers Can Target

• Complexity Is The Biggest Threat To Cloud Success And Security

Privacy

• Amazon To Let Customers Sue After Thousands Of Alexa Complaints

Other News

• Airline And Bank Websites Go Down In Another Major Internet Failure

• Corporate Attack Surfaces Growing Concurrently With A Dispersed Workforce

• This Secretive Firm Has Powerful New Hacking Tools

• Vigilante Malware Rats Out Software Pirates While Blocking The Pirate Bay

• Fallout Of EA Source Code Breach Could Be Severe, Cyber Security Experts Say

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.