Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 26 April 2024
Black Arrow Cyber Threat Intelligence Briefing 26 April 2024:
-Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox
-Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery
-Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy
-Ransomware Double-Dip - Re-Victimisation in Cyber Extortion
-AI is a Major Threat and Many Financial Organisations Are Not Doing Enough to Fight the Threat
-6 out of 10 Businesses Struggle to Manage Cyber Risk
-'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs
-Penetration Testing Infrequency Leaves Security Gaps
-Bank Prohibited from Opening New Accounts After Regulators Lose Patience With Poor Cyber Security Governance
-The Psychological Impact of Phishing Attacks on Your Employees
-Where Hackers Find Your Weak Spots
-The Role of Threat Intelligence in Financial Data Protection
-Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox
The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.
Sources: [IT Security Guru] [Emerging Risks]
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery
The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.
According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.
Sources: [The Hacker News] [Huntress] [SC Media]
Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy
Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.
Source: [Forbes]
Ransomware Double-Dip: Re-Victimisation in Cyber Extortion
A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.
Sources: [Security Magazine] [The Hacker News] [SC Media]
AI is a Major Threat and Many Financial Organisations Are Not Doing Enough
Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.
Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.
Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]
6 out of 10 Businesses Struggle to Manage Cyber Risk
A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.
Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.
Sources: [PR Newswire] [Beta News]
'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs
Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.
Source: [Security Brief] [Tripwire]
Penetration Testing Infrequency Leaves Security Gaps
Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.
The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.
Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.
Source: [MSSP Alert]
Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance
A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.
Source: [The Register]
The Psychological Impact of Phishing Attacks on Your Employees
Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.
Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.
Source: [Beta News]
Where Hackers Find Your Weak Spots
A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.
Source: [Dark Reading]
The Role of Threat Intelligence in Financial Data Protection
The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.
Source: [Security Boulevard]
Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say
According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.
Source: [TechRadar] [Security Magazine]
Governance, Risk and Compliance
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Six out of 10 businesses struggle to manage cyber risk (betanews.com)
Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)
It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress
Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)
Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News
Cyber staff priority as threats continue – report (emergingrisks.co.uk)
UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar
Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur
Bank banned from opening new accounts over IT risks • The Register
Battening down the hatches: Navigating third-party cyber threats | SC Media (scmagazine.com)
Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com
73% of SME security pros missed or ignored critical alerts - Help Net Security
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)
4 steps CISOs can take to raise trust in their business | TechTarget
NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)
Uncertainty is the most common driver of noncompliance - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine
Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)
'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)
Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget
Behavioural patterns of ransomware groups are changing - Help Net Security
Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)
Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)
Hackers use developing countries as testing ground for new ransomware attacks (ft.com)
Ransomware Still On Rise Despite Better Defences, Firm Says - Law360
Hackers are using developing countries for ransomware practice | Ars Technica
Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)
Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)
Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)
Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)
CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra
Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)
Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities | CISA
Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)
Ransomware Victims
Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)
UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert
UnitedHealth admits breach could affect large chunk of US • The Register
Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)
UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert
UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)
Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week
Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)
Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)
Authentication failure blamed for Change Healthcare ransomware attack | CSO Online
Ransomware feared as Octapharma Plasma closes 150+ centers • The Register
Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week
Carpetright unable to trade after cyber attack - Retail Gazette
Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)
Phishing & Email Based Attacks
The psychological impact of phishing attacks on your employees (betanews.com)
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)
BEC
Other Social Engineering
LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)
Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert
Artificial Intelligence
AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update
Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)
Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra
AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)
CSOs say AI is 'biggest cyber threat' to organisations | TechRadar
Man arrested for 'framing colleague' with AI-generated voice • The Register
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)
People doubt their own ability to spot AI-generated deepfakes - Help Net Security
A National Security Insider Does the Math on the Dangers of AI | WIRED
40% of organisations have AI policies for critical infrastructure | Security Magazine
GPT-4 can exploit real vulnerabilities by reading advisories • The Register
25 cyber security AI stats you should know - Help Net Security
Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard
6 security items that should be in every AI acceptable use policy | CSO Online
'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence
The use of AI in war games could change military strategy (theconversation.com)
2FA/MFA
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
What is multi-factor authentication (MFA), and why is it important? - Help Net Security
Malware
ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)
Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena
New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)
GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)
Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)
Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)
Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)
Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week
Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)
Antivirus updates hijacked to drop dangerous malware | TechRadar
Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica
Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)
Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Mobile
Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)
iPhone password reset attacks are real – how to protect yourself | Mashable
New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)
Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)
Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET
Data Breaches/Leaks
5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)
Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News
AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)
App bug exposes 1M neighbourhood watchers to data harvesters • The Register
Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)
Organised Crime & Criminal Actors
Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)
Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)
Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)
Insider Risk and Insider Threats
Most people still rely on memory or pen and paper for password management - Help Net Security
CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch
Insurance
Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)
Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)
Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget
Supply Chain and Third Parties
Battening down the hatches: Navigating third-party cyber threats | SC Media (scmagazine.com)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week
Cloud/SaaS
How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)
5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)
Identity and Access Management
How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)
Identity-based security threats are growing rapidly: report | CSO Online
Encryption
Europol asks tech firms, governments to get rid of E2EE • The Register
How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)
Australian authorities call for Big Tech help with decryption • The Register
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Most people still rely on memory or pen and paper for password management - Help Net Security
New Password Cracking Analysis Targets Bcrypt - Security Week
Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)
Social Media
Dutch govt body: Don't use Facebook if unsure about privacy • The Register
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard
NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra
Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)
Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)
A view from Brussels: To be sovereign, or not to be (iapp.org)
Cyber Security | UK Regulatory Outlook April 2024 - Lexology
Net neutrality has been restored in the US - Help Net Security
Models, Frameworks and Standards
Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)
Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard
Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard
Data Protection
Boost your data protection with insights from Dell's report - SiliconANGLE
A view from Brussels: To be sovereign, or not to be (iapp.org)
Careers, Working in Cyber and Information Security
Cyber staff priority as threats continue – report (emergingrisks.co.uk)
Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard
Addressing the cyber skills shortage: 5 key steps to take | CSO Online
Five Essential Steps To Land Your First Cyber Security Job (forbes.com)
Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru
Law Enforcement Action and Take Downs
Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)
To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)
Man arrested for 'framing colleague' with AI-generated voice • The Register
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)
China
ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)
Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)
UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)
FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)
Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters
New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)
Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times
MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security
Ads on .gov.uk websites raise eyebrows over privacy • The Register
Russia
Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)
Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro
Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)
Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)
Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)
Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)
Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)
Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security
Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop
Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)
MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security
Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)
Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)
Iran
Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop
Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register
Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop
The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)
North Korea
Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)
Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert
Automated patch management: 9 best practices for success | TechTarget
Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack
GPT-4 can exploit real vulnerabilities by reading advisories • The Register
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Vulnerabilities
22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)
Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)
'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)
Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)
MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)
GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)
Google Patches Critical Chrome Vulnerability - Security Week
Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)
PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)
Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)
Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)
GitHub vulnerability leaks sensitive security reports | TechTarget
New Password Cracking Analysis Targets Bcrypt - Security Week
Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)
Tools and Controls
Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)
Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert
The Role of Threat Intelligence in Financial Data Protection - Security Boulevard
Automated patch management: 9 best practices for success | TechTarget
Rethinking How You Work with Detection and Response Metrics (darkreading.com)
Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard
Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek
What is multi-factor authentication (MFA), and why is it important? - Help Net Security
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)
5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)
Explore CASB use cases before you decide to buy | TechTarget
SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek
Identity-based security threats are growing rapidly: report | CSO Online
Microsoft criticized for charging for security add-ons • The Register
5 insights from new Microsoft CNAPP guide | Microsoft Security Blog
The Peril of Badly Secured Network Edge Devices (inforisktoday.com)
VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)
The first steps of establishing your cloud security strategy - Help Net Security
40% of organizations have AI policies for critical infrastructure | Security Magazine
Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)
World´s most advanced cyber defence exercise kicks off in Tallinn
CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop
Reports Published in the Last Week
Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)
Boost your data protection with insights from Dell's report - SiliconANGLE
Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)
Cyber Security in the UK - House of Commons Library (parliament.uk)
Other News
Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)
Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)
UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)
Internet cable at Cali airport cut in apparent sabotage • The Register
EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)
Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)
AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga
Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly
World´s most advanced cyber defence exercise kicks off in Tallinn
Why Cyber Security Is Key To Solving Global Crises (forbes.com)
Colleges spending more than ever on cyber security efforts (insidehighered.com)
Foreign states targeting UK universities, MI5 warns - BBC News
Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)
Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 March 2024
Black Arrow Cyber Threat Intelligence Briefing 22 March 2024:
-UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023
-1% of Users are Responsible for 88% of Data Loss Events
-Microsoft Report Says 87% of UK organisations are vulnerable to cyber attacks in the age of AI
-Cyber Naivety Leaves 4 out of 5 Businesses Wide Open and Only 1 in 5 Has a Plan
-Risk and Regulation: Preparing for the Era of Cyber Security Compliance
-Ransomware Attacks Jump 73% Within a Year
-The New CISO - Rethinking the Role
-90% of Attacks Involve Data or Credential Theft, SMBs Primary Target
-Chief Risk Officers Say Cyber Security is Most Pressing Risk
-Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats
-Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them
-Supply Chain Cyber Attacks Create Weak Spots, You Need to Prepare
-Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023
The UK Government’s Joint Committee on the National Security Strategy (JCNSS) has published its response to a ransomware enquiry with stark conclusions, stating that there is a lot to be done to truly tackle the threat posed by ransomware. The chair of the JCNSS said that the UK is and will remain exposed and unprepared if it continues to take a “head in the sand” attitude to ransomware. The minister for artificial intelligence (AI) called upon organisations to “step up their cyber security plans to guard against threats, protect their customers and workforce, and our wider economy.” This comes as the Government’s Cyber Security Longitudinal Survey (CSLS) found that three-quarters of UK businesses and 79% of UK charities experienced a cyber security incident in the last 12 months.
Despite progress, there's a pressing need for organisations to shift from viewing cyber security as solely an IT concern to recognising its integral role across all business functions, particularly in the face of escalating cyber threats. With only half of UK board members having had security training, only a quarter of businesses assessing suppliers for possible security risks, and a fifth of UK boards failing to discuss cyber security even once, the time to improve UK businesses is now.
Sources: [Emerging Risks Media Ltd] [CITY A.M.] [Verdict] [Computer Weekly]
1% of Users are Responsible for 88% of Data Loss Events
New research has shown that that 85% of organisations experienced a data loss in the past year, with 9 out of 10 of those facing a negative outcome such as business disruption, revenue loss and reputational damage. The research found that 1% of users were responsible for 88% of events. It is important to understand this is not always intentionally malicious; it can be accidental or negligent. The research found for example, that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventative strategies such as implementing a security review process for this user category.
With as little as 1% of users causing most alerts, organisations need to monitor their most sensitive data and who can access it. This should also include data loss prevention features, to further reduce the risk.
Source: [Help Net Security]
Microsoft Report Says 87% of UK Organisations are Vulnerable to Cyber Attacks in the Age of AI
New research conducted by Microsoft has found that 87% of UK Businesses are unprepared for the age of AI due to their vulnerability to cyber attacks, leaving a mere 13% considered resilient. Further, Microsoft stated that 39% of organisations were at high risk. For organisations, AI can be a tough obstacle to overcome in their journey to cyber resiliency, and it’s important to seek guidance if the available skills are not in-house.
Sources: [Microsoft] [TechRadar ] [The Times] [Infosecurity Magazine]
Cyber Naivety Leaves 4 out of 5 Businesses Wide Open, Only 1 in 5 Has a Plan
Research conducted by Cowbell Insurance has found that the UK is exhibiting a rather cavalier approach to security with 77% of UK SMEs not having any in-house security, 32% of CEOs being confident a cyber attack would not impact their ability to do business and 87% not considering reputational damage as a significant risk. This contrasts with the UK Government’s latest cyber security breaches survey, which found 59% of medium businesses experienced breaches or attacks in the last 12 months. Cowbell have stated that that UK SMEs are leaving themselves wide open to the threats and only 1 in 5 organisations had a dedicated plan to deal with a cyber attack.
A cyber security incident response plan (IRP) allows an organisation to have a documented and formalised process for dealing with a cyber incident. The IRP should be exercised annually, and cover roles and responsibilities, communications and escalations to detect, analyse, contain, eradicate and recover from an incident.
Sources: [Business Mondays] [Insurance Times] [Reinsurance News] [Gloucestershire Live]
Risk and Regulation: Preparing for the Era of Cyber Security Compliance
The next twelve months will see new regulations in many countries, and that means more things to comply with. The EU has two new regulations relating to cyber security: the NIS2 directive and the Digital Operational Resilience Act (DORA). However, despite their EU origin, the inclusion of supply chain companies within the regulations means their impact and reach will extend outside of the European Union itself. Both regulations are risk-management based in their approach.
In order to prepare, decision makers need to first understand what they are complying with and in some cases, this may require sourcing external help to fully ensure the organisation is compliant. Once this is understood, they can start implementing their compliance strategy. Research has shown that some 43% of enterprises surveyed had failed a compliance audit, making them ten times more likely to suffer a data breach.
Sources: [Security Week] [Verdict]
Ransomware Attacks Jump 73% Within a Year
A recent report has shown that ransomware surged by 46% in February 2024, compared to January of the same year and 73% higher than February of the previous year. The LockBit ransomware group claimed responsibility for 110 attacks in February alone. The results show that ransomware is not only still an issue, but one that is consistently rising and if your organisation isn’t already implementing procedures to their risk, it is imperative to start now. Lockbit was taken down in a coordinated law enforcement operation earlier this year; only time will tell how effective that operation was or whether, as with the Hydra from Greek mythology, cutting off one head just causes more to grow in its place.
Source: [TechTarget]
The New CISO - Rethinking the Role
The role of Chief Information Security Officers (CISOs) faces a pivotal transformation. Traditionally tasked with safeguarding company assets against cyber threats, CISOs now find themselves straddling the realms of security and business operations. This shift reflects a growing expectation for CISOs to align security measures with broader business objectives while navigating an increasingly complex risk landscape. With the average cost of a data breach soaring, reaching $4.45 million in 2023 according to IBM, the stakes are higher than ever. As businesses grapple with the integration of cyber security into operational strategies, CISOs are compelled to cultivate new skills, communicate effectively with boards, embrace risk-based approaches, fortify technical fundamentals, leverage automation, and meticulously document incident response plans. The evolving threat landscape demands a new breed of CISO, one who is adept at balancing resilience with operational imperatives, collaborating closely with leadership, and steering organisations through turbulent cyber waters.
Source: [Dark Reading]
90% of Attacks Involve Data or Credential Theft, SMBs Primary Target
The 2024 Sophos Threat Report sheds light on the changing tactics of ransomware operators, particularly in their targeting of small and medium-sized businesses (SMBs). Notably, the report reveals a significant surge in ransomware attacks employing remote encryption, rising by 62% between 2022 and 2023. Sophos' Managed Detection and Response (MDR) team encountered multiple cyber attacks leveraging exploits in remote monitoring and management (RMM) software, a vital component used by many MSPs and external IT providers, and thus affecting many businesses. With almost half of malware detections for SMBs attributed to data-stealing malware, the report underscores the growing value of stolen data as currency in cyber criminal circles, with initial access brokers (IABs) facilitating network breaches. Data protection emerges as a critical challenge, with over 90% of attacks involving credential theft, and business email compromise (BEC) attacks becoming increasingly sophisticated. While ransomware remains a persistent threat, the report also highlights the proliferation of malware-as-a-service (MaaS) activities, emphasising the importance for SMBs to bolster their cyber security defences against these evolving threats.
Source: [MSSP Alert]
Chief Risk Officers Say Cyber Security is Most Pressing Risk
In an inaugural global insurance risk management survey conducted by EY/Institute of International Finance (IIF), cyber security was ranked as the highest immediate concern for chief risk officers. It placed above insurance, business model change and credit risk. When it came to emerging risks over the next three years, it remained at the top spot, followed by geopolitical risk, environmental risk and machine learning and artificial intelligence.
Source: [Insurance Journal]
Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats
The latest findings from Mimecast's annual report emphasise that human error continues to be the leading cause of cyber breaches, responsible for 74% of incidents. As emerging threats like AI and deepfake technology pose increasingly sophisticated challenges, it's crucial for businesses to prioritise employee training and bolster their defence strategies.
Providing cyber security training is essential to creating a security conscious culture that educates on risk and in turn increases a company’s cyber culture. Committing to cyber security training needs to be beyond ticking a checkbox, as it allows the workforce the ability to understand, scrutinise and know how to report threats in the corporate environment. Training allows workers to be able to understand the types of threats they may face, along with red flags to look out for. Knowing how the employee should report a threat can determine whether your organisation can deal with a ransomware attack. While generic or off the shelf computer based training can be seen as an easy fix, training needs to be tailored to the organisation, its operating environment and the organisation’s culture and ways of doing business.
To mitigate this risk, organisations should consider implementing tailored cyber security education, tabletop exercises, phishing simulations, and one-on-one consulting for board members. As the responsibility of board members for cyber security strategy increases, it’s crucial to ensure their own security against evolving threats.
Sources: [Emerging Risks] [The HR Director] [WSJ] [The HR Director]
Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them
A recent report from Thales reveals a stark reality, with 93% of IT and security professionals noting a worsening trend in cyber attacks. Ransomware incidents have surged by over a quarter year-on-year, yet less than half of companies have adequate plans to address such threats, leading to 8% resorting to paying attackers' demands. Compliance failures are also on the rise, with 43% of enterprises falling short in audits, correlating with a higher incidence of cyber attacks among non-compliant organisations.
A separate report shows that despite record spending on cyber security, reaching $188 billion globally in 2023, reported data breaches in the US surged to an all-time high of 3,205, up 78% from the previous year. This paradox underscores the evolving tactics of cyber criminals. Ransomware attacks have transitioned from merely locking data to stealing and threatening to disclose it, termed Ransomware 2.0. Cloud misconfigurations, involving 82% of breaches, and exploitation of vendor systems further exacerbate the issue. Heightened awareness and improved practices are imperative to counteract the escalating threat landscape.
Supply Chain Cyber Attacks Create Weak Spots: You Need to Prepare
A recent poll by Deloitte found that nearly half of senior executives anticipate a rise in supply chain attacks in the coming year, with 33% already experiencing at least one supply-chain cyber incident within the past year. This especially rings true for healthcare, with the sector accounting for 33% of third-party data breaches in 2023. Many organisations are unsure where to even begin.
Organisations need to manage their third party risks through risk assessments, to understand the third parties that they currently or plan to use, and the data that the third party would hold or access. This enables the third parties to be prioritised with clear communications to notify the organisation in the event of a data breach.
Sources: [Security Brief ] [Beta News]
Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History
In a landmark incident, the American Hospital Association has dubbed the recent ransomware attack on Change Healthcare, a division of UnitedHealth Group’s Optum, as the most significant cyber threat ever faced by the US healthcare system. The attack, which occurred on February 21st, has severely impacted operations, affecting various healthcare entities reliant on Change Healthcare's services. UnitedHealth Group, in response, has been working to restore critical systems, aiming to reinstate electronic payment and medical claims services later this month. However, challenges persist, with cyber security experts warning that recovery efforts could extend for at least 30 days. The attack's aftermath sheds light on the healthcare sector's susceptibility to cyber threats and underscores the need for robust security measures and swift governmental responses. Reports reveal that the ransomware group responsible has received a substantial payout, raising concerns about the broader implications for healthcare providers. Cyber insurance policies are expected to help mitigate financial losses, especially for smaller entities facing cash flow disruptions.
Source: [Reinsurance News]
Governance, Risk and Compliance
Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)
Nine in ten companies at risk of cyber attacks as hackers use AI (thetimes.co.uk)
Microsoft: The UK is woefully unprepared for future AI cyber threats | ITPro
Minister: Cyber brings 'risks we can't ignore' with UK firms still vulnerable (cityam.com)
UK’s cyber resilience stagnates as more fall victim to attacks | Computer Weekly
Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week
How does cyber security training equip your workforce to spot threats? (thehrdirector.com)
New research shows UK SMEs are leaving themselves open to cyber threats: Cowbell - Reinsurance News
Only 1 in 5 SMEs have a plan in case of cyber attack - Gloucestershire Live
Chief Risk Officers Say Cyber Security Most Pressing Risk: Survey (insurancejournal.com)
Using A Security Assessment As A Measuring Stick (forbes.com)
From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)
Secrets sprawl: Protecting your critical secrets - Help Net Security
Cyber Security: Why it’s becoming harder to stay safe online (holyrood.com)
Cyber security must be a priority if the UK is serious about digitising the economy (uktech.news)
Organisations under pressure to modernize their IT infrastructures - Help Net Security
Board-level buy-in: preparing cyber defences the right way | Computer Weekly
Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware surges as compliance falters - Thales Group - Verdict
Whistleblowing And Cyber Swatting: Cyber Extortion Reaches A New Low (forbes.com)
NCC Group: Ransomware attacks jump 73% in February | TechTarget
RaaS groups increasing efforts to recruit affiliates - Help Net Security
If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ
After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)
Lockbit Strikes Back After FBI Takedown With New Ransomware Attack Details (pcmag.com)
Government not facing up to CNI cyber risks, committee warns | Computer Weekly
6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard
STOP ransomware, more common than LockBit, gains stealthier variant | SC Media (scmagazine.com)
Crypto scams more costly to US than ransomware, Feds say • The Register
TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)
What the Latest Ransomware Attacks Teach About Defending Networks (bleepingcomputer.com)
Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)
Ransomware Victims
VIEW: On the lessons learned from the British Library cyber incident - CIR Magazine
UnitedHealth advances $2 billion to providers post-cyber attack By Investing.com
Why UnitedHealth, Change Healthcare were targets of ransomware hackers
Criminal investigation into Leicester City Council cyber attack - BBC News
Yacht dealer to the celebs attack claimed by Rhysida gang • The Register
UK council eerily cagey about 'cyber incident' details • The Register
Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop
Phishing & Email Based Attacks
Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar
Five key takeaways from 2024 State of the Phish: Europe and Middle East | ITPro
Tax Hackers Blitz Small Business With Phishing Emails (darkreading.com)
Hackers Posing as Law Firms Phish Global Orgs (darkreading.com)
IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (thehackernews.com)
A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine
'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)
Spa Grand Prix email account hacked to phish banking info from fans (bleepingcomputer.com)
How to defend against phishing as a service and phishing kits | TechTarget
Other Social Engineering
Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)
IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)
Don't Answer the Phone: Inside a Real-Life Vishing Attack (darkreading.com)
Artificial Intelligence
87% of UK organisations are vulnerable to cyber attacks in the age of AI (microsoft.com)
UK’s AI ambitions pointless while cyber security is still neglected | Computer Weekly
In the rush to build AI apps, don't leave security behind • The Register
AI adoption by hackers pushed financial scams in 2023 | CSO Online
Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week
From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)
Shadow AI is the latest cyber security threat you need to prepare for - Help Net Security
Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network
Malware
The most prevalent malware behaviours and techniques - Help Net Security
Malware stands out as the fastest-growing threat of 2024 - Help Net Security
Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)
New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (thehackernews.com)
Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)
From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)
A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine
'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)
TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)
More sophisticated BunnyLoader malware variant emerges | SC Media (scmagazine.com)
Evasive Sign1 malware campaign infects 39,000 WordPress sites (bleepingcomputer.com)
Mobile
Denial of Service/DoS/DDOS
SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)
300,000 Systems Vulnerable to New Loop DoS Attack - Security Week
Telecoms is evolving – and unfortunately, so are DDoS attacks | TechRadar
Internet of Things – IoT
Unsaflok flaw can let hackers unlock millions of hotel doors (bleepingcomputer.com)
Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)
Data Breaches/Leaks
1% of users are responsible for 88% of data loss events - Help Net Security
If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ
Secrets sprawl: Protecting your critical secrets - Help Net Security
Hackers steal personal data of 43 million French job seekers | ITPro
International Monetary Fund email accounts hacked in cyber attack (bleepingcomputer.com)
IMF Investigating Cyber Security Incident Detected on Feb. 16 (bloomberglaw.com)
Threat actors leaked 70M+ records allegedly stolen from AT&T (securityaffairs.com)
AT&T says leaked data of 70 million people is not from its systems (bleepingcomputer.com)
Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)
Misconfigured Firebase Instances Expose 125 Million User Records - Security Week
Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert
Serial data thief pleads guilty to cyber crime charges • The Register
Fake data breaches: Countering the damage - Help Net Security
Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)
Nations Direct Mortgage Data Breach Impacts 83,000 Individuals - Security Week
Organised Crime & Criminal Actors
RaaS groups increasing efforts to recruit affiliates - Help Net Security
IT helpdeskers increasingly targeted by cyber criminals • The Register
Serial data thief pleads guilty to cyber crime charges • The Register
The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)
Crypto scams more costly to US than ransomware, Feds say • The Register
TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)
Insider Risk and Insider Threats
1% of users are responsible for 88% of data loss events - Help Net Security
Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)
How does cyber security training equip your workforce to spot threats? (thehrdirector.com)
Why human risk management is key to data protection (betanews.com)
As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ
FE News | How to Protect Your Data With Cyber Security Training
China-based Canadian accused of stealing Tesla trade secret • The Register
Insurance
New Regulations Make D&O Insurance a Must for CISOs (darkreading.com)
Insurers told cyber cover remains attractive but beware of accumulation risk (emergingrisks.co.uk)
Supply Chain and Third Parties
Third-party breaches create network weak spots (betanews.com)
How to Prepare for a Surge in Supply-Chain Cyber Attacks (securitybrief.co.nz)
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl (thehackernews.com)
Cloud/SaaS
Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard
Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)
Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week
Identity and Access Management
Encryption
Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)
Future inevitability of quantum computers is a security problem today - Breaking Defence
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
New acoustic attack determines keystrokes from typing patterns (bleepingcomputer.com)
WordPress Brute-Force Attacks: Sites Used As Staging Ground - Security Boulevard
What is Credential Harvesting? Examples & Prevention Methods - Security Boulevard
Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)
Misconfigured Firebase instances leaked 19 million plaintext passwords (bleepingcomputer.com)
Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert
Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)
Social Media
Training, Education and Awareness
How does cyber security training equip your workforce to spot threats? (thehrdirector.com)
As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ
FE News | How to Protect Your Data With Cyber Security Training
The Weakest Link: Securing The Human Element From Cyber Attack - Security Boulevard
Regulations, Fines and Legislation
Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week
SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)
Why do 60% of SEC Cyber Security Filings Omit CSO, CISO Info? | MSSP Alert
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
How to Battle Burnout While Protecting Your Most Valuable Asset — Your People - Benzinga
3 Ways Businesses Can Overcome the Cyber Security Skills Shortage (darkreading.com)
AI Won't Solve Cyber Security's Retention Problem (darkreading.com)
Law Enforcement Action and Take Downs
Filipino police break up forced labour cyber operation • The Register
Court jails first person convicted of cyberflashing in England | Crime | The Guardian
Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)
After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)
Serial data thief pleads guilty to cyber crime charges • The Register
Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyber Warfare: Understanding New Frontiers in Global Conflicts (darkreading.com)
Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)
Nation State Actors
China
Chinese Earth Krahang hackers breach 70 orgs in 23 countries (bleepingcomputer.com)
Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon - Security Week
The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)
“Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica
Chinese media exposes criminal smartphone farms • The Register
Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)
A look inside the Chinese cyber threat at the biggest ports in US
CISA shares critical infrastructure defence tips against Chinese hackers (bleepingcomputer.com)
Russia
Microsoft Under Attack by Russian Cyber Attackers - Security Boulevard
UK Defence Secretary jet hit by electronic warfare attack in Poland (securityaffairs.com)
Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar
Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyber Attacks (darkreading.com)
The cyberwar in Ukraine is as crucial as the battle in the trenches (economist.com)
Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)
Russia’s Hybrid Warfare with the United States | Geopolitical Monitor
Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)
The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)
“Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica
The West Should Help Expand Ukraine’s Cyber Offensive against Russia | Geopolitical Monitor
Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (thehackernews.com)
I’m a disaster expert - this is what will happen after a Russian cyber attack (inews.co.uk)
Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop
Top 5 Russian-Speaking Dark Web Forums - SOCRadar® Cyber Intelligence Inc.
Putin Sees Disastrous Start to Presidential Election (newsweek.com)
Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News
Iran
North Korea
North Korea gets 50% of foreign earnings due to weak security measures in crypto industry, UN says
North Korea's Kimsuky gang now exploiting Windows Help files • The Register
Hacks Account for Half of N. Korea Foreign-Currency Income: UN (bloomberglaw.com)
Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News
Vulnerability Management
NIST NVD Disruption Sees CVE Enrichment on Hold - Infosecurity Magazine (infosecurity-magazine.com)
No Easy Fix For Untangling Web of Critical Dependencies | Decipher (duo.com)
The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine
NIST's Vuln Database Downshifts, Prompting Questions About Its Future (darkreading.com)
Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network
Vulnerabilities
Exploitation activity increasing on Fortinet vulnerability | TechTarget
Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week
Ivanti Keeps Security Teams Scrambling With 2 More Vulns (darkreading.com)
Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (thehackernews.com)
Critical Fortinet's FortiClient EMS flaw actively exploited in the wild (securityaffairs.com)
Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (thehackernews.com)
Remove WordPress miniOrange plugins, a critical flaw can allow site takeover (securityaffairs.com)
Another Microsoft vulnerability is being used to spread malware | TechRadar
Misconfigured Firebase Instances Expose 125 Million User Records - Security Week
The Windows 11 KB5035853 update is causing BSOD errors for some users. | Windows Central
The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine
Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug (thehackernews.com)
TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)
iOS 17.4.1 release includes bug fixes and security updates | Macworld
Discontinued Security Plugins Expose Many WordPress Sites to Takeover - Security Week
Tools and Controls
Using A Security Assessment As A Measuring Stick (forbes.com)
Mastering Physical Security In Information Security (informationsecuritybuzz.com)
Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)
How to choose the best cyber security vendor for your business | ITPro
Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard
Unlocking Security Architecture In Information Security (informationsecuritybuzz.com)
6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard
From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)
Tracking Everything on the Dark Web Is Mission Critical (darkreading.com)
Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)
95% of companies face API security problems - Help Net Security
Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK
Reports Published in the Last Week
Other News
At 35, the web is broken, but its inventor hasn't given up hope of fixing it yet | ZDNET
The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)
Government not facing up to CNI cyber risks, committee warns | Computer Weekly
UK in ‘better position’ against cyber attacks, but most businesses not resilient | Evening Standard
Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)
The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (securityaffairs.com)
Aviation sector, e-commerce platforms face separate cyber threats | SC Media (scmagazine.com)
Public anxiety mounts over critical infrastructure resilience to cyber attacks - Help Net Security
Change Healthcare hack highlights lack of medical industry’s cyber security - The Washington Post
How Can We Reduce Threats From the IABs Market? (darkreading.com)
UK renewables firms facing up to 1,000 cyber attacks a day (energyvoice.com)
Cyber Attacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine
Cyber security is an urgent priority for the museums sector - Museums Association
Ethiopian Bank's Technical Glitch Lets Customers Withdraw Millions (ndtv.com)
Making Sense of Operational Technology Attacks: The Past, Present, and Future (thehackernews.com)
The Consequences for Schools and Students After a Cyber Attack - Security Boulevard
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.