Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 12 April 2024
Black Arrow Cyber Threat Intelligence Briefing 12 April 2024:
-UK Cyber Breaches Survey Finds Business Falling Short on Cyber, as Half Suffer Breach and Many Fail to Report
-The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realise
-UK Government Urged to Get on ‘Front Foot’ with Ransomware Instead of ‘Absorbing the Punches’
-74% of Employees Falling Victim to Phishing Attacks Hit with Disciplinary Actions; Egress Reveals
-Why Are Many Businesses Turning to Third-Party Security Partners?
-60% of SMBs and 74% of Businesses with up to 500 Employees are Concerned About Cyber Security as Attacks Rise
-Cyber Attacks Cost Financial Firms $12bn Says IMF
-LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call
-Most Cyber Criminal Threats are Concentrated in Just a Few Countries
-Why Incident Response is the Best Cyber Security ROI
-Ransomware Attacks are the Canaries in the Cyber Coal Mine
-Cyber Security is Crucial, but What is Risk and How do You Assess it?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Cyber Breaches Survey Finds Business Falling Short on Cyber, as Half Suffer Breach and Many Fail to Report
Half of UK businesses experienced a cyber breach last year, according to a survey by the UK Government. The figure could be much higher however, as the survey found only 34% report breaches externally.
It is said that a cyber incident is a matter of when, not if. Nonetheless, 78% of organisations lack a dedicated response plan outlining actions to be taken in the event of a cyber incident and only 11% review their immediate suppliers for risks. To improve cyber resilience, there needs to be a paradigm shift.
Sources: [Computer Weekly] [Computing] [Infosecurity Magazine] [Info Risk Today]
Cyber Attacks Cost Financial Firms $12bn Says IMF
A recent International Monetary Fund (IMF) report has highlighted significant financial losses in the financial services sector, totalling $12 billion over the last two decades due to cyber attacks, with losses accelerating post-pandemic. The number of incidents and the scale of extreme losses have sharply increased, prompting the IMF to urge enhanced cross-border cooperation to uphold the stability of the global financial system.
The report underscores the critical threat that cyber attacks pose to financial stability, particularly for banks in advanced economies which are more exposed to such risks. With major institutions like JP Morgan facing up to 45 billion cyber threats daily, the IMF emphasises the need for international collaboration to effectively manage and mitigate these risks.
Source: [Finextra]
The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realise
A critical security breach was narrowly avoided when a Microsoft developer detected suspicious activity in XZ Utils, an open-source library crucial to internet infrastructure. This discovery revealed that a new developer had implanted a sophisticated backdoor in the software, potentially giving unauthorised access to millions of servers worldwide. This incident has intensified scrutiny on the vulnerabilities of open-source software, which is largely maintained by unpaid or underfunded volunteers and serves as a backbone for the internet economy. The situation has prompted discussions among government officials and cyber security experts about enhancing the protection of open-source environments. This close call, described by some as a moment of "unreasonable luck," underscores the pressing need for sustainable support and rigorous security measures in the open-source community.
Source: [Inc.com]
UK Government Urged to Get on ‘Front Foot’ with Ransomware Instead of ‘Absorbing the Punches’
Amidst a rising tide of ransomware attacks affecting wide range of UK services, officials in Westminster are being pressured to enhance funding for operations aimed at disrupting ransomware gangs. The current strategy focuses on bolstering organisational cyber security and recovery preparedness, a stance under the second pillar of the UK's National Cyber Strategy known as resilience. However, this approach has not curbed the frequency of incidents, which have steadily increased over the past five years, impacting sectors including the NHS and local governments. In contrast to the proactive disruption efforts seen in the US, the UK has yet to allocate new funds for such measures, despite successful disruptions like the recent takedown of the LockBit gang by the US National Crime Agency, which underscored the potential benefits of increased resources for cyber crime disruption.
Source: [The Record Media]
74% of Employees Falling Victim to Phishing Attacks Hit with Disciplinary Actions
The Egress 'Email Threat Landscape 2024' report reveals a surge in phishing attacks, with 94% of companies falling victim to this type of crime in this past year alone, leading to increasingly complex cyber security challenges. According to the report, 96% of these companies suffered significant repercussions, including operational disruption and data breaches, with common attack vectors being malicious URLs, and malware or ransomware attachments.
The human cost is also notable, with 74 per cent of employees involved in attacks having faced disciplinary actions, dismissals, or voluntary departures, underscoring the severity of the issue and the heightened vigilance among companies in addressing the phishing threat. Financial losses primarily stem from customer churn, which accounts for nearly half of the total impact. Amidst rising attacks through compromised third-party accounts, Egress advocates for stronger monitoring and defence strategies to protect critical data and reduce organisational and individual hardships.
Source: [The Fintech Times]
Why Are Many Businesses Turning to Third-Party Security Partners?
In 2023, 71% of organisations reported being impacted by a cyber security skills shortage, leading many to scale back their cyber security initiatives amid escalating threats. To bridge the gap, businesses are increasingly turning to third-party security partnerships, reflecting a shift towards outsourcing crucial cyber security operations to handle complex challenges more efficiently. This approach is driven by the need to fill technical and resource gaps in the face of a severe workforce shortfall, with an estimated 600,000 unfilled security positions in the US alone. Moreover, these strategic partnerships allow organisations to leverage external expertise for scalable and effective security solutions, alleviating the burden of staying updated with the rapidly evolving threat landscape.
Source: [Help Net Security]
74% of Businesses with up to 500 Employees are Concerned About Cyber Security as Attacks Rise
According to a recent poll by the US Chamber of Commerce, 60% of small businesses expressed concerns about threats, with 58% concerned about a supply chain breakdown. The highest concern came from businesses with 20-500 employees (74%). Despite such concern, only 49% had trained staff on cyber security. When it came to the impact of a cyber event, 27% of respondents say they are one disaster or threat away from shutting down their business.
Sources: [Malwcv arebytes][Marketplace] [US Chamber]
LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call
LastPass recently reported a thwarted voice phishing attack targeting one of its employees using deepfake audio technology to impersonate CEO Karim Toubba. The attack, conducted via WhatsApp, was identified by the employee as suspicious due to the unusual communication channel and clear signs of social engineering, such as forced urgency. Despite the failure of this particular attempt, LastPass has shared the incident publicly to highlight the growing use of AI-generated deepfakes in executive impersonation schemes. This incident underscores a broader trend, as indicated by alerts from both the US Department of Health and Human Services and the FBI, pointing to an increase in sophisticated cyber attacks employing deepfake technology for fraud, social engineering, and potential influence operations.
Source: [Bleepingcomputer]
Most Cyber Criminal Threats are Concentrated in Just a Few Countries
Oxford researchers have developed the world's first cyber crime index to identify global hotspots of cyber criminal activity, ranking countries based on the prevalence and sophistication of cyber threats. The index reveals that a significant portion of cyber threats is concentrated in a few countries, with Russia and Ukraine positioned at the top, with the USA and the UK also ranking prominently. The results indicate that countries like China, Russia, Ukraine, the US, Romania, and Nigeria are among the top hubs for activities ranging from technical services to money laundering. This tool aims to refine the focus for cyber crime research and prevention efforts, although the study acknowledges the need for a broader and more representative sample of expert opinions to enhance the accuracy and applicability of the findings. The index underscores that while cyber crime may appear globally fluid, it has pronounced local concentrations.
Sources: [ThisisOxfordshire] [Phys Org]
Why Incident Response is the Best Cyber Security ROI
The Microsoft Incident Response Reference Guide predicts that most organisations will encounter one or more major security incidents where attackers gain administrative control over crucial IT systems and data. While complete prevention of cyber attacks may not be feasible, prompt and effective incident response is essential to mitigate damage and protect reputations. However, many organisations may not be adequately budgeting for incident response, and the recent UK Government report found that 78% of organisations do not have formalised incident response plans, risking prolonged recovery and increased costs. Cyber crime damages hit $23b in 2023, but the true costs of incidents includes non-financial damage such as reputational harm. If a cyber incident is a matter of when, not if, then a prepared incident response plan is the best cyber security ROI.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [CSO Online]
Ransomware Attacks are the Canaries in the Cyber Coal Mine
A recent report has found that ransomware attacks were up 110% compared to the prior month, stating that unreported attacks were up to 6 times higher. The report found that tactics are increasingly using data extortion, with 92% of attacks utilising this method.
Sources: [Silicon Republic] [The Hill]
Cyber Security is Crucial, but What is Risk and How do You Assess it?
Cyber security is an increasingly sophisticated game of cat and mouse, where the landscape is constantly shifting. Your cyber risk is the probability of negative impacts stemming from a cyber incident, but how do you assess risk?
One thing to understand is that there are a multitude of risks: risks from phishing, risks from insiders, risks from network attacks, risks of supply chain compromise, and of course, nation states. To understand risk, an organisation must first identify the information that it needs to protect, to avoid only learning of the information asset’s existence from a successful attacker. Once all assets are identified, then organisations should conduct risk assessments to identify threats and an evaluation the potential damage that can be done.
Sources: [Security Boulevard] [International Banker]
Governance, Risk and Compliance
Cyber attacks cost financial firms $12bn says IMF (finextra.com)
UK business falling short on cybersecurity warns government report (computing.co.uk)
60% of small businesses are concerned about cyber security threats | Malwarebytes
Cyber attacks on small businesses are on the rise - Marketplace
What is cyber security risk & how to assess - Security Boulevard
Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)
Why Cyber Security Is More Crucial Today Than Ever Before (internationalbanker.com)
Why are many businesses turning to third-party security partners? - Help Net Security
CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)
Why incident response is the best cyber security ROI | CSO Online
Privacy Versus Cyber – What is the Bigger Risk? | Jackson Lewis P.C. - JDSupra
Large businesses struggle to tackle cyber threats (betanews.com)
Resilience And Antifragility Are The Best Strategies For 2024 (forbes.com)
The state of secrets security: 7 action items for better managing risk - Security Boulevard
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online
Why cyberpsychology is such an important part of effective cyber security | CSO Online
Cyber Security in the Evolving Threat Landscape (securityaffairs.com)
How CISOs can make themselves ready to serve on the board | CSO Online
CISOs Need A Data-Driven Approach To Offensive Security (forbes.com)
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware surged 110pc last month, report claims (siliconrepublic.com)
Ransomware attacks are the canaries in the cyber coal mine | The Hill
Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch
Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware (darkreading.com)
Ransomware group maturity should influence ransom payment decision - Help Net Security
Proactive and Reactive Ransomware Protection Strategies - Security Boulevard
How can the energy sector bolster its resilience to ransomware attacks? - Help Net Security
CL0P's Ransomware Rampage - Security Measures for 2024 (thehackernews.com)
LockBit copycat DarkVault spurs rebranding rumour | SC Media (scmagazine.com)
Ransomware payouts hit all-time high, but that’s not the whole story (securityintelligence.com)
Ransomware Victims
Second ransomware gang says it’s extorting Change Healthcare • The Register
Targus says it is facing major cyber attack, global operations hit | TechRadar
Optics giant Hoya hit with $10 million ransomware demand (bleepingcomputer.com)
Panera Bread week-long IT outage caused by ransomware attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)
How malicious email campaigns continue to slip through the cracks - Help Net Security
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)
Cyber Criminals Invade Inboxes: What Small Businesses Can Do (pymnts.com)
Phishing Detection and Response: What You Need to Know - Security Boulevard
Other Social Engineering
Cyber Criminals Target Victims Using Social Engineering Techniques (ic3.gov)
Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)
LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)
Artificial Intelligence
China is using generative AI to carry out influence operations (securityaffairs.com)
What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru
AI risks under the auditor's lens more than ever - Help Net Security
Speed of AI development is outpacing risk assessment | Ars Technica
Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)
LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)
AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)
How Artificial Intelligence Is Fuelling Incel Communities (yahoo.com)
2FA/MFA
Malware
Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)
Sophisticated Latrodectus Malware Linked to 2017 Strain (inforisktoday.com)
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)
Bing ad posing as NordVPN aims to spread SecTopRAT malware | SC Media (scmagazine.com)
ScrubCrypt used to drop VenomRAT along with many malicious plugins (securityaffairs.com)
Unit 42: Malware-initiated scanning attacks on the rise | TechTarget
RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)
Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files (thehackernews.com)
Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)
Mobile
Denial of Service/DoS/DDOS
How Nation-State DDoS Attacks Impact Us All (darkreading.com)
DDoS Protection Needs Detective and Preventive Controls (darkreading.com)
French cities knocked offline by 'large-scale cyber attack' • The Register
Internet of Things – IoT
Amazon Removes a Feature From Fire TVs Over Security Concerns | Cord Cutters News
Over 90,000 LG Smart TVs may be exposed to remote attacks (bleepingcomputer.com)
EV Charging Stations Still Riddled With Cyber Security Vulnerabilities (darkreading.com)
UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO
Hotel check-in terminal leaks rafts of guests' room codes • The Register
Data Breaches/Leaks
Many of the world's biggest companies reported data breaches last year | TechRadar
US Data Breach Reports Surge 90% Annually in Q1 - Infosecurity Magazine (infosecurity-magazine.com)
37% of publicly shared files expose personal information - Help Net Security
Acuity confirms hackers stole non-sensitive govt data from GitHub repos (bleepingcomputer.com)
Home Depot confirms third-party data breach exposed employee info (bleepingcomputer.com)
AT&T now says data breach impacted 51 million customers (bleepingcomputer.com)
DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)
Taxi software vendor exposes personal details of nearly 300K • The Register
Employee credentials leaked in Microsoft security lapse (techmonitor.ai)
Organised Crime & Criminal Actors
Russia ranked biggest cyber crime threat to rest of the world | Tech News | Metro News
Oxford research uncovers world cyber crime hotspots | thisisoxfordshire
Cyber crooks poison GitHub search to fool developers | Computer Weekly
Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers deploy crypto drainers on thousands of WordPress sites (bleepingcomputer.com)
RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)
Insider Risk and Insider Threats
Microsoft employees exposed internal passwords in security lapse | TechCrunch
Insider Threats Surge Amid Growing Foreign Interference - Security Boulevard
Insurance
US insurers using drones to deny home insurance policies • The Register
Cyber Insurance: Sexy? No. Important? Critically yes. - Security Boulevard
Supply Chain and Third Parties
Why a near-miss cyber attack put US officials and the tech industry on edge - The Japan Times
DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)
Encryption
Linux and Open Source
The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realize | Inc.com
Supply chain attack sends shockwaves through open-source community | CyberScoop
German state ditches Microsoft for Linux and LibreOffice | ZDNET
Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch
Who’s the bigger cyber security risk – Microsoft or open source? (reason.com)
Passwords, Credential Stuffing & Brute Force Attacks
Reusing passwords: The hidden cost of convenience (bleepingcomputer.com)
Microsoft employees exposed internal passwords in security lapse | TechCrunch
CISA says Sisense hack impacts critical infrastructure orgs (bleepingcomputer.com)
Social Media
Regulations, Fines and Legislation
Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)
Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch
Spy Law Needs Fixing Now to Stop Overreach—Not a Backdoor Boost (bloomberglaw.com)
CISA: 300,000+ Small Entities Covered By Proposed Cyber Reporting Regs | MSSP Alert
CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)
Models, Frameworks and Standards
HIPAA Fundamentals for Providers | Tucker Arensberg, P.C. - JDSupra
Process and Control Today | NIS2 – cyber security directive from the EU. Get ready! (pandct.com)
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED
China is using generative AI to carry out influence operations (securityaffairs.com)
Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)
Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)
UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO
China flooding Britain with fake stamps in act of 'economic warfare' (telegraph.co.uk)
Russia
Germany to launch cyber military branch to combat Russian threats (therecord.media)
US says Russian hackers stole federal government emails during Microsoft cyber attack | TechCrunch
Macron: Russia will target Paris Olympics (insidethegames.biz)
Cyber attack on TV channel BabyTV: Toddlers suddenly exposed to Russian propaganda | NL Times
Cyber security in 2023: Estonia's year of advanced threats (e-estonia.com)
Oxford research uncovers world cyber crime hotspots | thisisoxfordshire
Most cyber criminal threats are concentrated in just a few countries, new index shows (phys.org)
Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Top Israeli spy chief exposes his true identity in online security lapse | Israel | The Guardian
Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)
Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (thehackernews.com)
Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)
Vulnerability Management
Zero-Day Attacks on the Rise: Google Reports 50% Increase in 2023 - Security Boulevard
How exposure management elevates cyber resilience - Help Net Security
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits - Security Week
Unit 42: Malware-initiated scanning attacks on the rise | TechTarget
Vulnerabilities
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (thehackernews.com)
Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products - Security Week
SAP's April 2024 Updates Patch High-Severity Vulnerabilities - Security Week
Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers - Security Week
Two new bugs can bypass detection and steal SharePoint data | SC Media (scmagazine.com)
New SharePoint flaws help hackers evade detection when stealing files (bleepingcomputer.com)
Hackers Claiming of Working Windows 0-Day LPE Exploit (cybersecuritynews.com)
Microsoft fixes five security vulnerabilities in Edge 123 - Neowin
Cisco Warns of Vulnerability in Discontinued Small Business Routers - Security Week
Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)
+16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 (securityaffairs.com)
Over 92,000 exposed D-Link NAS devices have a backdoor account (bleepingcomputer.com)
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits - Security Week
Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (thehackernews.com)
Intel and Lenovo servers impacted by 6-year-old BMC flaw (bleepingcomputer.com)
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)
Fortinet Patches Critical RCE Vulnerability in FortiClientLinux - Security Week
Researchers Resurrect Spectre v2 Attack Against Intel CPUs - Security Week
AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)
Severe Vulnerabilities Discovered in Software to Protect Internet Routing (prleap.com)
Tools and Controls
Seven ways to be sure you can restore from backup | Computer Weekly
Why incident response is the best cyber security ROI | CSO Online
Improving Dark Web Investigations with Threat Intelligence | Recorded Future
What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru
What is cyber security risk & how to assess - Security Boulevard
Your Guide to Threat Detection and Response - Security Boulevard
Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)
How exposure management elevates cyber resilience - Help Net Security
Phishing Detection and Response: What You Need to Know - Security Boulevard
The state of secrets security: 7 action items for better managing risk - Security Boulevard
How Red Team Exercises Increases Your Cyber Health | Trend Micro (US)
How Google’s 90-day TLS certificate validity proposal will affect enterprises - Help Net Security
Reports Published in the Last Week
Other News
Third of charities experienced a cyber breach last year, government reports (civilsociety.co.uk)
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (thehackernews.com)
OODA Loop - The Water Sector Is Being Threatened. That Should Worry Everyone
France Bracing for Cyber Attacks During Summer Olympics - The New York Times (nytimes.com)
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task | TechTarget
The Baltimore Bridge Collapse Is a Warning | Proceedings - April 2024 Vol. 150/4/1,454 (usni.org)
Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)
Financial sector cyber security at the helm of investor protection | Mint (livemint.com)
US Health Dept warns hospitals of hackers targeting IT help desks (bleepingcomputer.com)
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online
Software-Defined Vehicle Fleets Face a Twisty Road on Cyber Security (darkreading.com)
Independent Pharmacies Must Prioritize Cyber Security (drugtopics.com)
Devious 'man in the middle' hacks on the rise: How to stay safe | PCWorld
Top 10 Attacker Techniques: What do They Mean for MSSPs? | MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 January 2024
Black Arrow Cyber Threat Intelligence Briefing 19 January 2024:
-World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
-Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
-Researcher Uncovers One of The Biggest Password Dumps in Recent History
-Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
-75% of Organisations Hit by Ransomware in 2023
-The Dangers of Quadruple Blow Ransomware Attacks
-Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
-It’s a New Year and a Good Time for a Cyber Security Checkup
-Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
-Cyber Threats Top Global Business Risk Concern for 2024
-Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
-With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
-Digital Resilience – a Step Up from Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.
The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.
Sources: [ITPro] [The Debrief]
Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.
However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.
Sources: [ITPro] [Law Society] [Security Brief] [Financial Times] [Infosecurity Magazine]
Researcher Uncovers One of The Biggest Password Dumps in Recent History
Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.
Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.
Source: [Ars Technica]
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.
Source: [Infosecurity Magazine]
75% of Organisations Hit by Ransomware in 2023
A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.
Source: [Infosecurity Magazine]
The Dangers of Quadruple Blow Ransomware Attacks
With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.
This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.
Source: [TechRadar]
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.
Source: [Infosecurity Magazine]
It’s a New Year and a Good Time for a Cyber Security Checkup
2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.
Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.
Source: [JDSupra]
Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.
In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.
Source: [The Hacker News]
Cyber Threats Top Global Business Risk Concern for 2024
Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.
Source: [Insurance Journal]
Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company. When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.
Source: [Quartz]
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.
Source: [Dark Reading]
Digital Resilience: a Step Up from Cyber Security
In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [CSO Online] [Financial Times]
Governance, Risk and Compliance
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Improving Supply Chain Security, Resiliency (informationweek.com)
Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
How to Recover After Failing a Cyber Security Audit - Security Boulevard
Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Security considerations during layoffs: Advice from an MSSP - Help Net Security
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
How to improve cyber resilience across your workforce (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)
3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)
Ransomware causes mental, physical trauma to security pros • The Register
The dangers of quadruple blow ransomware attacks | TechRadar
Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security
TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)
Ransomware negotiation: When cyber security meets crisis management - Help Net Security
Ransomware Victims
Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
British Library to share learning from cyber attack - Museums Association
British Library starts restoring services online after hack - BBC News
British cosmetics firm Lush confirms cyber attack (therecord.media)
Delay to Manx Care dental services after cyber attack - BBC News
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)
A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar
Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)
Phishing & Email Based Attacks
Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar
US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard
Artificial Intelligence
AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)
How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)
Adversaries exploit trends, target popular GenAI apps - Help Net Security
The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
2FA/MFA
Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Malware
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)
Data-theft malware exploits Windows Defender SmartScreen • The Register
MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
5 malware mistakes most people make while traveling and trying to charge (nypost.com)
Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)
Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar
JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard
$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Modernising print security for today’s working world | TechRadar
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Data Breaches/Leaks
Insufficient cyber security caused PSNI data breach (iapp.org)
Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Organised Crime & Criminal Actors
Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard
Illegal online casinos spread crypto-crime across Asia • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)
Illegal online casinos spread crypto-crime across Asia • The Register
Insider Risk and Insider Threats
Insurance
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)
Supply Chain and Third Parties
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
Improving Supply Chain Security, Resiliency (informationweek.com)
Cloud/SaaS
Insurance website's buggy API leaked Office 365 password • The Register
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
3 ways to combat rising OAuth SaaS attacks - Help Net Security
FBI: Beware of cloud-credential thieves building botnets • The Register
Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Researcher uncovers one of the biggest password dumps in recent history | Ars Technica
Insurance website's buggy API leaked Office 365 password • The Register
FBI: Beware of cloud-credential thieves building botnets • The Register
Social Media
Malvertising
Training, Education and Awareness
The right strategy for effective cyber security awareness - Help Net Security
Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard
How to improve cyber resilience across your workforce (ft.com)
Regulations, Fines and Legislation
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
IT consultant in Germany fined for exposing shoddy security • The Register
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK
Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard
Home improvement marketers dial up trouble from regulator • The Register
Models, Frameworks and Standards
10 cyber security frameworks you need to know about - Help Net Security
NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST
Backup and Recovery
Data Protection
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
Careers, Working in Cyber and Information Security
Ransomware causes mental, physical trauma to security pros • The Register
Protecting the protectors: combating stress in the cyber security industry | The Independent
Best practices to mitigate alert fatigue - Help Net Security
Universities not delivering the right skills for cyber security (betanews.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
Nation State Actors
China
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)
Russia
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)
Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)
Russia finds way around sanctions on battlefield tech: report – POLITICO
Moscow imports a third of battlefield tech from western companies (ft.com)
Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
CISA: Critical SharePoint vuln is under active exploitation • The Register
Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)
Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)
VMware Urges Customers to Patch Critical Aria Automation Vulnerability - SecurityWeek
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)
Two more Citrix NetScaler bugs exploited in the wild • The Register
Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Windows 10 security update requires some major changes - experts only need apply | TechRadar
GitLab Patches Critical Password Reset Vulnerability - SecurityWeek
Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek
Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)
New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)
Tools and Controls
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
Key elements for a successful cyber risk management strategy - Help Net Security
Preventing insider access from leaking to malicious actors - Help Net Security
Over 90 percent of organisations set to increase data protection spending (betanews.com)
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
Best practices to mitigate alert fatigue - Help Net Security
Modernising print security for today’s working world | TechRadar
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
Digital nomads amplify identity fraud risks - Help Net Security
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
The right strategy for effective cyber security awareness - Help Net Security
SOC-as-a-Service: The Five Must-Have Features - Security Boulevard
Other News
What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)
How news organisations became a prime target for cyber attacks (pressgazette.co.uk)
UK doubles spending on overseas cyber security projects (ft.com)
Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 March 2022
Black Arrow Cyber Threat Briefing 25 March 2022:
-Morgan Stanley Client Accounts Breached in Social Engineering Attacks
-Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More
-Phishing Kits Constantly Evolve to Evade Security Software
-Ransomware Payments, Demands Rose Dramatically in 2021
-7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in UK
-Here's How Fast Ransomware Encrypts Files
-HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For
-The Cyber Warfare Predicted In Ukraine May Be Yet To Come
-The Three Russian Cyber Attacks The West Most Fears
-Do These 8 Things Now To Boost Your Security Ahead Of Potential Russian Cyber Attacks
-Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone
-Expanding Threat Landscape: Cyber Criminals Attacking from All Sides
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Morgan Stanley Client Accounts Breached in Social Engineering Attacks
Morgan Stanley Wealth Management says some of its customers had their accounts compromised in social engineering attacks.
The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a voice call to convince their targets into revealing sensitive information such as banking or login credentials.
The company said in a notice sent to affected clients that, "on or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.
After successfully breaching their accounts, the attacker also electronically transferred money to their own bank account by initiating payments using the Zelle payment service.
Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More
Business email compromise (BEC) remains the biggest source of financial losses, which totalled $2.4 billion in 2021, up from an estimated $1.8 billion in 2020, according to the Federal Bureau of Investigation's (FBI) Internet Crime Center (IC3).
The FBI says in its 2021 annual report that Americans last year lost $6.9 billion to scammers and cyber criminals through ransomware, BEC, and cryptocurrency theft related to financial and romance scams. In 2020, that figure stood at $4.2 billion.
Last year, FBI's Internet Crime Complaint Center (IC3) received 847,376 complaints about cybercrime losses, up 7% from 791,790 complaints in 2020.
BEC has been the largest source of fraud for several years despite ransomware attacks grabbing most headlines.
Phishing Kits Constantly Evolve to Evade Security Software
Modern phishing kits sold on cybercrime forums as off-the-shelf packages feature multiple, sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won’t mark them as a threat.
Fake websites that mimic well-known brands are abundant on the internet to lure victims and steal their payment details or account credentials.
Most of these websites are built using phishing kits that feature brand logos, realistic login pages, and in cases of advanced offerings, dynamic webpages assembled from a set of basic elements.
Ransomware Payment Demands Rose Dramatically in 2021
Ransomware attackers demanded dramatically higher ransom fees last year, and the average ransom payment rose by 78% to $541,010, according to data from incident response (IR) cases investigated by Palo Alto Networks Unit 42.
IR cases by Unit 42 also saw a whopping 144% increase in ransom demands, to $2.2 million. According to the report, the most victimised sectors were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.
Cyber extortion spiked, with 85% of ransomware victims — some 2, 556 organisations — having their data dumped and exposed on leak sites, according to the "2022 Unit 42 Ransomware Threat Report."
Conti led the ransomware attack volume, representing some one in five cases Unit 42 investigated, followed by REvil, Hello Kitty, and Phobos.
https://www.darkreading.com/attacks-breaches/ransomware-payments-demands-rose-dramatically-in-2021
7 Suspected Members of LAPSUS$ Hacker Gang, aged 16 to 21, Arrested in UK
The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.
"The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector, Michael O'Sullivan, said in a statement shared with The Hacker News. "Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."
The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based teenager is the mastermind of the group. It's not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is alleged to have accumulated about $14 million in Bitcoin from hacking.
https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html
Here's How Fast Ransomware Encrypts Files
Forty-two minutes and 54 seconds: that's how quickly the median ransomware variant can encrypt and lock out a victim from 100,000 of their files.
The data point came from Splunk's SURGe team, which analysed in its lab how quickly the 10 biggest ransomware strains — Lockbit, REvil, Blackmatter, Conti, Ryuk, Avaddon, Babuk, Darkside, Maize, and Mespinoza — could encrypt 100,000 files consisting of some 53.93 gigabytes of data. Lockbit won the race, with speeds of 86% faster than the median. One Lockbit sample was clocked at encrypting 25,000 files per minute.
Splunk's team found that ransomware variants are all over the map speed-wise, and the underlying hardware can dictate their encryption speeds.
https://www.darkreading.com/application-security/here-s-how-fast-ransomware-encrypts-files
HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For
Web malware (47%) and ransomware (42%) now top the list of security threats that organisations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.
This is according to research published by Menlo Security, exploring what steps organisations are taking to secure themselves in the wake of a new class of cyber threats – known as Highly Evasive Adaptive Threats (HEAT).
As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.
https://www.helpnetsecurity.com/2022/03/22/web-security-threats/
The Cyber Warfare Predicted in Ukraine May Be Yet to Come
In the build-up to Russia’s invasion of Ukraine, the national security community braced for a campaign combining military combat, disinformation, electronic warfare and cyber attacks. Vladimir Putin would deploy devastating cyber operations, the thinking went, to disable government and critical infrastructure, blind Ukrainian surveillance capabilities and limit lines of communications to help invading forces. But that’s not how it has played out. At least, not yet.
The danger is that as political and economic conditions deteriorate, the red lines and escalation judgments that kept Moscow’s most potent cyber capabilities in check may adjust. Western sanctions and lethal aid support to Ukraine may prompt Russian hackers to lash out against the west. Russian ransomware actors may also take advantage of the situation, possibly resorting to cyber crime as one of the few means of revenue generation.
https://www.ft.com/content/2938a3cd-1825-4013-8219-4ee6342e20ca
The Three Russian Cyber Attacks the West Most Fears
The UK's cyber authorities are supporting the White House's calls for "increased cyber-security precautions", though neither has given any evidence that Russia is planning a cyber-attack.
Russia has previously stated that such accusations are "Russophobic".
However, Russia is a cyber-superpower with a serious arsenal of cyber-tools, and hackers capable of disruptive and potentially destructive cyber-attacks.
Ukraine has remained relatively untroubled by Russian cyber-offensives but experts now fear that Russia may go on a cyber-offensive against Ukraine's allies.
"Biden's warnings seem plausible, particularly as the West introduced more sanctions, hacktivists continue to join the fray, and the kinetic aspects of the invasion seemingly don't go to plan," says Jen Ellis, from cyber-security firm Rapid7.
This article from the BCC outlines the hacks that experts most fear, and they are repeats of things we have already seen coming out of Russia, only potentially a lot more destructive this time around.
https://www.bbc.co.uk/news/technology-60841924
Do These 8 Things Now to Boost Your Security Ahead of Potential Russian Cyber Attacks
The message comes as the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) ramp up warnings about Russian hacking of everything from online accounts to satellite broadband networks. CISA's current campaign is called Shields Up, which urges all organisations to patch immediately and secure network boundaries. This messaging is being echoed by UK and other Western Cyber authorities:
The use of Multi-Factor Authentication (MFA) is being very strongly advocated. The White House and other agencies both sides of the Atlantic also urged companies to take seven other steps:
Deploy modern security tools on your computers and devices to continuously look for and mitigate threats
Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors
Back up your data and ensure you have offline backups beyond the reach of malicious actors
Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack
Encrypt your data so it cannot be used if it is stolen
Educate your employees to common tactics that attackers will use over email or through websites
Work with specialists to establish relationships in advance of any cyber incidents.
Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone
The FBI's Internet Crime Complaint Center (IC3) reported a record-breaking year for 2021 in the number of complaints it received, among which business email compromise (BEC) attacks made up the majority of incidents.
IC3 handled 847,376 complaint reports last year — an increase of 7% over 2020 — which mainly revolved around phishing attacks, nonpayment/nondelivery scams, and personal data breaches. Overall, losses amounted to more than $6.9 billion.
BEC and email account compromises ranked as the No. 1 attack, accounting for 19,954 complaints and losses of around $2.4 billion.
"In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them," Paul Abbate, deputy director of the FBI wrote in the IC3's newly published annual report.
Expanding Threat Landscape: Cyber Criminals Attacking from All Sides
Research from Trend Micro warns of spiralling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organisations and individuals.
“Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks,” said Jon Clay, VP of threat intelligence at Trend Micro.
“Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted.”
Ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit. Ransomware-as-a-service offerings have opened the market to attackers with limited technical knowledge – but also given rise to more specialisation, such as initial access brokers who are now an essential part of the cybercrime supply chain.
Threat actors are also getting better at exploiting human error to compromise cloud infrastructure and remote workers. Trend Micro detected and prevented 25.7 million email threats in 2021 compared to 16.7 million in 2020, with the volume of blocked phishing attempts nearly doubling over the period. Research shows home workers are often prone to take more risks than those in the office, which makes phishing a particular risk.
https://www.helpnetsecurity.com/2022/03/22/threat-actors-increase-attack/
Threats
Ransomware
Ransomware Infections Follow Precursor Malware – Lumu • The Register
Ransomware, Malware-as-a-Service Dominate Threat Landscape | SecurityWeek.Com
AvosLocker Ransomware - What You Need To Know | The State of Security (tripwire.com)
What the Conti Ransomware Group Data Leak Tells Us (darkreading.com)
Ransomware Demands And Payments Increase With Use Of Leak Sites (computerweekly.com)
Ten Notorious Ransomware Strains Put to The Encryption Speed Test (bleepingcomputer.com)
Lockbit Wins Ransomware Speed Test, Encrypts 25k Files/Min • The Register
Talos warns of BlackMatter-linked BlackCat Ransomware • The Register
Report: 89% of Organizations Say Kubernetes Ransomware Is A Problem Today | VentureBeat
Top Russian Meat Producer Hit with Windows BitLocker Encryption Attack (bleepingcomputer.com)
Greece's Public Postal Service Offline Due To Ransomware Attack (bleepingcomputer.com)
Lawsuit Claims Kronos Breach Exposed Data For 'Millions' (techtarget.com)
Estonian Man Sentenced To Prison For Role In Cyber Intrusions, Ransomware Attacks - CyberScoop
Phishing & Email
New Phishing Toolkit Lets Anyone Create Fake Chrome Browser Windows (bleepingcomputer.com)
Browser-in-the-Browser Attack Makes Phishing Nearly Invisible | Threatpost
'Unique Attack Chain' Drops Backdoor in New Phishing Campaign (darkreading.com)
Other Social Engineering
Malware
Malicious Microsoft Excel Add-Ins Used to Deliver RAT Malware (bleepingcomputer.com)
BitRAT Malware Now Spreading As A Windows 10 License Activator (bleepingcomputer.com)
Mobile
URL Rendering Trick Enabled WhatsApp, Signal, iMessage Phishing (bleepingcomputer.com)
Downloaders Currently the Most Prevalent Android Malware (darkreading.com)
Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users (thehackernews.com)
Android Password-Stealing Malware Infects 100,000 Google Play Users (bleepingcomputer.com)
IoT
Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns (thehackernews.com)
Honda Civics Vulnerable To Remote Unlock, Start Hack • The Register
Data Breaches/Leaks
UK MoD's Capita-Run Recruitment Portal Support Offline • The Register
Background Check Company Sued Over Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Organised Crime & Criminal Actors
Who is LAPSUS$, the Gang Hacking Microsoft, Samsung, and Okta? (gizmodo.com)
Hackers Are Targeting European Refugee Charities -Ukrainian Official | Reuters
Hackers Steal From Hackers By Pushing Fake Malware On Forums (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking
An Investigation of Cryptocurrency Scams and Schemes (trendmicro.com)
Global Regulators Monitor Crypto Use in Ukraine War | Reuters
Cryptocurrency Companies Impacted by HubSpot Breach (techtarget.com)
Insider Risk and Insider Threats
6 Types Of Insider Threats And How To Prevent Them (techtarget.com)
HP Staffer Blew $5m On Personal Expenses With Company Card • The Register
Fraud, Scams & Financial Crime
Internet Crime in 2021: Investment Fraud Losses Soar - Help Net Security
NFT Fraud in the UK Soars 400% in 2021 - Infosecurity Magazine (infosecurity-magazine.com)
DeFiance Capital Founder Loses $1.7M in NFTs To Phishing Scam - Decrypt
Insurance
Dark Web
Supply Chain
Cloud
Passwords & Credential Stuffing
Spyware, Espionage & Cyber Warfare
Nation State Actors
Nation State Actors – Russia
Internet Sanctions Against Russia Pose Risks, Challenges For Businesses | CSO Online
Is It Safe To Use Russian-Based Kaspersky Antivirus? No, And Here's Why (komando.com)
Anonymous Leaked 28gb of Data Stolen from The Central Bank of Russia - Security Affairs
President Biden Says Russia Exploring Revenge Cyber Attacks • The Register
Analysis: Putin's next escalation could be a direct cyberattack on the West - CNNPolitics
Russia-backed Hackers Bypassed MFA, Exploited Print Vulnerability - MSSP Alert
Hackers Around The World Deluge Russia's Internet With Simple, Effective Cyber Attacks (nbcnews.com)
Anonymous Targets Western Companies Still Active in Russia - Security Affairs
Ukrainian Enterprises Hit with the DoubleZero Wiper - Security Affairs
NATO, G-7 Leaders Promise Bulwark Against Retaliatory Russian Cyber Attacks (cyberscoop.com)
Russia Hacked Ukrainian Satellite Communications, Officials Believe - BBC News
Russia-linked InvisiMole APT Targets State Organizations Of Ukraine - Security Affairs
Corrupted Open-Source Software Enters the Russian Battlefield | ZDNet
Nestlé Says 'Anonymous' Data Leak Actually A Self-Own • The Register
Nation State Actors – China
Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion (thehackernews.com)
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection | Threatpost
Mustang Panda Hacking Group Takes Advantage Of Ukraine Crisis In New Attacks | ZDNet
Nation State Actors – North Korea
Vulnerabilities
CISA Adds 66 Vulnerabilities To List Of Bugs Exploited In Attacks (bleepingcomputer.com)
Three Critical RCE Flaws Affect Hundreds of HP Printer Models - Security Affairs
Critical Sophos Firewall vulnerability allows remote code execution (bleepingcomputer.com)
VMware Fixes Carbon Black Command Injection, Upload Bugs • The Register
Western Digital Fixes Critical Bug Giving Root On My Cloud NAS Devices (bleepingcomputer.com)
Sector Specific
Health/Medical/Pharma Sector
Scottish Mental Health Charity SAMH Targeted In Cyber Attack - BBC News
Over 1 Million Impacted in Data Breach at Texas Dental Services Provider | SecurityWeek.Com
Retail/eCommerce
Transport and Aviation
Energy & Utilities
Education and Academia
Reports Published in the Last Week
Other News
A Better Grasp of Cyber Attack Tactics Can Stop Criminals Faster (bleepingcomputer.com)
The Chaos (and Cost) of the Lapsus$ Hacking Carnage | SecurityWeek.Com
Soldiers told to use Signal instead of WhatsApp for security | The Times
Cyber Security Compliance: Start With Proven Best Practices - Help Net Security
Only 27% of Orgs Have Advanced Threat Protection on Endpoints | VentureBeat
Okta Breach Leads To Questions On Disclosure, Reliance On Third-Party Vendors - CyberScoop
The Challenges Audit Leaders Need To Look Out For This Year - Help Net Security
South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau (thehackernews.com)
ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed - Infosecurity Magazine
Security Teams are Responsible for Over 165k Assets - Infosecurity Magazine
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.