Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 6 October 2023
Black Arrow Cyber Threat Intelligence Briefing 06 October 2023:
-Many Cyber Attacks Begin by Breaking Human Trust
-BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data
-SME Cyber Security Knowledge Gap Widens
-UK Security Budgets Under Strain as Cyber Incidents Soar
-Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount
-FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours
-Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business
-Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported
-Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums
-Evolving Conversations: Cyber Security as a Business Risk
-Threats in Cloud Top the List of Executive Cyber Concerns
-Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Many Cyber Attacks Begin by Breaking Human Trust
One of the most visible cyber attacks in recent months has reminded us that we all play a role in security, and people remain a favourite route for attackers. In the recent attack on MGM Resorts, an employee unwittingly helped the attacker to access the organisation’s systems and information. The attack highlights the power of social engineering as an attack vector, and that any size of business can fall victim.
One of the ways organisations can help to protect themselves is to provide social engineering training to employees. This builds resilience by helping employees to understand, recognise and avoid becoming a victim, recognising that cyber security involves more than just technology.
Despite some improvements in awareness programs, organisations face hurdles including budget constraints, limited training time and understaffing. Training should be continuous and target major risk areas such as phishing, vishing and password management, while fostering a proactive security culture.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes ensure employee engagement and build a cyber security culture to protect the organisation.
Sources: [GovTech] [Bloomberg] [Security Week]
BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data
Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices. Many organisations welcome a bring your own device (BYOD) policy, yet are not managing these devices effectively.
Without appropriate management of BYOD devices, organisations are allowing a number of unknown devices onto the corporate scene; these devices can be unpatched, unregulated and can lack adequate security measures, without the organisation even being aware.
Source: [The Register]
SME Cyber Security Knowledge Gap Widens
Recent findings underscore a growing concern: a significant cyber security knowledge gap among small and medium size enterprises (SMEs). The report found that 22% of employees are concerned their actions could contribute to a cyber attack or data breach. Alarmingly, more than three-quarters of senior executives are unable to identify cyber threats or distinguish phishing emails from legitimate ones.
Despite the clear risks, three out of four SMEs do not provide any form of cyber security training to their staff. This reveals a concerning disconnect: while the majority of business owners do not perceive their staff as potential cyber security risks, many employees themselves acknowledge that they could inadvertently cause such issues.
Adding to the concern, 60% of SMEs have no plans to increase their security budget in the coming year. Two-thirds of these businesses do not view cyber security as a priority. In fact, only one in five SMEs are even considering investing in cyber insurance. This widening knowledge gap in SME cyber security is indeed troubling and calls for immediate attention.
Sources: [Insurance Journal] [Dealer Support] [IT Security Guru]
UK Security Budgets Under Strain as Cyber Incidents Soar
A recent report found that UK businesses have suffered a 25% increase in cyber incidents in the last year, against a backdrop of budgetary constraints on implementing cyber security strategies. The report found that, despite spending more than £40,000 a year on cyber security protection, more than a quarter of organisations think their cyber security budget is inadequate to fully protect them from growing threats. This is as UK businesses have experienced, on average, 30 cyber incidents over the last 12 months, a 25% increase compared to last year.
The report identified that a lack of key skills remains one of the main concerns in tackling rising cyber threats. So much so that 30% of cyber staff admit to currently facing burnout. This pressure also means that less than half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56%) and malware (55%).
Sources: [Silicon] [Verdict] [CSO Online]
Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount
A recent EY survey of cyber security leaders reported that just 1 in 5 found their organisation’s approach to cyber defences to effective and just 36% are satisfied with the levels of best practices by teams outside the IT department. The report also found that despite higher levels of spending, the organisation’s cyber security detection and response appeared slow; 76% of respondents took six months or longer to detect and respond to an incident.
Source: [EY]
FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours
The FBI has flagged dual ransomware attacks, where attackers will attack a company twice within a few hours, as an emerging trend. This comes as an increasing number of ransomware actors are deploying their ransomware within 24 hours of initial access, and in 10% of cases, within just a few hours. Comparing this to last year, where the median time was four and a half days, organisations have significantly less time to enact their response, if they have one.
Sources: [Tech Monitor] [The Cord] [Information Security] [Beta News] [Cision] [The Record] [Malware Bytes]
Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business
A new report from Ivanti into hidden threats finds that one in three employees believe their actions do not impact their organisation's security. The research shows that Millennial and Gen Z office workers are more likely to have unsafe cyber security habits when compared to Gen X and older (those above 40 years of age). The report also finds that men and leaders are more comfortable contacting a security employee with a question or concern, with leaders at an organisation the most likely to reach out with a question at 72%.
The report also highlighted that phishing scams were found to be greatly underreported by those aged 40 and under, with 23% saying that they did not report the last phishing attempt they received, the most the most likely reason for this being “I didn’t think it was important”. In contrast, of the older demographic only 12% failed to report. Cyber security has only recently become the leading concern among C-suites and executives; however, security leaders need to enable all employees to play defence against threat actors and proactively build an open and welcoming security culture.
Sources: [Techradar] [Beta News] [HelpNet Security]
Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported
Over half (52%) of cyber security professionals are experiencing an increase in cyber attacks compared to a year ago, according to new research. Further findings revealed that only 40% of organisations conducted a cyber risk assessment annually. By conducting risk assessments, organisations are able to identify their vulnerabilities and address them, before an attacker gets the chance to exploit them.
Further, in a recent survey conducted by ISACA, which collated insights from over 2,000 security leaders globally, a significant 62% of respondents say that organisations are under-reporting cyber crime incidents. The report also revealed 59% indicate their cyber security teams are undermanned, and the challenge of retaining skilled cyber security professionals remains, with 56% experiencing retention issues.
Sources: [MSSP Alert] [Security Brief] [InfoSecurity Magazine ]
Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums
According to a recent survey, budgets for cyber security have grown 70% in the last five years and whilst these have risen, so have cyber insurance premiums (50%), due to the increase in ransomware attacks.
Insurance firms have not been able to sustain losses they were incurring without passing on these costs to their customers. At the same time, obtaining cyber insurance is getting exponentially harder, with more and more stringent controls and measures being mandated by insurance companies before underwriting to minimise their exposure.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Global Reinsurance]
Evolving Conversations: Cyber Security as a Business Risk
According to a report, only 53% of board members report having regular interactions with their cyber security experts, leaving nearly half without a strong and distinct Chief Information Security Officer (CISO) perspective in the decision making process.
By including CISOs or virtual CISOS (vCISOS) in board processes, the board can better understand the cyber implications of decisions, after all, you wouldn’t make a board-level financial decision without involving the CFO.
Source: [HelpNet Security]
Threats in Cloud Top the List of Executive Cyber Concerns
A recent report published by PwC has found that cloud-related threats are the top concern for organisations that have adopted the technology. These security concerns intensify for organisations with multiple clouds or hybrid infrastructures, with the report finding more than half of respondents citing cloud security as their most pressing concern.
The report highlighted that despite the focus on cloud security, nearly every organisation had risk management lapses. Nearly a third of respondents had yet to address disaster recovery and backup with their cloud service provider, and more than two in five pointed to in-house cloud skills gaps as a lingering risk factor.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [CIO Dive]
Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection
Recent research shows that hackers are increasingly using sophisticated tactics to get their phishing emails past companies’ cyber security defences. One key finding of the report is the percentage of phishing emails that use obfuscation techniques to avoid detection jumped by 24.4% in 2023. More than half of malicious emails, or 55.2%, now use such tactics. The report found that the most widely used obfuscation technique is HTML smuggling. This is the practice of hiding malicious raw code in a seemingly legitimate HTML page; the code only turns into malware after clearing the cyber security filtering.
The use of chatbots or large language models have lowered the barrier for entry to cyber crime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone. The reports found that tools designed to detect AI-generated phishing emails work unreliability or don’t work at all in 71.4% of cases.
Source: [Silicon Angle]
Governance, Risk and Compliance
Cyber security: Still No. 1 on Every CIO's Agenda (govtech.com)
Poor cyber security habits are common among younger employees - Help Net Security
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
People Still Matter in Cyber security Management (darkreading.com)
UK businesses face tightening cyber security budgets as incidents spike | CSO Online
Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive
Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot (darkreading.com)
Evolving conversations: Cyber security as a business risk - Help Net Security
Cyber security preparedness pays big dividends for businesses - Help Net Security
Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)
Gartner: Spending On Cyber security Services Is Outpacing Expectations In 2023 | CRN
Cyber leaders’ confidence in their organisation’s defences plummets, but costs mount | EY - Global
CISO's compass: Mastering tech, inspiring teams, and confronting risk - Help Net Security
Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024 (darkreading.com)
High-business-impact outages are incredibly expensive - Help Net Security
78% of organisations under-report cyber attacks: ISACA (securitybrief.co.nz)
Moody’s cyber survey reveals growing budgets and improved governance - Reinsurance News
How To Talk To Your Board And C-suite About Cyber Preparedness | Scoop News
Threats
Ransomware, Extortion and Destructive Attacks
Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance
Ransomware is deployed faster as cyber criminals seek to avoid detection (betanews.com)
Microsoft: Human-operated ransomware attacks tripled over past year (therecord.media)
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Dual ransomware attacks: FBI warns of twin threat to businesses (techmonitor.ai)
Ransomware gangs destroying data, using multiple strains during attacks: FBI (therecord.media)
Why the public sector is an easy target for ransomware | TechCrunch
Banks beware: Why one ransomware victim decided to pay up | American Banker
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)
Feds hopelessly behind the times on ransomware trends • The Register
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
Ransomware reinfections on the rise from improper remediation (malwarebytes.com)
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (bleepingcomputer.com)
Ransomware gangs now exploiting critical TeamCity RCE flaw (bleepingcomputer.com)
Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV (securityaffairs.com)
Ransomware disrupts hospitality, healthcare in September | TechTarget
Ransomware Attacks: Bad for Hospitals, Deadly for Patients - Tradeoffs
Lorenz ransomware embroiled in its own two-year data leak • The Register
Ransomware Victims
LockBit crime spree includes FDF and UK law firm (techmonitor.ai)
Motel One discloses data breach following ransomware attack (bleepingcomputer.com)
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
MGM Resorts Refused to Pay Ransom in Cyber attack on Casinos - WSJ
Ransomware attack on Johnson Controls may have exposed sensitive DHS data (securityaffairs.com)
South African insurance clients hit in massive global cyber attack (mybroadband.co.za)
Sony sent data breach notifications to about 6,800 individuals (securityaffairs.com)
Phishing & Email Based Attacks
Report: Over half of phishing emails now use obfuscation tactics to avoid detection - SiliconANGLE
Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)
Will generative AI really supercharge phishing attacks? - Tech Monitor
Other Social Engineering; Smishing, Vishing, etc
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
MGM Cyber attack Shows How Hackers Deploy Social Engineering - Bloomberg
Casino Hackers Use Low-Tech Tricks to Exploit Corporate Targets (bloomberglaw.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
USPS Anchors Snowballing Smishing Campaigns (darkreading.com)
Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
Bing Chat's ads unleash malware mayhem: Users lured into dangerous websites - OnMSFT.com
Protecting against FraudGPT, ChatGPT's evil twin - Help Net Security
The top AI cyber crime threats and solutions | Inquirer Technology
Kaspersky Issues Crimeware Report, Uncovers “WormGPT” | MSSP Alert
The big debate: is AI a blessing or curse for cyber security? - Raconteur
Global internet freedoms fell again last year as the threat of AI looms (therecord.media)
LLMs lower the barrier for entry into cyber crime - Help Net Security
Will generative AI really supercharge phishing attacks? - Tech Monitor
Are we doomed to make the same security mistakes with AI? (securityintelligence.com)
AI facial recognition: Campaigners and MPs call for ban - BBC News
Malware
Hackers are spreading malware through Indeed job messages | Digital Trends
Cyber criminals Using New ASMCrypt Malware Loader Flying Under the Radar (thehackernews.com)
There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar
North Korea's Lazarus Group upgrades its main malware • The Register
Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE
Hundreds of malicious Python packages found stealing sensitive data (bleepingcomputer.com)
Mobile
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Android's October 2023 Security Updates Patch Two Exploited Vulnerabilities - Security Week
Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security
Are executives adequately guarding their gadgets? - Help Net Security
Botnets
Denial of Service/DoS/DDOS
Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)
Cloudflare DDoS protections ironically bypassed using Cloudflare (bleepingcomputer.com)
Royal Family's official website targeted in cyber attack | UK News | Sky News
Global events fuel DDoS attack campaigns - Help Net Security
BYOD
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Are executives adequately guarding their gadgets? - Help Net Security
Internet of Things – IoT
Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security
Eyes everywhere: How to safely navigate the IoT video revolution - Help Net Security
FDA cyber mandates for medical devices goes into effect | CyberScoop
Data Breaches/Leaks
European Telecommunications Standards Institute Discloses Data Breach - Security Week
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
SiegedSec Hacktivists Claim to Have Stolen 3,000 NATO Files in Second Attack | MSSP Alert
Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)
Sony confirms data breach impacting thousands in the US (bleepingcomputer.com)
DNA testing service 23andMe investigating theft of user data | CyberScoop
Organised Crime & Criminal Actors
Odds Are 1 in 4 Americans Will Fall Victim to Online Crime (prnewswire.com)
People Still Matter in Cyber security Management (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)
There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar
The crypto market bears the scars of FTX's collapse | Reuters
Insider Risk and Insider Threats
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
Tech-savvy young workers might be the biggest cyber liability to your business | TechRadar
Younger employees more likely to have unsafe cyber security habits (betanews.com)
Addressing the People Problem in Cyber security - Security Week
Fraud, Scams & Financial Crime
Online fraud can cost you more than money - Help Net Security
The crypto market bears the scars of FTX's collapse | Reuters
How to deal with your brand's doppelgangers | Kaspersky official blog
Visa Program Combats Friendly Fraud Losses For Small Businesses Globally (darkreading.com)
Impersonation Attacks
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)
AML/CFT/Sanctions
Insurance
Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance
Insurance Companies Have a Lot to Lose in Cyber attacks (darkreading.com)
Supply Chain and Third Parties
Software Supply Chain
Software firms under cyber attack | Microscope (computerweekly.com)
Upstream Supply Chain Attacks Triple in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)
Cloud/SaaS
Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)
AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing (bleepingcomputer.com)
Hybrid/Remote Working
Encryption
API
The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
AI facial recognition: Campaigners and MPs call for ban - BBC News
The rise and fall of Clearview.AI and the evolution of facial recognition - SiliconANGLE
Social Media
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger
Malvertising
Training, Education and Awareness
Addressing the People Problem in Cyber security - Security Week
How to Improve Cyber security Awareness and Training (trendmicro.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Cyber experts urge EU to rethink vulnerability disclosure plans | Computer Weekly
Companies are already feeling the pressure from upcoming US SEC cyber rules | CSO Online
Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)
Models, Frameworks and Standards
Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)
What is Compliance as a Service (CaaS)? - Definition from WhatIs.com (techtarget.com)
Careers, Working in Cyber and Information Security
UK government plans 2,500 new tech recruits by 2025 with focus on cyber security | CSO Online
Up to 500,000 staff required to field off growing cyber security threat to Europe | Business Post
Blue teams on the edge: cyber pros seem to hate their jobs | Cybernews
Soft skills continue to challenge the cyber security sector - Help Net Security
Law Enforcement Action and Take Downs
Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE
UK student found guilty of 3D printing 'kamikaze' drone • The Register
Privacy, Surveillance and Mass Monitoring
Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro
AI facial recognition: Campaigners and MPs call for ban - BBC News
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Misc Nation State, Cyber Warfare and Cyber Espionage
Espionage fuels global cyber attacks - Microsoft On the Issues
Microsoft: Nation-state cyber espionage on rise in 2023 | Computer Weekly
The sixth domain: The role of the private sector in warfare - Atlantic Council
How this unassuming cable became the world’s most powerful weapon (telegraph.co.uk)
Russia
Russian Cyber Attacks in 2023: Shifting Patterns, Goals, and Capacities
Russian Hacktivism Takes a Toll on Organisations in Ukraine, EU, US (darkreading.com)
Russia-Ukraine war: Cyber space is the latest frontline | Semafor
Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)
Ukrainian Man Calls Russian Tech Support to Help With Captured Tank: Report (businessinsider.com)
China
Iran
North Korea
North Korea's Lazarus Group upgrades its main malware • The Register
Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
North Korea goes phishing in South’s shipyards • The Register
Vulnerability Management
Vulnerabilities
CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs | CISA
Exploit released for Microsoft SharePoint Server auth bypass flaw (bleepingcomputer.com)
Microsoft Edge, Teams get fixes for zero-days in open-source libraries (bleepingcomputer.com)
A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day | Ars Technica
Apple fixed the 17th zero-day flaw exploited in attacks (securityaffairs.com)
Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day - Security Week
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software (darkreading.com)
Mass exploitation attempts against WS_FTP have begun • The Register
Millions of Exim mail servers exposed to zero-day RCE attacks (bleepingcomputer.com)
Critical zero-days in Exim revealed, only 3 have been fixed - Help Net Security
Patch Confusion for Critical Exim Bug Puts Email Servers at Risk--Again (darkreading.com)
Microsoft won’t say if its products were exploited by spyware zero-days | TechCrunch
Companies Address Impact of Exploited Libwebp Vulnerability - Security Week
Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) - Help Net Security
Arm warns of Mali GPU flaws likely exploited in targeted attacks (bleepingcomputer.com)
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers (bleepingcomputer.com)
Atlassian patches critical Confluence zero-day exploited in attacks (bleepingcomputer.com)
Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits | Ars Technica
Tools and Controls
Does your security program suffer from piecemeal detection and response? (securityintelligence.com)
The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)
5 common browser attacks and how to prevent them | TechTarget
Rationalizing Your Hybrid Cloud Security Tools (securityintelligence.com)
Protecting your IT infrastructure with Security Configuration Assessment (SCA) (thehackernews.com)
The big debate: is AI a blessing or curse for cyber security? - Raconteur
Is your threat protection giving you a false sense of cyber security? | The Independent
Quash EDR/XDR Exploits With These Countermeasures (darkreading.com)
How to Improve Cyber security Awareness and Training (trendmicro.com)
Reports Published in the Last Week
Other News
Cyber attacks on UK pension funds on the rise – study | Pensions & Investments (pionline.com)
The trust deficit in CNI: How to address a growing concern | Computer Weekly
10 Emerging Cyber security Threats And Hacker Tactics In 2023 | CRN
Lyca Mobile UK Confirm Cyber Attack Responsible for Disruption - ISPreview UK
Global internet freedoms fell again last year as the threat of AI looms (therecord.media)
How Private Equity Firms Can Protect ‘Treasure Trove’ from Digital Threats (ai-cio.com)
10 Routine Security Gaffes the Feds Are Begging You to Fix (darkreading.com)
NSA: Here Are the Dumbest Cyber security Mistakes We See at Large Organisations (pcmag.com)
Edinburgh Trams websites targeted by 'potential cyber attack' - Edinburgh Live
Making Sense of Today's Payment Cyber security Landscape (darkreading.com)
GAO tears into State Department's cyber security management • The Register
First pan-European cyber analysis centre opens (airportsinternational.com)
Mobile customers unable to make or receive calls after firm hit by cyber attack - Mirror Online
Malicious HDMI Cables Steals Photos, Videos, and Location Data (gbhackers.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 September 2023
Black Arrow Cyber Threat Intelligence Briefing 29 September 2023:
-Ransomware Groups Are Shifting Their Focus Away From Larger Targets
-Cover-ups Still the Norm as Half of Cyber Attacks go Unreported
-Reported Cyber Security Breaches Increase Threefold for Financial Services Firms
-Attacks on SME’s Surged in The First Half of 2023
-The CISO Carousel and Its Effect on Enterprise Cyber Security
-Bermuda Struggles to Recover from Ransomware Attack
-Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern
-Business Leaders More Anxious About Ransomware Than Recession as Tally from One Attack Alone Surpasses 2,000 Victim Organisations
-Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign
-Cyber Leaders Worry That AI Will Overwhelm Cyber Defences
-Boards Still Lack Cyber Security Expertise
-4 Legal Surprises You May Encounter After a Cyber Security Incident
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Groups Are Shifting Their Focus Away from Larger Targets
Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.
Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.
Sources: [Techcentral] [Helpnet Security]
Cover-ups Still the Norm as Half of Cyber Attacks go Unreported
A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.
The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.
Sources: [Computer Weekly] [InfoSecurity Magazine]
Reported Cyber Security Breaches Increase Threefold for Financial Services Firms
New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.
Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.
Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]
Attacks on SME’s Surged in The First Half of 2023
According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.
An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices. Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.
Sources: [Inquirer] [HelpNet Security] [Insurance Times]
The CISO Carousel and Its Effect on Enterprise Cyber Security
The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.
In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.
Source: [Security Week]
Bermuda Struggles to Recover from Ransomware Attack
The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.
The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.
Sources: [Duo] [GovInfo Security] [Bleeping Computer]
Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern
A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.
Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.
Source: [Reinsurance News]
Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations
According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.
Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]
Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign
Booking.com users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.
With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.
Sources: [BleepingComputer] [Inforsecurity Magazine]
Cyber Leaders Worry That AI Will Overwhelm Cyber Defences
A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.
AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.
Source: [Management Issues]
Boards Still Lack Cyber Security Expertise
A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]
4 Legal Surprises You May Encounter After a Cyber Security Incident
In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.
Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Dark Reading]
Governance, Risk and Compliance
The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week
Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)
Businesses Unprepared for Cyber Attacks Despite Steady Concern (insurancejournal.com)
Cyber criminals are targeting the financial sector more than ever | TechRadar
The hidden costs of neglecting cyber security for small businesses - Help Net Security
Majority of UK SME c-suites lacking awareness of cyber risks | Insurance Times
Business leaders most anxious about ransomware attacks (techinformed.com)
Cyber security incident response: Your company's ICU (channelweb.co.uk)
Cover-ups still the norm in the wake of a cyber incident | Computer Weekly
Many firms aren't reporting breaches to the proper authorities | TechRadar
Half of Cyber-Attacks Go Unreported - Infosecurity Magazine (infosecurity-magazine.com)
CISOs are struggling to get cyber security budgets: Report | CSO Online
CISOs are spending more on cyber security - but it might not be enough | TechRadar
Cyber threats remain top concern for businesses in 2023: Travelers Risk Index - Reinsurance News
Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security
The Hot Seat: CISO Accountability in a New Era of SEC Regulation (darkreading.com)
Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)
4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)
Moving From Qualitative to Quantitative Cyber Risk Modeling - Security Week
Financial crime compliance costs exceed $206 billion - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware soars as enterprises struggle to respond - Verdict
Ransomware groups are shifting their focus away from larger targets - Help Net Security
Business leaders most anxious about ransomware attacks (techinformed.com)
Why is Ransomware Such a Prevalent Threat and Popular Tool for Attackers? | MSSP Alert
ShadowSyndicate: A New Cyber Crime Group Linked to 7 Ransomware Families (thehackernews.com)
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt
FBI: Dual ransomware attack victims now get hit within 48 hours (bleepingcomputer.com)
Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security
MOVEit cyber attack is pause for concern | Ary Rosenbaum - The Rosenbaum Law Firm P.C. - JDSupra
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)
Youth hacking ring at the center of cyber crime spree | CyberScoop
Current ransomware defencs efforts are not working - Help Net Security
VMware users anxious about costs and ransomware threats - Help Net Security
MSP shares details of Kaseya VSA ransomware attack, recovery | TechTarget
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)
Trend Micro Report Reveals Increase of LockBit Ransomware Attacks in US (thedefensepost.com)
Hospital Ransomware Attacks Go Beyond Health Care Data (securityintelligence.com)
Patient Care at Risk as Hospitals Increasingly on Frontlines of Ransomware Attacks | The Epoch Times
Ransomware Victims
Bermuda Struggles to Recover From Cyber Attack (govinfosecurity.com)
Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)
MGM, Caesars Cyber Attack Responses Required Brutal Choices (darkreading.com)
Ransomware Group Claims to Have Breached 'All of Sony Systems' (vgchartz.com)
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week
Youth hacking ring at the center of cyber crime spree | CyberScoop
MGM Resorts and Caesars face class action lawsuits over September cyber attacks By Investing.com
UK logistics firm blames ransomware attack for insolvency, 730 redundancies (therecord.media)
Ransomware group demands $51 million from Johnson Controls after cyber attack (bitdefender.com)
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
Leekes cyber attack? NoEscape ransomware gang claims breach (techmonitor.ai)
Phishing & Email Based Attacks
This devious phishing scam makes it look like dodgy emails are actually safe | TechRadar
New AtlasCross hackers use American Red Cross as phishing lure (bleepingcomputer.com)
BEC – Business Email Compromise
Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)
BEC Attacks Increase By 279% in Healthcare - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)
Google is working to keep Bard chats out of Search • The Register
New working group to probe AI risks and applications | CyberScoop
A Primer On Artificial Intelligence And Cyber Security (forbes.com)
How should organisations navigate the risks and opportunities of AI? - Help Net Security
Malware
Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)
'Culturestreak' Malware Lurks Inside GitLab Python Package (darkreading.com)
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (thehackernews.com)
New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)
A powerful new malware backdoor is targeting governments across the world | TechRadar
Researchers uncover thriving market for malware targeting IoT devices - The Hindu
Mobile
China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)
iOS 17 update secretly changed your privacy settings; here's how to set them back (bitdefender.com)
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks - Security Week
Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)
Botnets
Bot Swarm: Attacks From Middle East & Africa Are Notably Up (darkreading.com)
New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)
Asian banks are a favorite target of cyber cooks, and malicious bots their preferred tool | ZDNET
Denial of Service/DoS/DDOS
Internet of Things – IoT
If You Have An Amazon Alexa Device, You Need To Check This Security Update List (slashgear.com)
Researchers uncover thriving market for malware targeting IoT devices - The Hindu
Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog
Data Breaches/Leaks
UK pension schemes reveal 4,000% rise in cyber security breaches - Pensions Age Magazine
Reported cyber security breaches increase threefold for financial services firms (cityam.com)
British charities warn supporters their personal data has been breached • Graham Cluley
Air Canada discloses data breach of employee and 'certain records' (bleepingcomputer.com)
National Student Clearinghouse data breach impacts 890 schools (bleepingcomputer.com)
BORN Ontario child registry data breach affects 3.4 million people (bleepingcomputer.com)
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week
Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)
Hospital alert as 24,000 letters meant for GPs lost in computer error - Mirror Online
Organised Crime & Criminal Actors
'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times
Asian banks are a favourite target of cyber cooks, and malicious bots their preferred tool | ZDNET
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)
Yet another hack hits NFT marketplace OpenSea - SiliconANGLE
Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)
Bitcoin scammer who was snared by victims sentenced - BBC News
Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)
Insider Risk and Insider Threats
75% who didn't report cyber attack to leadership, felt guilty about it | Security Magazine
Preventing employees from becoming the gateway for cyber attacks | TechRadar
Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security
Fraud, Scams & Financial Crime
Hotel hackers redirect guests to fake Booking.com to steal cards (bleepingcomputer.com)
Beware: fraud and smishing scams targeting students | Bournemouth University
Yet another hack hits NFT marketplace OpenSea - SiliconANGLE
Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)
Fraud prevention forces scammers to up their game - Help Net Security
Why young people are more prone to online scams than boomers are (news5cleveland.com)
Bitcoin scammer who was snared by victims sentenced - BBC News
Security researcher warns of chilling effect after feds search phone at airport | TechCrunch
AML/CFT/Sanctions
Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)
Financial crime compliance costs exceed $206 billion - Help Net Security
Insurance
Dark Web
Supply Chain and Third Parties
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
How the Okta Cross-Tenant Impersonation Attacks Succeeded (darkreading.com)
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
3 phases of the third-party risk management lifecycle | TechTarget
Cloud/SaaS
Containers
Encryption
The UK just passed an online safety law that could make people less safe (theconversation.com)
Regulators Are 'Hurting Their Own Country' in Seeking Encryption Backdoors: Nym CEO - Decrypt
Open Source
Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why Shouldn’t You Use the Same Password Everywhere Online (makeuseof.com)
Are You Willing to Pay the High Cost of Compromised Credentials? (thehackernews.com)
Biometrics
Social Media
Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)
X scraps tool to report electoral fake news - researchers - BBC News
Malvertising
Training, Education and Awareness
Travel
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt
The UK just passed an online safety law that could make people less safe (theconversation.com)
Are we about to lose the last pillar of our digital security? | Euronews
New working group to probe AI risks and applications | CyberScoop
Why California's Delete Act matters for the whole country - Help Net Security
Financial crime compliance costs exceed $206 billion - Help Net Security
Models, Frameworks and Standards
Why It’s Wrong To Judge SIEM Success Only Against The ATT&CK Framework (forbes.com)
Urgent actions for protecting utilities against cyber-attack: Navigating NIS 2 - Utility Week
Careers, Working in Cyber and Information Security
The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week
Demand for cyber security staff trebled since 2019 | Business Post
Cyber security and staffing issues key risks for companies | Accountancy Daily
Cyber security skills employers are desperate to find in 2023 - Help Net Security
Preventing security professionals from ‘quietly quitting’ due to alert fatigue (securitybrief.co.nz)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russia’s APT29 intensifies espionage operations | SC Media (scmagazine.com)
Russian hacking operations target Ukrainian law enforcement | CyberScoop
Government of Bermuda blames Russian threat actors for the cyber attack (securityaffairs.com)
Bermuda probes major cyber attack as officials slowly bring operations back online (thestar.com)
Ukraine war: Cyber Attack in Crimea after Black Sea fleet HQ hit | News UK Video News | Sky News
Examining the Activities of the Turla APT Group (trendmicro.com)
Scottish Tory MSP has website hacked by 'hostile Russian group' | The National
Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)
Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)
Cyber Attack on Russian Air Booking System Sparks Flight Delays - The Moscow Times
China
Taiwan is bracing for Chinese cyber attacks, White House official says - POLITICO
China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)
Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - Security Week
China’s national security minister lists top digital threats • The Register
Misc Nation State/Cyber Warfare
Vulnerability Management
Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine (infosecurity-magazine.com)
Vulnerabilities
Google assigns new maximum rated CVE to libwebp bug exploited in attacks (bleepingcomputer.com)
Cisco Warns of IOS Software Zero-Day Exploitation Attempts - Security Week
Researchers Release Details of New RCE Exploit Chain for SharePoint (darkreading.com)
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server (thehackernews.com)
GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica
Firefox 118 Patches High-Severity Vulnerabilities - Security Week
Hackers actively exploiting Openfire flaw to encrypt servers (bleepingcomputer.com)
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
Tools and Controls
Cyber security incident response: Your company's ICU (channelweb.co.uk)
CISOs are spending more on cyber security - but it might not be enough | TechRadar
4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)
The 5 most dangerous Wi-Fi attacks, and how to fight them | PCWorld
What Is a Network Security Assessment and Why You Need It | MSSP Alert
Why You Should Phish In Your Own Pond (informationsecuritybuzz.com)
The pitfalls of neglecting security ownership at the design stage - Help Net Security
A Primer On Artificial Intelligence And Cyber Security (forbes.com)
Preventing employees from becoming the gateway for cyber attacks | TechRadar
Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)
Looking Beyond the Hype Cycle of AI/ML in Cyber Security (darkreading.com)
Moving From Qualitative to Quantitative Cyber Risk Modelling - SecurityWeek
Cyber security budgets show moderate growth - Help Net Security
Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra
Other News
Cyber criminals are targeting the financial sector more than ever | TechRadar
The hidden costs of neglecting cyber security for small businesses - Help Net Security
SMBs face growing cyber security threats, but basic measures can lower risks | ZDNET
Why aviation needs to prioritise cyber security – Airport World (airport-world.com)
Are Fire Departments Prepared for a Cyber Attack? | HackerNoon
Fintechs must brace for rising cyber security challenges | Mint (livemint.com)
Space Force chief says commercial satellites may need defending | Ars Technica
UK Cyber Security Council CEO reflects on a year of progress | CSO Online
Google Loophole Lets Drug Dealers Hijack Nearly Any Website to Sell Narcotics (businessinsider.com)
Cyber Hygiene: A First Line of Against Evolving Cyber Attacks (darkreading.com)
Cyber Attacks hit military, Parliament websites as India hacker group targets Canada (cheknews.ca)
KnowBe4 Finds US. Healthcare a Top Target For Cyber Attacks (prnewswire.com)
US Government Shutdown Could Bench 80% of CISA Staff - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.