Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Social Engineering is the Biggest Cyber Threat, as Study Finds Most Workers Have Clicked on a Suspicious Email Link

According to a recent report, half of office workers have clicked on a link or attachment within a suspicious email sent to their work address within the last 12 months, and of those that interacted with the email, half of them claimed to be confident in their ability to identify phishing emails.

With 68% of breaches involving the human element, your organisation must be cognisant of its employees. Hackers know that no matter what your tech stack is, you will always have employees and where there is an employee, there is a way into your organisation. It is far cheaper to exploit an employee who already has the access you require, than to develop a new exploit. It only takes one human to make a mistake by granting access to an attacker.  

When it came to training, only 41% of respondents said their employer had provided formal cyber security awareness training and 79% said their previous training is not sufficient to keep pace with modern cyber threats.

Source: [HackerNoon] [BusinessPlus]

Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor

A recent report commissioned by BT reveals that 86% of UK business leaders suffer from 'tech-related stress,' particularly concerning AI and cyber security, a phenomenon they have termed as 'Bytmares.' The report found that 59% of business leaders worry about the rapid and relentless pace of tech advancement, and whether appropriate controls are in place to protect it.

According to a different survey, 74% of business leaders view cyber security incidents as the main disruptive threat to their organisations either currently or over the next twelve months. This was followed by cloud computing, internet of things and artificial intelligence.

These findings highlight the critical importance of robust cyber security measures in today’s interconnected world. As organisations increasingly rely on digital infrastructure, safeguarding sensitive data and systems becomes paramount. Cyber threats can disrupt operations, compromise customer trust, and result in financial losses. Remember, cyber security is not just an IT concern; it is a strategic imperative for every organisation.

Sources: [Beta News] [Telecoms] [Verdict]

ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before

A recent update from the UK’s Information Commissioner’s Office (ICO) has revealed that ransomware attacks in the UK have surpassed all previous years, up 52% from the previous year. The report found that finance, retail and education sectors are suffering the most incidents.

The leading causes of breaches include phishing, brute force attacks, errors and supply chain attacks. The ICO noted that many organisations still neglect basic cyber security measures and has called for enhanced efforts to combat the escalating threat, emphasising the importance of foundational controls.

Sources: [Tech Monitor] [Government Business] [The Record Media] [Tech Monitor]

Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks

The latest Verizon Business Data Breach Investigations Report (DBIR) highlights that employee error is the leading cause of cyber security incidents in the EMEA region, accounting for 49% of cases. The top reasons for these incidents are “miscellaneous errors, system intrusion, and social engineering,” making up 87% of all breaches. Hackers primarily target personal information (64%), internal data (33%), and login credentials (20%). Despite zero-day vulnerabilities being a significant threat, with exploitation rising to 14% of breaches, the report emphasises the critical need for ongoing employee training and awareness to mitigate these risks.

Source: [TechRadar]

Why Cyber Insurance isn’t a Substitute for Cyber Risk Management

While cyber insurance can be beneficial in mitigating financial loss from cyber attacks, it is not a substitute for comprehensive cyber risk management. Many firms with cyber insurance have still fallen victim to attacks, highlighting that cyber insurance primarily transfers residual risk. Effective cyber risk management includes conducting proper risk assessments and implementing robust cyber security controls. Cyber insurance cannot resolve issues like business disruption, breach of client confidentiality, and compliance with legal obligations; this stresses the need for proactive measures and independent assurance to protect against cyber threats.

Source: [ Law Society of Scotland]

China Presents Defining Challenge to Global Cyber Security, Says GCHQ

A recent speech by the new director of the UK’s GCHQ highlighted China's growing cyber threat, describing it as an "epoch-defining challenge." She warned that China's destabilising actions undermine global internet security. The current head of the UKs’ NCSC echoed these concerns, pointing to the Chinese state-sponsored hacking group Volt Typhoon which has infiltrated critical sectors like energy and transportation. The National Cyber Director at the White House added that China’s cyber capabilities pose a significant threat to global infrastructure, particularly in crisis scenarios, as Chinese hackers increasingly use sophisticated techniques to pre-position within networks.

Source: [Infosecurity Magazine]

Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign

Since April, millions of phishing emails have been sent through a botnet known as “Phorpiex” to conduct a large-scale LockBit Black ransomware campaign. In a warning from New Jersey’s Cybersecurity and Communications Integration Cell, it was explained that the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The emails are sent from 1,500 unique IP addresses worldwide.

Sources: [Bleeping Computer]

Global Financial Stability at Risk Due to Cyber Threats, IMF warns

A new International Monetary Fund (IMF) report highlights the severe threat cyber attacks pose to global financial stability, revealing that nearly 20% of reported cyber incidents in the past two decades targeted the financial sector, causing $12 billion in direct losses. Since 2020, these attacks have led to an estimated $2.5 billion in direct losses. The report underscores that cyber incidents threaten financial institutions' operational resilience, potentially leading to funding challenges and reputational damage. The IMF calls for bolstered cyber security measures, including stress testing, information-sharing arrangements, and enhanced national cyber security strategies to mitigate these growing risks.

Source: [World Economic Forum]

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

An ongoing social engineering campaign that is bombarding enterprises with spam calls and emails has been uncovered. The campaign involves a threat actor overwhelming a user’s email with junk, followed by a call offering to assist in removing the junk. From here, the threat actor aims to convince the victim to download remote monitoring and management software such as AnyDesk or Microsoft’s built in Quick Assist feature to allow the attacker remote access to the victim’s machine.

Source: [The Hacker News]

Santander Data Breach via Third-Party Provider Impacted Customers and Employees

A recent disclosure by the Spanish bank Santander revealed a data breach at a third-party provider affecting customers in Chile, Spain, and Uruguay. Unauthorised access to a database hosted by the provider compromised information on all current and some former employees, but did not include transactional data, online banking details, or passwords. Santander said they swiftly implemented measures to contain the incident, blocking access to the compromised database and enhancing fraud prevention controls. The bank assured that its operations and systems remain unaffected, allowing customers to continue transacting securely. The number of impacted individuals remains unspecified.

There is a continued trend in third party providers being used as the soft underbelly to attack larger and better defended organisations, requiring all organisations to consider the security controls of their third parties.

Source: [securityaffairs.com]

40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs

Recent research has revealed that 40% of cyber teams have not reported a cyber attack due to the fear of losing their job. Unfortunately, this leaves businesses at risk of being non-compliant, without even knowing so. When it came to challenges faced by organisations, it was found that nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyber attacks and 32% did not have the resources to hire new staff. This is not to say however, they are unable to outsource some of their cyber function to cyber specialists. This lack of allocated resources prevents the organisation from being confident that any incidents have been appropriately remediated.

Source: [Business Wire]

Digital Resilience – a Step Up from Cyber Security

In an increasingly digital world, many organisations are unaware of how truly reliant they are on digital technology, and the accompanying risks. As we move toward an even more digitally dependent future, the need for digital resilience is more critical than ever. Digital resilience refers to the ability to maintain, change, or recover technology-dependent operations. Organisations should begin with an internal audit to assess their digital resilience, involving all departments and ensuring senior management oversight, as board involvement is essential for effective cyber security programmes.

Digital resilience goes beyond cyber security to encompass change management, business resilience, and operational risk. Implementing digital resilience strategies requires continuous adaptation, cross-functional collaboration, and embedding resilience thinking throughout the organisation. Businesses must integrate digital resilience into their strategic planning to ensure ongoing competitiveness and adaptability in an ever-evolving digital landscape.

Sources: [CSO Online] [CSO Online]

UK Lags Europe on Exploited Vulnerability Remediation

A new report by Bitsight reveals that UK organisations lag behind their European counterparts in remediating software flaws listed in the US ‘Known Exploited Vulnerability’ (KEV) catalogue. UK organisations take an average of 225 days to address KEVs, compared to 220 days for European entities and just 21 days for German organisations. Non-KEV vulnerabilities are patched at an even slower rate, with UK entities taking over two years (736 days) to patch. Globally, the average time to resolve KEVs is around six months (180 days). Despite fewer KEVs detected in UK environments (30% versus 43% in Europe), the slow remediation poses significant risks, emphasising the need for faster and more proactive cyber security measures, specifically robust vulnerability scanning and patching.

Source: [Infosecurity Magazine]

Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments

A recent discussion at the British Insurance Brokers' Association (BIBA) conference highlighted the increasing importance of cyber security for businesses, driven by the surge in cyber attacks and the use of AI by criminal gangs. Zurich Resilience Solutions UK noted that businesses face greater scrutiny from underwriters over their cyber exposures.

BIBA, together with the Association of British Insurers (ABI), and the International Underwriting Association (IUA), have united with the UK’s National Cyber Security Centre (NCSC) in a joint effort to tackle ransom payments. As a result of their collaboration, they have published new best practice guidance, which aims to reduce the number of payments being made by UK victims as well as the disruption businesses face.

Source: [Emerging Risks] [NCSC] [Infosecurity Magazine]

Governance, Risk and Compliance

• ICO calls on all organisations to boost their cyber security amid growing threat of cyber attacks | Practical Law (thomsonreuters.com)

• Firms neglecting cyber security basics - ICO - CIR Magazine

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Business leaders consider cyber security main disruptor – Q1 2024 survey - Verdict

• 40% of Cyber Teams Have Not Reported Cyber Attacks Over Fear of Losing Jobs, According to New VikingCloud Research | Business Wire

• The Growing Cyber Security Disconnect Leaves Enterprises Exposed (forbes.com)

• Cyber Security Is a Top Investor Concern | HackerNoon

• Cyber threats demand more focus – Zurich (emergingrisks.co.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Keep it secret, keep it safe: the essential role of cyber security in document management | CSO Online

• Cyber anxiety on the rise in the UK (betanews.com)

• UK business leaders are stressing out over pace of technological change (telecoms.com)

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• 44% of Cyber Security Professionals Struggle with Regulatory Compliance - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attacks threaten global financial stability, IMF warns | World Economic Forum (weforum.org)

• BISO: Enhancing cyber security in modern enterprises - SiliconANGLE

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• What Is Cyber Risk Quantification? | HackerNoon

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• A Third of CISOs Have Been Dismissed “Out of Hand” By the Board - Infosecurity Magazine (infosecurity-magazine.com)

• Maximizing cyber security ROI: A strategic approach | TechRadar

• Many CISOs don't feel they get the right respect from their board | TechRadar

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Lloyd’s updates cyber war wordings - Reinsurance News

• Are you meeting your cyber insurance requirements? - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• UK hit by more ransomware and cyber attacks last year than ever before (therecord.media)

• The ups and downs (and ups again) of the ransomware risk - Digital Journal

• Hackers Target Children of Corporate Executives in Ransomware Attacks (businessinsider.com)

• CISA: Black Basta ransomware breached over 500 orgs worldwide (bleepingcomputer.com)

• Cyber attacks leave significant financial impact on hacked organisations (kwch.com)

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• The UK may not have a choice on a ransomware payment ban | Computer Weekly

• 64% Jump in Ransomware Claims on Remote Access Tools, Report Shows (claimsjournal.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Organisations struggle to defend against ransomware - Help Net Security

• Ransomware statistics that reveal alarming rate of cyber extortion - Help Net Security

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Ransomware negotiator weighs in on the payment debate • The Register

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

• INC ransomware source code selling on hacking forums for $300,000 (bleepingcomputer.com)

• What is ransomware recovery? | Definition from TechTarget

• Ransomware Defence Strategies: Never Trust a Criminal (inforisktoday.com)

Ransomware Victims

• More than 470 legal actions against HSE over cyber attack (rte.ie)

• It's been a bad week for public cyber security | TechRadar

• Christie's Just Postponed the Rare Watches Auction Due to Cyber Attack (robbreport.com)

• Singing River Health System: Data of 895,000 stolen in ransomware attack (bleepingcomputer.com)

• Repeat Offenders: Black Basta’s Latest Healthcare Cyber Attack (informationweek.com)

• E-prescription provider MediSecure impacted by a ransomware attack (securityaffairs.com)

Phishing & Email Based Attacks

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Most Workers Have Clicked on a Suspicious Email Link (businessplus.ie)

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• Stay In The Loop On Emerging And Evolving Email Threat Trends (informationsecuritybuzz.com)

• Collaboration tools are now at the frontline in the battle against phishing (securitybrief.co.nz)

• 5 Common Phishing Vectors and Examples - 2024 (cybersecuritynews.com)

BEC

• Visualizing Global Losses from Financial Scams (visualcapitalist.com)

Other Social Engineering

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Low-tech tactics still top the IT security risk chart | CSO Online

• Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls (thehackernews.com)

• What is vishing and quishing, and how do you protect yourself? | PCWorld

• Beware of fake calls, ward off cyber criminals: Govt - The Statesman

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

Artificial Intelligence

• UK Government Unveils New AI Cyber Security Measures as ICO Details Importance of Data Protection | The Fintech Times

• UK agency releases tools to test AI model safety | TechCrunch

• Security industry struggles to consolidate against AI threats - SiliconANGLE

• Cyber Security Races to Unmask New Wave of AI Deepfakes (darkreading.com)

• Only one-third of firms deploy safeguards against generative AI threats, report finds | CIO Dive

• CISOs Reconsider Their Roles in Response to GenAI Integration - Security Boulevard

• AI's rapid growth puts pressure on CISOs to adapt to new security risks - Help Net Security

• Insider Risk in the Generative AI Era - InfoRiskToday

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Concern over AI cyber threats among UK infrastructure organisations | Security News (sourcesecurity.com)

• The Cyber Security Survival Guide For Generative AI (forbes.com)

2FA/MFA

• How to Prevent Attacks that Bypass MFA - InfoRiskToday

Malware

• Malware was almost 50% of threat detections in Q1 2024 | Security Magazine

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Man destroys his laptop after downloading 1,000 viruses to see which anti-virus software works the best (unilad.com)

Mobile

• Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials (thehackernews.com)

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com)

• Apple warns of increased iPhone security risks – Computerworld

• Apple and Google agree on standard to alert people when unknown Bluetooth devices may be tracking them | TechCrunch

• Protect against iPhone trojan GoldPickaxe: How-to - 9to5Mac

• Unwanted Tracking Alerts Rolling Out to iOS, Android - Security Week

• Apple blocked $7 billion in fraudulent App Store purchases in 4 years (bleepingcomputer.com)

• Android boosting security with Theft Detection Lock, factory reset protection  (9to5google.com)

• Data Privacy: All the Ways Your Cellphone Carrier Tracks You and How to Stop It

• Your Android phone could have stalkerware — here’s how to remove it | TechCrunch

Internet of Things – IoT

• Attack makes autonomous vehicle tech ignore road signs • The Register

• Millions of IoT Devices at Risk From Integrated Modem (darkreading.com)

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• IoT Vulnerabilities and BotNet Infections: A Risk for Executives - Security Boulevard

Data Breaches/Leaks

• Over 5.3 billion data records exposed in April 2024 | Computer Weekly

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Notorious threat actor IntelBroker claims the hack of the Europol (securityaffairs.com)

• Hacker claims another breach into Dell systems | SC Media (scmagazine.com)

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• Hacker claims to have stolen Dell customer data, twice. Here's how to protect yourself | ZDNET

• Santander Data Breach Impacts Customers, Employees - Security Week

• Employee data breaches up 41% - Personnel Today

• The legal sector's data breach conundrum: insights from ICO's latest report - Solicitors Journal

• JPMorgan Chase Suffers Data Breach Affecting Personal Information of 451,809 Customers - The Daily Hodl

• JPMorgan Fixes Security Flaw, Affects 450K Retirement Plans | Entrepreneur

• Europol confirms incident after data break-in claims • The Register

• Largest non-bank lender in Australia warns of a data breach (bleepingcomputer.com)

• Guernsey data breaches: More than 1,000 people affected - BBC News

• Up to 120,000 affected by data breach at City of Helsinki (helsinkitimes.fi)

• Billion-Dollar Bank Sued After Revealing Massive Data Breach Affecting Thousands of Customers, Exposing Account Details, Social Security Numbers and Medical Information: Report - The Daily Hodl

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

• Camden Council cyber attack warning after NRS Healthcare cyber attack | Ham & High (hamhigh.co.uk)

• Lessons learned from high-profile data breaches | TechTarget

• Zscaler Confirms Only Isolated Test Server Was Hacked - Security Week

• Nissan North America data breach impacts over 53,000 employees (bleepingcomputer.com)

Organised Crime & Criminal Actors

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• FBI working towards nabbing Scattered Spider hackers, official says | Reuters

• Low-tech tactics still top the IT security risk chart | CSO Online

• The Growing Cyber Threat Landscape: Insights into State-Sponsored and Criminal Cyber Activities | HackerNoon

• Top 5 Most Dangerous Cyber Threats in 2024 (darkreading.com)

• Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Insider Risk and Insider Threats

• Low-tech tactics still top the IT security risk chart | CSO Online

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Insider Risk in the Generative AI Era - InfoRiskToday

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• CISOs call to ditch the 'stigma of blame' in cyber security (computing.co.uk)

Insurance

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• NCSC guide to help businesses facing ransomware demands (biba.org.uk)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• Lloyd’s provides tighter guidance on cyber war wordings | Insurance Insider

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Are you meeting your cyber insurance requirements? - Help Net Security

Supply Chain and Third Parties

• Most Companies Affected by Software Supply Chain Attacks in the Last Year, Struggling to Detect and React Effectively - IT Security Guru

• Santander: a data breach at a third-party provider impacted customers and employees (securityaffairs.com)

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

Cloud/SaaS

• How to create a cloud security policy, step by step | TechTarget

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Secrecy Concerns Mount Over Spy Powers Targeting US Data Centres | WIRED

Encryption

• You want us to think of the children? Couldn't agree more • The Register

Linux and Open Source

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Establishing a security baseline for open source projects - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• The 10 most common 4-digit PIN numbers — are you at risk of a cyber attack? (nypost.com)

Social Media

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

Training, Education and Awareness

• The Future of Security Awareness - GovInfoSecurity

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

Regulations, Fines and Legislation

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

• Nigeria Halts Cyber Security Tax After Public Outrage (darkreading.com)

Models, Frameworks and Standards

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

Careers, Working in Cyber and Information Security

• The cyber security skills shortage: A CISO perspective | CSO Online

• Why cyber security staff burn out, and what to do about it (computing.co.uk)

Law Enforcement Action and Take Downs

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Lloyd’s updates cyber war wordings - Reinsurance News

• Civil society under increasing threats from ‘malicious’ state cyber actors, US (therecord.media)

Nation State Actors

China

• Cyber threat landscape permanently altered by Chinese operations, US officials say (therecord.media)

• GCHQ boss says China's 'genuine' cyber threat 'weakens security of internet for all' | Science & Tech News | Sky News

• Tracking the Progression of Earth Hundun's Cyber espionage Campaign in 2024 | Trend Micro (US)

• When Chinese Nationalist Hackers Go Rogue (globelynews.com)

• Can't blame all Chinese cyber attacks on the government - Asia Times

• How the West has struggled to keep up with China’s spy threat - BBC News

• Stifling Beijing in cyber space big focus for UK operatives • The Register

• China focuses on non-military ways to take Taiwan, reports warn - Washington Times

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• Chinese Crime Ring Uses Franchise Model to Grow Fake Online Shops (businessinsider.com)

• Three men charged with aiding Hong Kong intelligence service, says Met | UK news | The Guardian

Russia

• Russia is ramping up sabotage across Europe (economist.com)

• File Not Found: Russia Is Hacking Evidence of Its War Crimes - War on the Rocks

• NATO Draws a Cyber Red Line in Tensions With Russia - Security Week

• Pro-Russia hackers targeted Kosovo government websites (securityaffairs.com)

• Russian Actors Weaponize Legitimate Services in Multi-Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK 'increasingly concerned' about Russian intelligence links to hacktivists (therecord.media)

• To the Moon and back(doors): Lunar landing in diplomatic missions (welivesecurity.com)

• New backdoors on a European government's network appear to be Russian (therecord.media)

• 'Russian' hackers deface potentially hundreds of local British news sites (therecord.media)

• Investigation: How Russia's Warplanes Get Their 'Brain Power' From The West, Despite Sanctions

• The Three Seas Initiative: A Vanguard in Digitization and Cyber Security | Warsaw Institute

Iran

• Iran most likely to launch destructive cyber attack on US • The Register

North Korea

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

Vulnerability Management

• Not Just MOVEit: 2023 Was a Banner Year for Zero-Days (inforisktoday.com)

• (Cyber) Risk = Probability of Occurrence x Damage (thehackernews.com)

• Critical vulnerabilities take 4.5 months on average to remediate - Help Net Security

• The Fall of the National Vulnerability Database (darkreading.com)

• Backlogs at National Vulnerability Database prompt action from NIST and CISA | CSO Online

• UK Lags Europe on Exploited Vulnerability Remediation - Infosecurity Magazine (infosecurity-magazine.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped - Infosecurity Magazine (infosecurity-magazine.com)

• Heartbleed: When Is It Good to Name a Vulnerability? (darkreading.com)

Vulnerabilities

• Google Chrome emergency update fixes 6th zero-day exploited in 2024 (bleepingcomputer.com)

• Google patches third exploited Chrome zero-day in a week (bleepingcomputer.com)

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com) 

• Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days (thehackernews.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day (darkreading.com)

• New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (thehackernews.com)

• Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  - Security Week

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• CISA and FBI Issue Alert on Path Traversal Vulnerabilities - Security Boulevard

• VMware Patches Severe Security Flaws in Workstation and Fusion Products (thehackernews.com)

• Firefox 126: Telemetry, privacy feature, and security fixes - gHacks Tech News

• SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Security Week

• Adobe Patches Critical Flaws in Reader, Acrobat - Security Week

• Cisco Releases Security Updates for Multiple Products | CISA

• Microsoft shares temp fix for Outlook encrypted email reply issues (bleepingcomputer.com)

Tools and Controls

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• How To Implement Threat Modeling To Protect Your Business - Minutehack

• How to create a cloud security policy, step by step | TechTarget

• Hackers use DNS tunneling for network scanning, tracking victims (bleepingcomputer.com)

• AWS CISO: In AI gold rush, folks forget application security • The Register

• What Is Cyber Risk Quantification? | HackerNoon

• Best Practices for Preparing for a Cyber Breach | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Ridding your network of NTLM | CSO Online

• Maximizing cyber security ROI: A strategic approach | TechRadar

• What is ransomware recovery? | Definition from TechTarget

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• Addressing the Cyber Security Vendor Ecosystem Disconnect (darkreading.com)

• The Future of Security Awareness - GovInfoSecurity

• Microsoft Deploys Generative AI for US Spies | WIRED

• How to Think About Foundation Models for Cyber Security | Andreessen Horowitz (a16z.com)

Reports Published in the Last Week

• Learning from the mistakes of others – A retrospective review | ICO

• 2024 Browser Security Report (layerxsecurity.com)

• At-Bay's 2024 InsurSec Report [Download Now]

• Kaspersky’s Incident Response Analyst report 2023 (kasperskycontenthub.com)

Other News

• Microsoft president summoned to House over security blunders • The Register

• National Cyber Security Centre: Tech market not working - The Business Magazine

• Critical infrastructure security needs everyone's help • The Register

• Your Hospital Is Under Cyber Attack. Now What? (newsweek.com)

• BT, TalkTalk, Virgin Media and Vodafone on UK Router Security and Upgrades - ISPreview UK

• Hackers use DNS tunnelling for network scanning, tracking victims (bleepingcomputer.com)

• NCSC CTO: Broken market must be fixed to usher in new tech • The Register

• Public Sector IT is Broken: Turning the System Back On - IT Security Guru

• The Cyber Security Implications Of Gen Z’s Tech-Savvy Lifestyle (forbes.com)

• Fortify Your Digital Defences: Top Home Cyber Security Strategies for Personal Protection | HackerNoon

• Classes cancelled as 'sinister' school cyber attacks rise - BBC News

• Irony abounds as UK NCSC’s simple door codes revealed • The Register

• Candidates to get cyber security support amid general election interference fears (nation.cymru)

• NCSC launches Share and Defend capability | UKAuthority

• Too many ICS assets are exposed to the public internet - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.

Sources: [PR Newswire] [TechRadar]

Cyber Security Investments Show Mature Business Mindset

Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.

Source: [Insider Media] [Compare the Cloud]

SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.

SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).

Source: (IT Security Guru)

Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure

Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.

In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.

Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]

Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen

Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.

Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Euronews] [The Times] [AI-CIO]

Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack

In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.

The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.

Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]

20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head

An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.

A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.

Sources: [Computer Weekly] [Tech Monitor] [Guardian]

Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors

According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the  organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.

Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Sources: [Security Affairs] [Claims Journal]

39% of Individuals Use the Same Password for Multiple Accounts

According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.

Source: [Security Magazine]

Why Fourth-Party Risk Management Is a Must-Have

Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.

Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.

Source: [Tech Target]

AI Adoption Surges but Security Awareness Lags Behind

A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.

Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.

Source: [Infosecurity Magazine]

UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach

Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six  weeks after their parent company discover the hack.

Source: [Reuters]

Why Boards Must Understand and Govern Cyber Security Risk

The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Forbes]

Governance, Risk and Compliance

• Cyber Insecurity: Report Finds Majority of Enterprises Expect an Imminent Cyber Attack (prnewswire.com)

• Cyber Crime Costs Soar to $8 Trillion, Spotlighting the Critical Need for Cyber security Experts (globenewswire.com)

• Many cyber bosses just aren't confident in their company's defences | TechRadar

• SMBs seek help as cyber threats reach an all-time high - Help Net Security

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• The real impact of the cyber security poverty line on small organisations - Help Net Security

• Cyber security investments show mature business mindset, says IT expert | Insider Media

• Is Cyber security Finally Becoming a Business Enabler? - Compare the Cloud

• The best time to deal with cyber attacks is before they happen (thetimes.co.uk)

• ‘A matter of when not if’: Why is it crucial for businesses to protect themselves from cyber attacks? | Euronews

• Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)

• Over 70% of firms hit by cyber attack in last 12 months (rte.ie)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• Getting ready for NIS2 with strong identity controls | ITPro

• Lloyd’s systemic risk scenario reveals potential cyber attack losses of $3.5tn (insuranceinsider.com)

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• 10 Ways Boards Are Setting Their Companies Up For Cyber security Failure (forbes.com)

• NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)

• AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)

• Cyber attacks to cost $23 trillion in 2027: US official | ABS-CBN News

• How Cyber security Provides the Green Light for Business Innovation (govinfosecurity.com)

• Essential cyber hygiene: Making cyber defence cost effective - Help Net Security

• New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS

• The Need for a Cyber security-Centric Business Culture (darkreading.com)

• The double-edged sword of heightened regulation for financial services - Help Net Security

• Report: Cyber attacks No. 1 cause of downtime and data loss | Security Magazine

• Will CISOs Become Personally Liable for Breach Response? (inforisktoday.com)

• Keeping control in complex regulatory environments - Help Net Security

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• 7 risk mitigation strategies to protect business operations | TechTarget

• How to go from collecting risk data to actually reducing risk? - Help Net Security

• SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra

• Regulations are still necessary to compel adoption of cyber security measures | ZDNET

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

• How do we measure cyber risk? | ITPro

• Ready For Cyber Readiness - Any Time Now (forbes.com)

• CISOs and board members are finding a common language - Help Net Security

• IT Disaster Recovery Best Practices: Preparing For The Worst (informationsecuritybuzz.com)

• When And How To Hire A vCISO For Your Company's Cyber security Program (forbes.com)

• 18 Factors And Metrics To Show The Value Of Cyber security Initiatives (forbes.com)

• Improve your cyber threat understanding with geopolitical context | CSO Online

• Cyber Insecurity, AI and the Rise of the CISO | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats? (thehackernews.com)

• Ransomware realities in 2023: one employee mistake can cost a company millions (securityaffairs.com)

• Ransomware Criminals Aiming at Third-Party Vendors in Hunt for ‘Big Game’ (claimsjournal.com)

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure (darkreading.com)

• Giant health insurer struck by ransomware didn't have antivirus protection (malwarebytes.com)

• CISA shares vulnerabilities, misconfigs used by ransomware gangs (bleepingcomputer.com)

• What Are the Legal Implications of Paying Ransomware Demands? | HackerNoon

• Healthcare Sector Warned About New Ransomware Group NoEscape - Infosecurity Magazine (infosecurity-magazine.com)

• New trend in ransomware: Anonymity (betanews.com)

• 63% of organisations restore data after a ransomware attack | Security Magazine

• Hacker Group GhostSec Unveils New Generation Ransomware Implant - Infosecurity Magazine (infosecurity-magazine.com)

• Black Basta ransomware is out and about, again. (thecyberwire.com)

• Ukrainian activists hack Trigona ransomware gang, wipe servers (bleepingcomputer.com)

• Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire

• Scammers are targeting plastic surgery clinics with extortion scams | TechRadar

• BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks (bleepingcomputer.com)

• Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)

Ransomware Victims

• Lockbit ransomware gang demanded an 80 million ransom to CDW (securityaffairs.com)

• Alphv gang stole 5TB of data from Morrison Community Hospital (securityaffairs.com)

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Kansas Supreme Court Probes Potential Ransomware Attack (govinfosecurity.com)

• KwikTrip all but says IT outage was caused by a cyber attack (bleepingcomputer.com)

• Some people whose personal data stolen in HWL Ebsworth hack not told for six months | Cyber crime | The Guardian

• Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV (databreaches.net)

Phishing & Email Based Attacks

• More than 95 per cent of phishing attacks target the banking and finance sectors (bizhub.vn)

• Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE

• VIPRE finds 233.9 million malicious emails detected in Q3 2023 (securitybrief.co.nz)

• Make sure that email from HR is legit - it could be another phishing scam | TechRadar

• Human resources emails remain top phishing targets - SiliconANGLE

• CISA, NSA, FBI publish phishing guidance | TechTarget

• Generative AI's impact on phishing attacks | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing: What’s in a Name? | CISA

• D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)

Artificial Intelligence

• AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)

• AI Adoption Surges But Security Awareness Lags Behind - Infosecurity Magazine (infosecurity-magazine.com)

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge (thehackernews.com)

• AI-generated cyber attacks pose new risk to key UK infrastructure, experts warn | The Independent

• North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar

• Research: GPT-4 Jailbreak Easily Defeats Safety Guardrails

• Generative AI is scaring CISOs – but adoption isn’t slowing down | CSO Online

• Generative AI's impact on phishing attacks | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online

• The impact of artificial intelligence on cyber offence and defence | The Strategist (aspistrategist.org.au)

2FA/MFA

• Google Authenticator synchronization raises MFA concerns | TechTarget

Malware

• Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE

• Valve upgrades Steam's security after several games are hacked and filled with malware | Rock Paper Shotgun

• DarkGate malware spreads through compromised Skype accounts (bleepingcomputer.com)

• BLOODALCHEMY provides backdoor to ASEAN secrets • The Register

• Discord still a hotbed of malware activity — Now APTs join the fun (bleepingcomputer.com)

• Researchers warn of increased malware delivery via fake browser updates - Help Net Security

• The forgotten malvertising campaign (malwarebytes.com)

• Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)

• Lazarus Group Targeting Defence Experts with Fake Interviews via Trojanized VNC Apps (thehackernews.com)

• Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

• Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)

• Beware - that Google Chrome update alert might actually just be malware | TechRadar

Mobile

• SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls (thehackernews.com)

• The top 9 mobile security threats and how you can avoid them | ZDNET

• Hackers exploit security flaw to target iOS 17 iPhones with 'notification attack' | Macworld

• Google Play Protect adds real-time scanning to fight Android malware (bleepingcomputer.com)

• Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS Attacks in 2024: Distributed DoS Explained | Splunk

Internet of Things – IoT

• Inadequate IoT protection can be a costly mistake - Help Net Security

• Israelis told to secure their home security cameras against hackers • Graham Cluley

• Logistics Matters - Alert: How hackers use printers to gain access

• Microsoft HoloLens for the military: Hacker attacks on VR headset may cause physical pain - NotebookCheck.net News

Data Breaches/Leaks

• UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters

• Casio discloses data breach impacting customers in 149 countries (bleepingcomputer.com)

• 530K people's info stolen from cloud PC gaming's Shadow • The Register

• Colonial Pipeline was hacked. No, wait, Accenture was hacked. No, wait….. untangling claims. (2) (databreaches.net)

• D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)

• Hackers stole a million people's DNA. But what will they do with it? | Tech News | Metro News

• 23AndMe Hacker Leaks New Tranche of Stolen Data (darkreading.com)

• Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)

• Lost and Stolen Devices: A Gateway to Data Breaches and Leaks - SecurityWeek

• Twitter glitch allows CIA informant channel to be hijacked - BBC News

• Care provider under fire over response to cyber attack (thetimes.co.uk)

• Some people whose personal data stolen in HWL Ebsworth hack not told for six months | Cyber crime | The Guardian

• ServiceNow leak: thousands of companies at risk | Cybernews

Organised Crime & Criminal Actors

• Cyber attacks -- where they come from and the tactics they use (betanews.com)

• Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online

• Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)

• Single Sign On and the Cyber crime Ecosystem (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• US authorities monitor China-linked Bitcoin miners amid national security concerns: Report (cointelegraph.com)

Insider Risk and Insider Threats

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• Employees leaving businesses open to cyber attack – QBE research - CIR Magazine

• Why disaffected employees are your greatest cyber security risk | Federal News Network

• Ex-Navy IT head gets 5 years for selling people’s data on darkweb (bleepingcomputer.com)

Insurance

• Lloyd’s systemic risk scenario reveals potential cyber attack losses of $3.5tn (insuranceinsider.com)

• How MOVEit Is Likely to Shift Cyber Insurance Calculus (darkreading.com)

• Cyber insurance represents ‘small proportion’ of potential economic losses from major attack | Insurance Times

• How Data Changes the Cyber Insurance Market Outlook (darkreading.com)

• What to Look for in Cyber Insurance Coverage | Proofpoint US

Supply Chain and Third Parties

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Why fourth-party risk management is a must-have | TechTarget

Identity and Access Management

• Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)

Encryption

• Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication (thehackernews.com)

Linux and Open Source

• Open To Attack: The Risks Of Open-Source Software Attacks (informationsecuritybuzz.com)

• Can open source be saved from the EU's Cyber Resilience Act? • The Register

• Report Finds Few Open Source Projects are Actively Maintained - Slashdot

Passwords, Credential Stuffing & Brute Force Attacks

• IT Admins Are Just as Guilty For Weak Password Use- IT Security Guru

• Over 40,000 admin portal accounts use 'admin' as a password (bleepingcomputer.com)

• 39% of individuals use the same password for multiple accounts | Security Magazine

• Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)

• Passkeys Are Cool, But They Aren't Enterprise-Ready (darkreading.com)

• A worrying amount of corporate IDs still aren't properly protected | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)

• Twitter glitch allows CIA informant channel to be hijacked - BBC News

Malvertising

• The forgotten malvertising campaign (malwarebytes.com)

• Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)

• Guide to detecting and disrupting fake ads | Netcraft

• Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

• Clever malvertising attack uses Punycode to look like KeePass's official website (malwarebytes.com)

Training, Education and Awareness

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

Regulations, Fines and Legislation

• UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters

• A Third of Organisations Not Ready to Comply with NIS2 - Infosecurity Magazine (infosecurity-magazine.com)

• One year left for companies to implement NIS2 cyber security directive (wbj.pl)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)

• Can open source be saved from the EU's Cyber Resilience Act? • The Register

• Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky (darkreading.com)

• SEC stepping up cyber security efforts | Inquirer Business

• The double-edged sword of heightened regulation for financial services - Help Net Security

• Top US Cyber Agency Pushing Toward First Hack Reporting Rule (bloomberglaw.com)

• Keeping control in complex regulatory environments - Help Net Security

• UN cyber crime treaty: A menace in the making – EURACTIV.com

• SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra

Models, Frameworks and Standards

• A Third of Organisations Not Ready to Comply with NIS2 - Infosecurity Magazine (infosecurity-magazine.com)

• One year left for companies to implement NIS2 cyber security directive (wbj.pl)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)

• NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)

Backup and Recovery

• Principles for ransomware-resistant cloud backups - NCSC.GOV.UK

• 63% of organisations restore data after a ransomware attack | Security Magazine

Data Protection

• Care provider under fire over response to cyber attack (thetimes.co.uk)

Careers, Working in Cyber and Information Security

• Over half of cyber security pros say they want to switch jobs (betanews.com)

• Compelling Reasons Why You Should Study Cyber Security - Minutehack

• Your guide to landing a job in cyber security (fastcompany.com)

• New Cyber security Salary Report Guides Hiring in an $8 Trillion Cyber Crime Landscape (prnewswire.com)

• One in five CISOs miss out on pay raise - Help Net Security

Law Enforcement Action and Take Downs

• Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)

Misinformation, Disinformation and Propaganda

• Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats

Misc Nation State/Cyber Warfare

• ‘Only a matter of time’ before cyber attacks are viewed as acts of war: Ex-NSA chief

• Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes issues five tips on thwarting nation state threats | Computer Weekly

• APT trends report Q3 2023 | Securelist

• Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure (thehackernews.com)

• TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• The evolution of deception tactics from traditional to cyber warfare - Help Net Security

• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)

• Government officials debate effectiveness of multilateral relations in cyber security | ZDNET

• Defence leaders recognise need to adapt to win in ‘information battlespace’ | BAE Systems

Geopolitical Threats/Activity

• How Cyber attacks Could Affect the Israel-Hamas War (govinfosecurity.com)

• Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Israelis told to secure their home security cameras against hackers • Graham Cluley

• Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)

• Pro-Israeli Hacktivist Group Predatory Sparrow Reappears (darkreading.com)

• AI-Powered Israeli 'Cyber Dome' Defence Operation Comes to Life (darkreading.com)

• Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)

• Mideast War Has Cyber Implications | Newsmax.com

• Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)

• Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems (darkreading.com)

China

• Mandia: China replaces Russia as top cyber threat | CyberScoop

• FBI boss slams ‘unprecedented’ Chinese cyberespionage and IP theft   | SC Media (scmagazine.com)

• Five Eyes Warn Of Chinese Cyber Espionage | Silicon UK

• Five Eyes warn of growing threat of IP 'theft' by China's hackers (techmonitor.ai)

• 20,000 Britons approached by Chinese agents on LinkedIn, says MI5 head | MI5 | The Guardian

• Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration (thehackernews.com)

• US authorities monitor China-linked Bitcoin miners amid national security concerns: Report (cointelegraph.com)

• BLOODALCHEMY provides backdoor to ASEAN secrets • The Register

• TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)

• Huawei wants to know why EU labelled it high security risk • The Register

• Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw (thehackernews.com)

Russia

• Mandia: China replaces Russia as top cyber threat | CyberScoop

• Russia-based Wizard Spider is Top Threat Group: Netskope Report | MSSP Alert

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• Russian Sandworm hackers breached 11 Ukrainian telcos since May (bleepingcomputer.com)

• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)

• Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)

• Russian Hackers Target Romanian Media - Valahia.News

• Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)

• Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats - Infosecurity Magazine (infosecurity-magazine.com)

Iran

• Iranian hackers lurked in Middle Eastern govt network for 8 months (bleepingcomputer.com)

• Hamas-linked app offers window into cyber infrastructure, possible links to Iran | CyberScoop

North Korea

• North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar

• Lazarus Group Targeting Defence Experts with Fake Interviews via Trojanized VNC Apps (thehackernews.com)

• North Korean hackers exploit critical TeamCity flaw to breach networks (bleepingcomputer.com)

• FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program - SecurityWeek

Vulnerability Management

• Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)

• Microsoft Needs to Get Serious About Its Windows 10 Upgrade Problem (pcmag.com)

Vulnerabilities

• Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 - SecurityWeek

• Cisco working on fix for critical IOS XE zero-day | TechTarget

• Oracle Patches 185 Vulnerabilities With October 2023 CPU - SecurityWeek

• Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms (thehackernews.com)

• You Need to Update WinRAR, Right Now (gizmodo.com)

• Juniper Networks Patches Over 30 Vulnerabilities in Junos OS - SecurityWeek

• Hackers exploit critical flaw in WordPress Royal Elementor plugin (bleepingcomputer.com)

• Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software (thehackernews.com)

• Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• ServiceNow leak: thousands of companies at risk | Cybernews

Tools and Controls

• Well-informed employees act as 1st line of defence against cyber threats

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)

• Essential cyber hygiene: Making cyber defence cost effective - Help Net Security

• Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)

• Improve your cyber threat understanding with geopolitical context | CSO Online

• Why Zero Trust Is the Cloud Security Imperative (darkreading.com)

• 3 Essential Steps to Strengthen SaaS Security (darkreading.com)

• Cyber expert calls for renewed focus on zero-trust and recovery as threat actors scale-up - SiliconANGLE

• How hackers use printers to gain access

• Google Authenticator synchronization raises MFA concerns | TechTarget

• Cyber insurance represents ‘small proportion’ of potential economic losses from major attack | Insurance Times

• Email Security Best Practices for Phishing Prevention (trendmicro.com)

• The impact of artificial intelligence on cyber offence and defence | The Strategist (aspistrategist.org.au)

• What to Look for in Cyber Insurance Coverage | Proofpoint US

• Reinforcing cyber security: The network's role to prevent, detect, and respond to attacks - Help Net Security

• How to go from collecting risk data to actually reducing risk? - Help Net Security

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

• How do we measure cyber risk? | ITPro

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• OSINT isn't immediate ground truth--it's the result of analysis. (thecyberwire.com)

• How Data Changes the Cyber Insurance Market Outlook (darkreading.com)

• What is Structured Threat Information eXpression (STIX)? (techtarget.com)

Reports Published in the Last Week

• Trustwave SpiderLabs Research: Cyber security in the Financial Services Sector

• APT trends report Q3 2023 | Securelist

• New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS

• ENISA THREAT LANDSCAPE REPORT 2023 REPORT IS OUT! (securityaffairs.com)

• Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire

• The CISO Report | Splunk

• VIPRE Security Group’s Q3 2023 Email Threat Report Reveals PDFs, Callback Phishing and Malware Via Google Drive Growing in Popularity Among Criminals - VIPRE

Other News

• SMBs Struggle to Keep Pace with Cyber Security Threats - IT Security Guru

• Many SMBs really don't know exactly what security tools they need | TechRadar

• Hackers Hit The IT Industry: 12 Companies Targeted In 2023 | CRN

• What the Hollywood Writers Strike Resolution Means for Cyber security (darkreading.com)

• Progress gets SEC subpoena over MOVEit breach – and more! • The Register

• 51% of Financial Services Firms Reporting Breaches are From US: Trustwave Threat Landscape Report | The Fintech Times

• Cyber attacks on healthcare organisations affect patient care - Help Net Security

• Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)

• Thinking about the phrase 'cyber security' | Microscope (computerweekly.com)

• Cyber risk report says shipping remains ‘easy target’, paying an average $3.2m In cyber attacks (shipmanagement idcinternational.com)

• Space industry group turns up volume on satellite vulnerabilities - SpaceNews

• 5 Tips for Improving Security in Public Sector (govinfosecurity.com)

• Marketers Must Make Cyber security A Priority Every Day (forbes.com)

• UK at risk of massive security breach from national HMRC IT meltdown | The Independent

• UK warns nuclear power plant operator of cyber security failings (therecord.media)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Against Mobile Devices Growing Fast

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year.  The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.

It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/cyber-attacks-against-mobile-devices-growing-fast/

https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

• One Third of Security Breaches Go Unnoticed by Security Professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.

The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

• Cyber Security Experts Have Become Targets for Board Seats

The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.

https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html

• Phishing Attack Prevention as Email Attacks Surge Over 450%

A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.

In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.

https://cybersecuritynews.com/phishing-attack-prevention-checklist/

https://www.msspalert.com/cybersecurity-research/email-cyberattacks-spiked-nearly-500-in-first-half-of-2023-acronis-reports/

• Outsmarting Business Email Compromise (BEC) Scammers

Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.

There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.

https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers

• Small Organisations Face Security Threats on a Limited Budget

Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.

https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/

• Cloud Security: Sometimes the Risks May Outweigh the Rewards

Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.

https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/

https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

• Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.

From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.

https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks

https://techcrunch.com/2023/07/06/more-organizations-confirm-moveit-related-breaches-as-hackers-claim-to-publish-stolen-data

• 75% of Consumers Prepared to Ditch Brands Hit by Ransomware

As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

• Scammers Using AI Voice Technology to Commit Crimes

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.

The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.

https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/

• What are the Causes of Data Loss and What it the Impact on Your Organisation?

In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.

It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.

https://securityaffairs.com/148086/security/impacts-of-data-loss.html

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.

One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/

Governance, Risk and Compliance

• Cyber Security experts have become targets for board seats (cnbc.com)

• The Impacts of Data Loss on Your Organisation -Security Affairs

• One third of security breaches go unnoticed by security professionals - Help Net Security

• Small organisations face security threats on a limited budget - Help Net Security

• How to cultivate a culture of continuous cyber Security improvement - Help Net Security

• CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (darkreading.com)

• Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)

• Cyber Security's Future Hinges on Stronger Public-Private Partnerships (darkreading.com)

• Center for Internet Security, CREST launch new enterprise cyber Security accreditation scheme | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• 75% of consumers prepared to ditch brands hit by ransomware - Help Net Security

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)

• Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks (darkreading.com)

• Encryption-less ransomware: Warning issued over emerging attack method for threat actors | ITPro

• Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)

• 8Base ransomware group leaks data of 67 victim organisations - Help Net Security

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)

• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)

• Seven ways to prepare for double extortion ransomware | SC Media (scmagazine.com)

• The rise in cyber extortion attacks and its impact on business security - Help Net Security

• University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online

• Ransomware Criminals Are Dumping Kids' Private Files Online After School Hacks - SecurityWeek

• Microsoft Can Fix Ransomware Tomorrow (darkreading.com)

• Ransomware accounts for 54% of cyber threats in the health sector- Security Affairs

• Avast released a free decryptor for Windows version of Akira ransomware- Security Affairs

• Dark Web Intelligence Shows Everest Ransomware Group Increasing Initial Access Broker Activity (yahoo.com)

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• Thirty-three US Hospitals Hit By Ransomware This Year - Infosecurity Magazine (infosecurity-magazine.com)

• How ransomware impacts the healthcare industry - Help Net Security

• Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack – Joseph Carson – ESW Vault | SC Media (scmagazine.com)

• June saw flurry of ransomware attacks on education sector | TechTarget

• Decryption tool for Akira ransomware available for free | Tripwire

• Japanese Port of Nagoya Resumes Operations After 2-Day Russian Ransomware Attack - MSSP Alert

• What is WannaCry Ransomware? | Definition from TechTarget

• FBI digital sting against Hive cyber Crime group shows the promise — and limits — of hacking hackers - POLITICO

Ransomware Victims

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• One million NHS patients’ data compromised after cyber Attack on University of Manchester | The Independent

• Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data - SecurityWeek

• Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)

• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead | Tom's Hardware (tomshardware.com)

• Japan’s largest port stops operations after ransomware attack (bleepingcomputer.com)

• TSMC says IT supplier extorted by LockBit • The Register

• Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)

• 8Base ransomware group leaks data of 67 victim organisations - Help Net Security

• Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• TSMC says IT supplier extorted by LockBit • The Register

• MOVEit Hacks Ensnare US Department of Health and Human Services - Bloomberg

• UCLA among victims of worldwide cyber attack – NBC Los Angeles

• BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg

• Chipmaker TSMC says supplier targeted in cyber Attack | Reuters

• MOVEit hack impacts US financial services provider for academics | SC Media (scmagazine.com)

Phishing & Email Based Attacks

• Suspicious Email Reports Up a Third as NCSC Trumpets Active Defence - Infosecurity Magazine (infosecurity-magazine.com)

• Email Cyber Attacks Spiked Nearly 500% in First Half of 2023, Acronis Reports - MSSP Alert

• Phishing Attack Prevention Checklist - A Detailed Guide (cybersecuritynews.com)

• Phishing Trends and Tactics: Q1 of 2023 | Tripwire

• African Nations Face Escalating Phishing & Compromised Password Cyber Attacks (darkreading.com)

BEC – Business Email Compromise

• 6 Steps To Outsmart Business Email Compromise Scammers (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Quishing on the rise: How to prevent QR code phishing | TechTarget

• Why cyberpsychology is such an important part of effective cyber Security | CSO Online

Artificial Intelligence

• AI’s rise is ‘most profound’ tech shift to impact ‘all of our lives’, Google UK chief says | The Independent

• Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register

• Cyber Criminals can break voice authentication with 99% success rate - Help Net Security

• Dutch counterterrorism agency says Generative AI is posing new cyber threats | NL Times

• AI-generated attack vectors cyber Security should watch for (fastcompany.com)

• The EU hasn’t got its AI Act together yet - The Verge

• OpenAI Pauses ChatGPT's 'Browse With Bing' as Users Bypass Paywalls (gizmodo.com)

• Promoting responsible AI: Balancing innovation and regulation - Help Net Security

• GPT-4 is great at infuriating telemarketing scammers • The Register

• UK Citizens Wary of NHS AI Use, Citing Privacy Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)

Malware

• Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)

• Meduza Stealer Targets Windows Users With Advanced Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Fileless attacks increase 1,400% - Help Net Security

• Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs

• Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com)

• Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)

• Cyber agencies warn of new TrueBot malware variants targeting US and Canadian firms (therecord.media)

• CISA: Truebot malware infecting networks in US, Canada | TechTarget

• Mockingjay - A New Injection Technique to Bypass EDR (cybersecuritynews.com)

• Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)

• Mexican Hacker Unleashes Android Malware on Global Banks - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek

• Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

• Mobile Cyber Attacks Soar, Especially Against Android Users (darkreading.com)

• Android users at risk as banking trojan targets more apps | Fox News

• Cyber Attacks Against Mobile Devices Growing Fast - MSSP Alert

• We can’t trust the Government to protect your privacy, says boss of Signal (telegraph.co.uk)

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

• Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)

• Mexican Hacker Unleashes Android Malware on Global Banks - Infosecurity Magazine (infosecurity-magazine.com)

Botnets

• Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)

• Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)

Denial of Service/DoS/DDOS

• CISA issues DDoS warning after attacks hit multiple US orgs (bleepingcomputer.com)

• Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)

• Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics (thehackernews.com)

Data Breaches/Leaks

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• Microsoft denies data breach, theft of 30 million customer accounts (bleepingcomputer.com)

• Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En

• The Impacts of Data Loss on Your Organisation- Security Affairs

• Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone (thehackernews.com)

• Report Reveals Companies Unprepared For Darknet Data Leaks - Infosecurity Magazine (infosecurity-magazine.com)

• Nickelodeon investigates breach after leak of 'decades old’ data (bleepingcomputer.com)

• OpenAI lawsuit reignites privacy debate over data scraping | CyberScoop

• 28,000 Impacted by Data Breach at Pepsi Bottling Ventures - SecurityWeek

Organised Crime & Criminal Actors

• Exploring the Dark Web Job Market (socradar.io)

• INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cyber Crime (thehackernews.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Meduza Stealer targets tens of crypto wallers and pwd managers- Security Affairs

• $7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)

• Hackers stole millions of dollars worth of crypto assets from Poly Network platform- Security Affairs

Insider Risk and Insider Threats

• Human Error the Leading Cause of Cloud Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Why cyberpsychology is such an important part of effective cyber Security | CSO Online

Fraud, Scams & Financial Crime

• Google Searches for 'USPS Package Tracking' Leads to Banking Theft (darkreading.com)

• Support from British businesses crucial in removing over... - NCSC.GOV.UK

• GPT-4 is great at infuriating telemarketing scammers • The Register

• Ex-Amazon manager who stole $9m+ gets 16 years in prison • The Register

• $7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)

• International Police Operation Dismantles Phone Scam Network - Infosecurity Magazine (infosecurity-magazine.com)

• Four Men Face 20 Years For Money Laundering Charges - Infosecurity Magazine (infosecurity-magazine.com)

Deepfakes

• Scammers using AI voice technology to commit crimes - Help Net Security

• Cyber Criminals can break voice authentication with 99% success rate - Help Net Security

AML/CFT/Sanctions

• Four Men Face 20 Years For Money Laundering Charges - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online

• Find A Cyber Insurance Policy That Fits Your Small Business Budget (forbes.com)

• Cyber insurance rates drop 10% in June, report says | Reuters

• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)

• How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)

Dark Web

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)

• Report Reveals Companies Unprepared For Darknet Data Leaks - Infosecurity Magazine (infosecurity-magazine.com)

• Exploring the Dark Web Job Market (socradar.io)

• Deep Web vs Dark Web: What’s the Difference? - Keeper (keepersecurity.com)

Supply Chain and Third Parties

• Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)

• TSMC says IT supplier extorted by LockBit • The Register

• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead | Tom's Hardware (tomshardware.com)

Software Supply Chain

• A CISO's Guide to Paying Down Software Supply Chain Security Debt (darkreading.com)

Cloud/SaaS

• Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)

• Japan rebukes Fujitsu for cloud security fails • The Register

• Cloud security: Sometimes the risks may outweigh the rewards – Cyber Reports Cyber Security News & Information (cyber-reports.com)

• 53% of SaaS licenses remain unused - Help Net Security

• IT leaders believe hybrid cloud solutions are the future of IT - Help Net Security

• Human Error the Leading Cause of Cloud Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Ongoing Incident Prompts JumpCloud to Reset API Keys - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft investigates Outlook.com bug breaking email search (bleepingcomputer.com)

• 11 best practices for securing data in the cloud | Microsoft Security Blog

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)

Attack Surface Management

• Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online

Encryption

• Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)

• Exploring the Dark Web Job Market (socradar.io)

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek

• Online Safety Bill: WhatsApp, Signal, Element issue stark final warning against mass snooping of messages | Evening Standard

• Security Experts Raise Major Concerns With Online Safety Bill - Infosecurity Magazine (infosecurity-magazine.com)

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

API

• Ongoing Incident Prompts JumpCloud to Reset API Keys - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Mission Linux: How the open source software is now a lucrative target for hackers | CSO Online

• Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• High school changes every student’s password to ‘Ch@ngeme!’ | TechCrunch

• Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets (thehackernews.com)

Social Media

• Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)

• EU Court Deals Blow to Meta in German Data Case - SecurityWeek

• Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns (thehackernews.com)

• Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)

Malvertising

• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

Regulations, Fines and Legislation

• France passes bill to allow police remotely activate phone camera, microphone, spy on people (gazettengr.com)

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek

• EU Court Deals Blow to Meta in German Data Case - SecurityWeek

• Promoting responsible AI: Balancing innovation and regulation - Help Net Security

• European companies slam the EU’s incoming AI regulations in open letter - The Verge

• Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines | TechCrunch

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

Models, Frameworks and Standards

• Center for Internet Security, CREST launch new enterprise cyber Security accreditation scheme | CSO Online

Careers, Working in Cyber and Information Security

• Crack the Code: How to Secure Your Dream Cyber Security Career - IT Security Guru

• 3 Ways to Build a More Skilled Cyber Security Workforce (darkreading.com)

• Make Diversity the 'How,' Not the 'What,' of Cyber Security Success (darkreading.com)

• CISO Speaks: Resilience and Avoiding Burnout - IT Security Guru

• Top 5 Free Online Cyber Security Courses in 2023 (analyticsinsight.net)

• ISACA joins ECSO to strengthen cyber Security and digital skills in Europe - Help Net Security

Law Enforcement Action and Take Downs

• INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cyber Crime (thehackernews.com)

• International Police Operation Dismantles Phone Scam Network - Infosecurity Magazine (infosecurity-magazine.com)

• FBI digital sting against Hive cyber Crime group shows the promise — and limits — of hacking hackers - POLITICO

Privacy, Surveillance and Mass Monitoring

• France passes bill to allow police remotely activate phone camera, microphone, spy on people (gazettengr.com)

• Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register

• Online Safety Bill: WhatsApp, Signal, Element issue stark final warning against mass snooping of messages | Evening Standard

• TSA hopes to expand facial recognition over next ten years • The Register

• NJ cops must get wiretap order for real-time Facebook snoop • The Register

• Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns (thehackernews.com)

• UK Citizens Wary of NHS AI Use, Citing Privacy Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines | TechCrunch

• Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• Switzerland’s Security Report: Impact of Russia–Ukraine Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Satellite system used by Russian military is hacked - The Washington Post

• Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)

• Russian railway site allegedly taken down by Ukrainian hackers (therecord.media)

China

• US authorities warn on China’s new counter-espionage la' • The Register

• Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research

• Chinese threat actor attacks diplomats across Europe • The Register

• Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)

Iran

• Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools (darkreading.com)

• Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)

• Iranian hacking group impersonating nuclear experts to gain intel from Western think tanks | SC Media (scmagazine.com)

North Korea

• Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs

• North Korean satellite had no military utility for spying • The Register

Misc/Other/Unknown

• Advanced Persistent Threats: A Wake-Up Call for Cyber Security (ts2.space)

Vulnerability Management

• Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)

• Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)

Vulnerabilities

• CISA warns Samsung handset bugs and D-Link router flaws are being exploited in wild | SC Media (scmagazine.com)

• 300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug (bleepingcomputer.com)

• Microsoft puts out Outlook fire, downplays Teams flaw • The Register

• Critical Flaw Exposes ArcServe Backup to Remote Code Execution - Infosecurity Magazine (infosecurity-magazine.com)

• WordPress plugin lets users become admins – Patch early, patch often! – Naked Security (sophos.com)

• Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)

• Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities - SecurityWeek

• Microsoft fixes bug behind Windows LSA protection warnings, again (bleepingcomputer.com)

• Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

• Cisco warns of bug that lets attackers break traffic encryption (bleepingcomputer.com)

• StackRot Linux Kernel Bug Has Exploit Code on the Way (darkreading.com)

• Cisco warns of a flaw in Nexus 9000 series switches that allows modifying encrypted traffic- Security Affairs

Tools and Controls

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

• Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek

• Small organisations face security threats on a limited budget - Help Net Security

• 11 best practices for securing data in the cloud | Microsoft Security Blog

• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)

• Mitigating Risk With Threat Intelligence (darkreading.com)

• How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)

Reports Published in the Last Week

• Phishing Trends and Tactics: Q1 of 2023 | Tripwire

• How to Use Threat Intelligence to Mitigate Third-Party Risk Free Report (tradepub.com)

Other News

• Foreign spies hacked government 20 years ago (thetimes.co.uk)

• GCHQ Reveals Details of State-Backed Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Police investigate stolen exam papers after cyber attack (schoolsweek.co.uk)

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek

• Why Schools are Low-Hanging Fruit for Cyber Criminals - IT Security Guru

• Hacks targeting British exam boards raise fears of students cheating (therecord.media)

• Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En

• Is your browser betraying you? Emerging threats in 2023 - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 79% of Cyber Pros Make Decisions Without Threat Intelligence

In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on?

Threat intelligence helps organisations stay informed about the latest cyber threats and vulnerabilities. By gathering and analysing information about potential attacks, threat intelligence can provide organisations with valuable insights into the tactics, techniques and procedures (TTPs) used by cyber criminals.

Given the deep value provided by threat intelligence, why aren’t more cyber pros taking advantage of it?

https://securityintelligence.com/articles/79-percent-of-cyber-pros-make-decisions-without-threat-intelligence/

• 61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success

A recent report found only 39% of respondents think their company's leadership has a sound understanding of cyber security's role as a business enabler. Cyber security can be a huge business enabler; executive leaders need to think of cyber security in terms of the value it can deliver at a more strategic level.

https://www.darkreading.com/risk/global-research-from-delinea-reveals-that-61-of-it-security-decision-makers-think-leadership-overlooks-the-role-of-cybersecurity-in-business-success

• Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’

The Federation of European Risk Management Associations (FERMA), an umbrella body representing 22 trade associations, said the cyber insurance market is “evolving in isolation from the industries it serves”.

It highlighted a move by Lloyd’s of London, the specialist insurance market and hub for cyber insurance, demanding that standard cyber policies have an exemption for big state-backed attacks.

“Without a more collaborative approach to cyber balancing the risk appetite of the insurance market with the coverage requirements of the corporate buyers, there is a risk that cyber insurance becomes an unviable product for many organisations,” FERMA said in a statement shared with the Financial Times.

The intervention is the strongest yet by the business lobby over the controversial exemption and wider concerns about cyber insurance.

https://www.ft.com/content/401629cc-e68a-41a4-8d50-e7c0d3e27835

• Small and Medium-Sized Businesses: Don’t Give up on Cyber Security

In today’s increasingly hostile environment, every enterprise, big or small, should be concerned about cyber security and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world.

Yet time and again, small and medium-sized businesses (SMBs) are left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt. Thus, cyber security becomes an “afterthought” or “add when we can” kind of service that leaves SMBs far more vulnerable than the corporate giants — just reading the news every day shows even they aren’t immune to ransomware, intrusions, and data theft. If you haven’t already, start thinking about security now.

https://www.csoonline.com/article/3695593/small-and-medium-sized-businesses-don-t-give-up-on-cybersecurity.html

• AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence

Hackers using ChatGPT are faster and more sophisticated than before, and cyber security analysts who don’t have access to similar tools can very quickly find themselves outgunned and outsmarted by these AI-assisted attackers. However, corporations are stumbling to figure out governance around AI, and while they do so, their employees are clearly defying rules and possibly jeopardising company operations. According to a study of 1.6 million workers, 3.1% input confidential company information into ChatGPT. Although the number seems small, 11% of users' questions include private information. This is a fatal flaw for corporate use considering how hackers can manipulate the system into giving them previously hidden information. In another study, it was found that 80% of security professionals used AI, with 46% of these giving specialised capabilities as a reason.

https://www.euronews.com/2023/05/04/ai-has-been-dubbed-a-nuclear-threat-to-cybersecurity-but-it-can-also-be-used-for-defence

• Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows

In three out of four cyber attacks, the hijackers succeeded in encrypting victims’ data, cyber security provider Sophos said in its newly released State of Ransomware 2023 report.

The rate of data encryption amounted to the highest from ransomware since Sophos first issued the report in 2020. Overall, roughly two-thirds of the 3,000 cyber security/IT leaders’ organisations were infected by a ransomware attack in the first quarter of 2023, or the same percentage as last year.

Much advice has been doled out by cyber security providers and law enforcement urging organisations to not pay a ransom. According to Sophos’ survey, the data shows that when organisations paid a ransom to decrypt their data, they ended up doubling their recovery costs. On average, those organisations paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organisations that used backups to recover their data.

Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.

https://www.msspalert.com/cybersecurity-research/paying-cyber-hijackers-ransoms-doubles-cost-of-recovery-sophos-study-shows/

• Majority of US, UK CISOs Unable to Protect Company 'Secrets'

A recent study found 75% of organisations have experienced a data leak involving company secrets, including API keys, usernames, passwords, and encryption keys, in the past. It was found that about 52% of chief information and security officers (CISOs) in the US and UK organisations are unable to fully secure their company secrets. The study showed that a huge chunk of the IT sector realises the danger of exposed secrets. Seventy-five percent said that a secret leak has happened in their organisation in the past, with 60% acknowledging it caused serious issues for the company, employees, or both. The report has pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.

https://www.csoonline.com/article/3695583/majority-of-us-uk-cisos-unable-to-protect-company-secrets-report.html

• Company Executives Can’t Afford to Ignore Cyber Security Anymore

In a recent survey, when asked about the Board and C-Suite‘s understanding of cyber security across the organisation, only 36% of respondents believe that it is considered important only in terms of compliance and regulatory demands, while 17% said it is not seen as a business priority. The disconnect between business and security goals appears to have caused at least one negative consequence to 89% of respondents’ organisations, with 26% also reporting it resulted in an increased number of successful cyber attacks at their company. On the misalignment of cyber security goals, respondents believed it contributed to delays in investments (35%), delays in strategic decision making (34%), and unnecessary increases in spending (27%).

https://www.helpnetsecurity.com/2023/05/10/cybersecurity-business-goals-alignment/

• BEC Campaign via Israel Spotted Targeting Multinational Companies

An Israel-based threat group was discovered carrying out a business email compromise (BEC) campaign primarily targeting large and multinational enterprises. The group has conducted 350 BEC campaigns since February 2021, with email attacks targeting employees from 61 countries across six continents. The group operate through two personas — a CEO and an external attorney and spoofed email addresses using real domains.

https://www.darkreading.com/remote-workforce/bec-attacks-out-of-israel-target-multinational-corporations

• CISOs Worried About Personal Liability for Breaches

Over three-fifths (62%) of global CISOs are concerned about being held personally liable for successful cyber attacks that occur on their watch, and a similar share would not join an organisation that fails to offer insurance to protect them, according to Proofpoint annual ‘Voice of the CISO’ survey for 2023. The security vendor polled 1600 CISOs from organisations of 200 employees or more across different industries in 16 countries to compile the report.

It revealed that CISOs in sectors with high volumes of sensitive data and/or heavy regulation such as retail (69%), financial services (65%) and manufacturing (65%) are most likely to demand insurance coverage.

Such concerns only add to the mental load on corporate IT security bosses. A combination of high-stress working environments, shrinking budgets and personal liability could be harming CISOs’ quality of life. Some 60% told Proofpoint they’ve experienced burnout in the past 12 months.

CISOs are most likely to experience burnout in the retail (72%) and IT, technology and telecoms (66%) industries.

https://www.infosecurity-magazine.com/news/cisos-worried-personal-liability/

• UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries

The UK NCSC along with the US National Security Agency (NSA) and various international partner agencies have discovered infrastructure connected with the sophisticated Russian cyber-espionage tool Snake in over 50 countries worldwide. Snake operations have been attributed to a specific unit within Russia’s Federal Security Service (FSB), Center 16.

Cyber criminals reportedly used Snake to retrieve and remove confidential documents related to international relations and diplomatic communications.

According to an advisory published by the agencies on Tuesday, the FSB targeted various industries, including education, small businesses, media, local government, finance, manufacturing and telecommunications. The Snake malware is installed on external infrastructure nodes for further exploitation.

According to the NSA Russian government actors have used this tool for years for intelligence collection and it is hoped that the technical details shared in the advisory will help many organisations find and shut down the malware globally.

https://www.infosecurity-magazine.com/news/nsa-uncovers-russian-snake-malware/

• Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

A new phishing-as-a-service tool called "Greatness" is being used in attacks targeting manufacturing, healthcare, technology, and other sectors.

Researchers at Cisco Talos detailed their findings on "Greatness," a one-stop-shop for all of a cyber criminal's phishing needs. With Greatness, anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.

The tool has been in circulation since at least mid-2022 and has been used in attacks against enterprises in manufacturing, healthcare, and technology, among other sectors. Half of the targets thus far have been concentrated in the US, with further attacks occurring around Western Europe, Australia, Brazil, Canada, and South Africa.

https://www.darkreading.com/cloud/plug-and-play-microsoft-365-phishing-tool-democratizes-attacks

Threats

Ransomware, Extortion and Destructive Attacks

• Make them pay: Hackers devise new tactics to ensure ransomware payment | CSO Online

• Ransomware gangs display ruthless extortion tactics in April | TechTarget

• Our appetite for data increases the risk of being held to ransom (thetimes.co.uk)

• Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows - MSSP Alert

• Ransomware review: May 2023 (malwarebytes.com)

• Ransomware Attacks Adapt With New Techniques: Kaspersky Report - Infosecurity Magazine (infosecurity-magazine.com)

• The new ransomware strain is picking off big businesses one by one - and yours could be next | TechRadar

• Refined methodologies of ransomware attacks - Help Net Security

• Ranking ransomware: The gangs, the malware and the ever-present risks | CyberScoop

• Ransomware Encryption Rates Reach New Heights - Infosecurity Magazine (infosecurity-magazine.com)

• UK ‘increasingly concerned’ ransomware victims are keeping incidents secret (therecord.media)

• Royal ransomware gang quickly expands reign | SC Media (scmagazine.com)

• Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)

• Ransomware attack confirmed at Rochester Public Schools, FBI alerted - Bring Me The News

• Constellation Struck By Ransomware Attack, ALPHV Lays Claim (informationsecuritybuzz.com)

• New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks (thehackernews.com)

• New Akira Ransomware Operation Hits Corporate Networks | Black Hat Ethical Hacking

• Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers (bleepingcomputer.com)

• $1.1M Paid to Resolve Ransomware Attack on California County - SecurityWeek

• Western Digital store offline due to March breach - Help Net Security

• Western Digital Confirms Ransomware Group Stole Customer Information - SecurityWeek

• Former Conti members are behind latest Royal ransomware hacking spree, report finds (axios.com)

• Hackers Contacted Dragos CEO’s Son, Wife in Extortion Attempt - Bloomberg

• Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs (darkreading.com)

• Australian software giant won’t say if customers affected by hack | TechCrunch

• Multinational tech firm ABB hit by Black Basta ransomware attack (bleepingcomputer.com)

• Smashing Pumpkins frontman paid ransom to a hacker who threatened to leak the band's songs -Security Affairs

Phishing & Email Based Attacks

• Q1 Cofense Phishing Intelligence Report - Cofense

• "Greatness" Phishing Tool Exploits Microsoft 365 Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• This dangerous phishing attack is targeting Microsoft users everywhere, so be on your guard | TechRadar

• Gmail gets blue verification checks to protect against spoofing and phishing | ZDNET

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

BEC – Business Email Compromise

• Exploring the Rise of Israel-Based BEC Attacks | Abnormal (abnormalsecurity.com)

2FA/MFA

• Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)

Malware

• Chrome users, stay alert: Malware may be just one click away - gHacks Tech News

• Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)

• 56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security

• Millions of mobile phones come pre-infected with malware • The Register

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• Fake system update drops Aurora stealer via Invalid Printer loader (malwarebytes.com)

• Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)

Mobile

• Millions of mobile phones come pre-infected with malware • The Register

• Mobile hacking and spyware – understanding the risks - TechHQ

• Google Announces New Privacy, Safety, and Security Features Across Its Services (thehackernews.com)

• Google Improves Android Security With New APIs - SecurityWeek

• New Android FluHorse malware steals your passwords, 2FA codes (bleepingcomputer.com)

• Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads (thehackernews.com)

• New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)

Botnets

• Bad Bots Now Account For 30% of All Internet Traffic - Infosecurity Magazine (infosecurity-magazine.com)

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Internet of Things – IoT

• CISA warns of Mirai botnet exploiting TP-Link routers • The Register

Data Breaches/Leaks

• Security researcher finds trove of Capita data exposed online | TechCrunch

• In a new hacking crime wave, more personal data is being held hostage (cnbc.com)

• Why the 'Why' of a Data Breach Matters (darkreading.com)

• OpenAI confirms ChatGPT data breach (cshub.com)

• Western Digital says hackers stole customer data in March cyber attack (bleepingcomputer.com)

• Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica

• Boot Guard Keys From MSI Hack Posted, Many PCs Vulnerable | Tom's Hardware(tomshardware.com)

• 1 Million Impacted by Data Breach at NextGen Healthcare - SecurityWeek

• Twitter admits 'security incident' broke Circle privacy • The Register

• Food distribution giant Sysco warns of data breach after cyber attack (bleepingcomputer.com)

• North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)

• Brightly warns of SchoolDude data breach exposing credentials (bleepingcomputer.com)

• Simplify data hack cost the firm almost £7m - Property Industry Eye

Organised Crime & Criminal Actors

• In a new hacking crime wave, more personal data is being held hostage (cnbc.com)

• How hackers are recruiting on the dark web (thetimes.co.uk)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED

• Briton pleads guilty in US to 2020 Twitter hack - BBC News

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

• Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison - SecurityWeek

• UK cops score another legal win in EncroChat spying case • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Patrols Lead to Seizure of Stolen Artefacts - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Criminals Exploit Hardware Wallet to Steal Almost $30,000 - Infosecurity Magazine (infosecurity-magazine.com)

• RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)

Insider Risk and Insider Threats

• Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)

• Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur

Fraud, Scams & Financial Crime

• Banks warn of big increase in online scams - BBC News

• Fraud victims risk more than money - Help Net Security

• Five Things Scammers Are Hoping You Google (lifehacker.com)

• UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)

• The true numbers behind deepfake fraud - Help Net Security

• Your voice could be your biggest vulnerability - Help Net Security

• QR codes used in fake parking tickets, surveys to steal your money (bleepingcomputer.com)

Deepfakes

• The true numbers behind deepfake fraud - Help Net Security

• Your voice could be your biggest vulnerability - Help Net Security

Insurance

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• Court Rules in Favour of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyber attack - SecurityWeek

Dark Web

• How hackers are recruiting on the dark web (thetimes.co.uk)

• Google Broadens Dark Web Monitoring To Track All Gmail Users (informationsecuritybuzz.com)

Supply Chain and Third Parties

• Security researcher finds trove of Capita data exposed online | TechCrunch

• Cyber hack to cost UK outsourcer Capita up to $25 mln | Reuters

• Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica

Software Supply Chain

• The SBOM Bombshell - SecurityWeek

• 5 SBOM tools to start securing the software supply chain | TechTarget

Cloud/SaaS

• 56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security

• How to reduce risk with cloud attack surface management | TechTarget

• ENISA leans into EU clouds with draft cyber security label • The Register

Hybrid/Remote Working

• 8 habits of highly-secure remote workers | ZDNET

Attack Surface Management

• How Attack Surface Management Supports Continuous Threat Exposure Management (thehackernews.com)

Identity and Access Management

• Top 3 trends shaping the future of cyber security and IAM - Help Net Security

• Review your on-prem ADCS infrastructure before attackers do it for you | CSO Online

• Why the FTX Collapse Was an Identity Problem (darkreading.com)

Asset Management

• CISOs confront mounting obstacles in tracking cyber assets - Help Net Security

• How Attack Surface Management Supports Continuous Threat Exposure Management (thehackernews.com)

Encryption

• Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption | SC Media (scmagazine.com)

• Europe’s Moral Crusader Lays Down the Law on Encryption | WIRED

API

• Google Improves Android Security With New APIs - SecurityWeek

Open Source

• India bans open source messaging apps on security grounds • The Register

• Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• 83% of Americans’ Passwords Can Be Hacked in Less Than a Second, Study Shows (thedailybeast.com)

• Top 5 Password Cracking Techniques Used by Hackers (bleepingcomputer.com)

Social Media

• Twitter admits 'security incident' broke Circle privacy • The Register

• TikTok tracked UK journalist via her cat's account - BBC News

Parental Controls and Child Safety

• Scanning Plans On Europe's CSAM May Violate International Law (informationsecuritybuzz.com)

• EU's Client-Side Scanning Plans Could be Unlawful - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)

• Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption | SC Media (scmagazine.com)

• AI needs superintelligent regulation | Financial Times

• EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian

• India bans open source messaging apps on security grounds • The Register

• PEGA committee calls for EU level regulation of spyware • The Register

• EU's Client-Side Scanning Plans Could be Unlawful - Infosecurity Magazine (infosecurity-magazine.com)

• ENISA leans into EU clouds with draft cyber security label • The Register

• Europe’s Moral Crusader Lays Down the Law on Encryption | WIRED

• Scanning Plans On Europe's CSAM May Violate International Law (informationsecuritybuzz.com)

Governance, Risk and Compliance

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• 79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)

• Company executives can't afford to ignore cyber security anymore - Help Net Security

• Majority of US, UK CISOs unable to protect company 'secrets': Report | CSO Online

• Small- and medium-sized businesses: don’t give up on cyber security | CSO Online

• CISOs Worried About Personal Liability For Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Global Research From Delinea Reveals That 61% of IT Security Decision Makers Think Leadership Overlooks the Role of Cyber security in Business Success (darkreading.com)

• 5 Types of Cyber Crime Groups (trendmicro.com)

• (ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert

• Organisations Reliant on Social Media For Threat Intelligence - TechRound

• Recognizing Cyberthreat Trends For Effective Defence (forbes.com)

• Digital trust can make or break an organisation - Help Net Security

• ISACA: Companies Still Face Many Barriers to Achieving Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Why more transparency around cyber attacks is good for everyone - NCSC

• CISOs face mounting pressures, expectations post-pandemic | TechTarget

• CISOs' confidence in post-pandemic security landscape fades - Help Net Security

• This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT - SecurityWeek

• Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur

• Key Trends and Insights from RSAC 2023 (trendmicro.com)

• NCSC and ICO Dispel Incident Reporting Myths - Infosecurity Magazine (infosecurity-magazine.com)

Models, Frameworks and Standards

• (ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert

• ENISA leans into EU clouds with draft cyber security label • The Register

Data Protection

• The (Security) Cost of Too Much Data Privacy (darkreading.com)

Careers, Working in Cyber and Information Security

• CISOs Worried About Personal Liability For Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• 7 ways to mitigate CISO liability and risk | TechTarget

• Google Launches New Cyber security Analyst Training Program - SecurityWeek

Law Enforcement Action and Take Downs

• Cyber Patrols Lead to Seizure of Stolen Artefacts - Infosecurity Magazine (infosecurity-magazine.com)

• FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)

• Briton pleads guilty to hacking stars' Twitter accounts to steal Bitcoin | Science & Tech News | Sky News

• Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)

• UK cops score another legal win in EncroChat spying case • The Register

Privacy, Surveillance and Mass Monitoring

• The (Security) Cost of Too Much Data Privacy (darkreading.com)

• Twitter admits 'security incident' broke Circle privacy • The Register

• TikTok tracked UK journalist via her cat's account - BBC News

Artificial Intelligence

• AI has been dubbed a 'nuclear' threat to cyber security. But it can be also used for defence | Euronews

• Top US cyber official warns AI may be the 'most powerful weapon of our time' | CyberScoop

• ‘A race it might be impossible to stop’: how worried should we be about AI? | Artificial intelligence (AI) | The Guardian

• OpenAI confirms ChatGPT data breach (cshub.com)

• AI needs superintelligent regulation | Financial Times

• Amazon Is Being Flooded With Books Entirely Written by AI (futurism.com)

• Your voice could be your biggest vulnerability - Help Net Security

• The security and privacy risks of large language models - Help Net Security

• Rethinking democracy for the age of AI | CyberScoop

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Killnet, a Pro-Russian Hacktivist Crew, Pivots to Cyber Mercenaries for Hire, Report Says - MSSP Alert

• NCSC and allies expose Snake malware threat - NCSC.GOV.UK

• It’s being called Russia's most sophisticated cyber espionage tool. What is Snake, and why is it so dangerous? (theconversation.com)

• EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian

• China targets foreign consulting companies in anti-spying raids | China | The Guardian

• Mobile hacking and spyware – understanding the risks - TechHQ

• New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)

• CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)

• Five Takeaways From the Russian Cyber Attack on Viasat’s Satellites - Infosecurity Magazine (infosecurity-magazine.com)

• GCHQ building under fire from senior Tory for using Chinese surveillance cameras - Gloucestershire Live

• PEGA committee calls for EU level regulation of spyware • The Register

• FBI-led Operation Medusa kills Russian FSB malware network • The Register

• How one of Vladimir Putin’s most prized hacking units got pwned by the FBI | Ars Technica

Nation State Actors

• Killnet, a Pro-Russian Hacktivist Crew, Pivots to Cyber Mercenaries for Hire, Report Says - MSSP Alert

• NSA and Allies Uncover Russian Snake Malware Network in 50+ Countries - Infosecurity Magazine (infosecurity-magazine.com)

• Deterring China isn't all about submarines. Australia's 'cyber offence' might be its most potent weapon (theconversation.com)

• Microsoft warns Iran increasing its cyber-enabled influence operations | SC Media (scmagazine.com)

• China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register

• CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)

• LinkedIn shuts service in China, lays off employees | Fortune

• Microsoft: Iranian hacking groups join Papercut attack spree (bleepingcomputer.com)

• FBI-led Operation Medusa kills Russian FSB malware network • The Register

• China targets foreign consulting companies in anti-spying raids | China | The Guardian

• Beijing raids consultancy firm Capvision, promises more • The Register

• Five Takeaways From the Russian Cyber Attack on Viasat’s Satellites - Infosecurity Magazine (infosecurity-magazine.com)

• GCHQ building under fire from senior Tory for using Chinese surveillance cameras - Gloucestershire Live

• Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry (thehackernews.com)

• SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack (darkreading.com)

• ESET APT Activity Report Q4 2022­–Q1 2023 | WeLiveSecurity

• North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)

• People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA

Vulnerability Management

• The Problem of Old Vulnerabilities — and What to Do About It (darkreading.com)

Vulnerabilities

• Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug (thehackernews.com)

• Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324) - Help Net Security

• Microsoft warns of two bugs under active exploit • The Register

• Light May Patch Tuesday will weigh heavily on Windows admins | TechTarget

• New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyber attacks (thehackernews.com)

• Fortinet fixed two severe issues in FortiADC and FortiOS-Security Affairs

• Azure API Management flaws highlight server-side request forgery risks in API development | CSO Online

• New PaperCut RCE exploit created that bypasses existing detections (bleepingcomputer.com)

• Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)

• Adobe Patches 14 Vulnerabilities in Substance 3D Painter - SecurityWeek

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)

• CyberGhost VPN patches command injection vulnerability | SC Media (scmagazine.com)

• A Linux NetFilter kernel flaw allows escalating privileges to 'root'-Security Affairs

• SAP Patches Critical Vulnerabilities With May 2023 Security Updates - SecurityWeek

• Fortinet warns of a spike of the activity linked to AndoryuBot botnet-Security Affairs

Tools and Controls

• Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)

• 79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)

• Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)

• AI has been dubbed a 'nuclear' threat to cyber security. But it can be also used for defence | Euronews

• Identifying Compromised Data Can Be a Logistical Nightmare (darkreading.com)

• Organisations Reliant on Social Media For Threat Intelligence - TechRound

• Recognizing Cyberthreat Trends For Effective Defence (forbes.com)

• Digital trust can make or break an organisation - Help Net Security

• ISACA: Companies Still Face Many Barriers to Achieving Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent attackers from using legitimate tools against you - Help Net Security

• Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts (thehackernews.com)

• How to implement principle of least privilege in Azure AD | TechTarget

• How to start handling Azure network security | TechTarget

• What is Digital Forensics? Tools, Types, Phases & History (cybersecuritynews.com)

• Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)

• AI Will Take Many Cyber security Jobs, But It's Not a Complete Disaster | PCMag

• Google Broadens Dark Web Monitoring To Track All Gmail Users (informationsecuritybuzz.com)

• 5 SBOM tools to start securing the software supply chain | TechTarget

• The Industrywide Consequences of Making Security Products Inaccessible (darkreading.com)

• Top 3 trends shaping the future of cyber security and IAM - Help Net Security

Reports Published in the Last Week

• ESET APT Activity Report Q4 2022­–Q1 2023 | WeLiveSecurity

• Q1 Cofense Phishing Intelligence Report - Cofense

• 2023 AT&T Cyber security Insights Report: Edge Ecosystem (darkreading.com)

• 2023 Voice of the CISO | Proofpoint UK

Other News

• The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED

• Why Should You Take IT Security Seriously? - IT Security Guru

• To enable ethical hackers, a law reform is needed - Help Net Security

• How datacentre operators can fend off cyber attacks | Computer Weekly

• US Advances Cyber Defences Since Colonial Pipeline Attack But More Work Remains, CISA Director Says - MSSP Alert

• Evil digital twins and other risks: the use of twins opens up a host of new security concerns | CSO Online

• 'Windows for Gamers' Rolls Dice With Your Security (vice.com)

• Risk of cyber attack is main Eurovision worry, says BBC executive | Eurovision 2023 | The Guardian

• Evil digital twins and other risks: the use of twins opens up a host of new security concerns | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Boards Need Better Conversations About Cyber Security

In a survey by Harvard Business Review, 65% of directors believed their organisations were at risk of a cyber attack within the next 12 months, and almost half believed they were unprepared to cope with such an attack. Boards that struggle with their role in providing oversight for cyber security create a security problem for their organisations. By not focusing on resilience, boards fail their companies and their stakeholders.

Regarding board interactions with CISOs, just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This is worrying, as this leaves little time for leaders to have a meaningful dialogue about cyber security.

As a result, boards need to discuss their organisations’ cyber security-induced risks and evaluate plans to manage those risks frequently; the CISO should be involved in this. With the right conversations about keeping the organisation resilient, they can take the next step to provide adequate cyber security oversight. To bring more cyber security into the board room, board members may need to gain expertise, whether through frequent training or development programmes.

https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity

• Uber’s Ex-Security Chief Sentenced for Security Breach

Earlier this week, Uber’s former head of cyber security, Joseph Sullivan, faced several years of prison time for covering up a massive security breach at the ride-hailing company seven years ago. When it actually came to sentencing he managed to avoid jail but received three years of probation and 200 hours of community service, despite pleas from the prosecution to throw him in jail.

The case highlights the seriousness of covering up a security breach, as at one point the ex-security chief was looking at 24-30 months of jail time. With increasing regulations and focus on cyber security, it is unlikely that this is a one-off incident.

https://gizmodo.com/uber-security-joe-sullivan-sentenced-prison-data-breach-1850403347

• Global Cyber Attacks Rise by 7% in Q1 2023

Weekly cyber attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1,248 attacks per week according to Check Point’s latest research. The report highlights a number of sophisticated campaigns including using ChatGPT for code generation to help less-skilled threat actors effortlessly launch cyber attacks.

The Check Point report also shows that 1 in 31 organisations worldwide experienced a ransomware attack weekly over the first quarter of 2023. To defend against such threats, the security researchers recommended a series of cyber safety tips, such as keeping computers and servers up-to-date, conducting regular cyber awareness training and utilising better threat prevention tools, among others.

https://www.infosecurity-magazine.com/news/global-cyber-attacks-rise-7-q1-2023/

• Three-Quarters of Firms Predict a Breach in the Coming Year

Most global organisations anticipate suffering a data breach or cyber attack in the next 12 months. Trend Micro’s six-monthly Cyber Risk Index (CRI) was compiled from interviews with 3,729 global organisations.

While results of the index score move in a positive direction showing organisations are taking steps to improve cyber preparedness, most responding organisations are pessimistic about the year ahead.

Respondents pointed to both negligent insiders and mobile users, and a lack of trained staff, as a key cause of concern going forward. Alongside cloud infrastructure and virtual computing environments, these comprised the top five infrastructure risks.

https://www.infosecurity-magazine.com/news/threequarters-firms-predict-breach/

• The Costly Threat That Many Businesses Fail to Address

Insider attacks such as fraud, sabotage, and data theft plague 71% of businesses, according to a recent report. The report found companies that allow excessive data access are much more likely to suffer insider attacks. However, only 57% of companies limit data appropriately while 31% allow employees access to more data than necessary and 12% allow employees access to all company data.

Alarmingly, of the companies that have experienced insider attacks, one in three (34%) report that the attack involved an employee with privileged access. Data theft was the most common type of insider attack, reported by 38% of businesses.

Insider attacks can damage businesses’ reputations, finances, and competitiveness, and therefore companies should take a proactive approach in preventing these incidents.

https://www.helpnetsecurity.com/2023/05/02/insider-attacks-damage/

• European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes

Recent research revealed that European IT and security leaders may be dangerously over-confident in their ability to avoid cyber attacks and mitigate the risk of serious data compromise. The findings reveal that most organisations have suffered a serious cyber attack in the last two years, with over half of respondents saying their company suffered an attack 1 to 3 times in this time period. Worryingly, 20% of respondents claim to have been attacked 4 to 6 times. Only 18% managed to avoid an attack altogether.

Worryingly, three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. Although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.

Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%). Alarmingly, health-related data is classified as a special category data by GDPR, meaning it requires more protection.

https://www.itsecurityguru.org/2023/05/03/european-data-at-risk-with-tick-box-gdpr-compliance-and-high-cyberattack-volumes

• Understanding Cyber Threat Intelligence for Business Security

Cyber threat intelligence is not a solution itself, but a crucial component of any mature security programme, enabling organisations to gain insights into the motives, targets and behaviours of threat actors. As such, it is crucial for businesses looking to protect themselves from the ever-evolving cyber threat landscape.

Some of the benefits of effective cyber threat intelligence to a business include early threat detection, improved response, regulation compliance, competitive advantage and cost savings. It is important to highlight that an organisation does not need to come up with their own cyber threat intelligence initiative, it can instead be purchased as a service.

https://www.forbes.com/sites/forbestechcouncil/2023/05/04/understanding-cyber-threat-intelligence-for-business-security

• Hackers Are Finding Ways to Evade Latest Cyber Security Tools

As hacking has gotten more destructive and pervasive, new defensive tools continue to be developed. One such tool is called endpoint detection and response (EDR) software, it’s designed to spot early signs of malicious activity on laptops, servers and other devices known as “endpoints” on a computer network — and block them before intruders can steal data or lock the machines.

Experts however, claim hackers have developed workarounds for some forms of the technology, allowing them to slip past products that have become the gold standard for protecting critical systems. Security software is not enough on its own, it is just one of the layers of defence that organisations should employ as part of their cyber resilience; there is no silver bullet.

https://finance.yahoo.com/news/hackers-finding-ways-evade-latest-131600565.html

• Study Shows a 27% Spike in Publicly Known Ransomware Victims

A report released this week highlights a 27% increase in publicly known ransomware victims in the first quarter of the year. Some of the report’s key findings include the fact that manufacturing, technology, education, banking, finance, and healthcare organisations are the largest to be exposed to ransomware.

The report identified an increase in the use of “double extortion” as an attack model. This method is where ransomware groups not only encrypt files but also exfiltrate data. The top five most active ransomware threat actors are LockBit, Clop, AlphV, Royal and BianLian.

https://www.msspalert.com/cybersecurity-news/guidepoint-study-shows-a-27-spike-in-public-ransomware-victims/

• Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves

A recent report found while the number of ransomware incidents that firms responded to dipped in early 2022, it came roaring back toward the end of the year and into early 2023. With this came higher ransom demands and, eventually, payments. The largest ransom demand last year was more than $90 million, with the largest payment exceeding $8 million. Both were larger than in 2021 (more than $60 million and $5.5 million respectively).

Ransomware groups are upping their attacks all the time and you don’t want to be an easy target.

https://www.theregister.com/2023/05/02/data_breach_costs_rise/

• Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers

In a significant ruling this week a court in the US found that pharmaceutical company Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection from 2017. The ruling will also undoubtedly affect the language used in underwriting policies, especially when it comes to risks such as ransomware and cyber warfare.

https://www.theregister.com/2023/05/03/merck_14bn_insurance_payout_upheld/

• 4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus

The technology industry has long been building walls around structured data and communications—with little consideration of how employees use that information. Outlined below are four 4 ways leaders can better protect raw data.

• Recognise that priorities have evolved.

• Understand that security burdens have changed.

• Understand why, despite best efforts, criminals are still successful.

• Evaluate the ways in which you are protecting your most vulnerable data.

https://www.forbes.com/sites/forbesbusinessdevelopmentcouncil/2023/05/02/4-ways-leaders-should-reevaluate-their-cybersecuritys-focus/

Threats

Ransomware, Extortion and Destructive Attacks

• Data loss costs go up, and not just from ransom shakedowns • The Register

• Pension watchdog probes Capita data hack (thetimes.co.uk)

• To Fight Ransomware, Move Beyond Detection to Real-Time Response, Fortinet Study Says - MSSP Alert

• Using Threat Intelligence to Get Smarter About Ransomware – Security Week

• Merck's $1.4B NotPetya insurance payout upheld by court • The Register

• GuidePoint Study Shows a 27% Spike in Public Ransomware Victims - MSSP Alert

• Rapture, a Ransomware Family With Similarities to Paradise (trendmicro.com)

• The Tragic Fallout From a School District’s Ransomware Breach | WIRED

• Hackers leak images to taunt Western Digital's cyber attack response (bleepingcomputer.com)

• ‘Big game hunting’ hackers ALPHV claim major breach of law firm HWL Ebsworth (afr.com)

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

• BlackCat group releases screenshots of stolen Western Digital data | CSO Online

• Ransomware Attack Affects Dallas Police, Court Websites – Security Week

• Studies show ransomware has already caused patient deaths | TechTarget

• Cold storage giant Americold outage caused by network breach (bleepingcomputer.com)

• Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients - Infosecurity Magazine (infosecurity-magazine.com)

• Payment software giant AvidXchange suffers its second ransomware attack of 2023 | TechCrunch

• Ransomware Attack Disrupts IT Network at Hardenhuish School - Infosecurity Magazine (infosecurity-magazine.com)

• City of Dallas hit by Royal ransomware attack impacting IT services (bleepingcomputer.com)

• Ransomware gang hijacks university alert system to issue threats (bleepingcomputer.com)

• Cyber attack cost conveyancing giant £7m - but the insurers paid up | News | Law Gazette

• Bitmarck Halts Operations Due to Cyber security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Teiss - News - Lockbit 3.0 targets Fullerton India, demands a £2.3 million ransom

Phishing & Email Based Attacks

• Malicious HTML Attachment Volumes Surge - Infosecurity Magazine (infosecurity-magazine.com)

• A Comprehensive Look At Email-Based Threats In 2023 (informationsecuritybuzz.com)

• How to Spot a ChatGPT Phishing Website (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Crooks show they don't need ChatGPT to scam victims • The Register

Malware

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)

• Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram – Naked Security (sophos.com)

• Security experts are using malware's own code to protect potential victims | TechSpot

• New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks (thehackernews.com)

• How to Detect and Remove a Keylogger From Your Computer (howtogeek.com)

• Hackers start using double DLL sideloading to evade detection (bleepingcomputer.com)

• Anatomy of a Malicious Package Attack (darkreading.com)

Mobile

• Android Apps Fail to Protect User Data During Device Transfer - Infosecurity Magazine (infosecurity-magazine.com)

• Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register

• Google fought a mountain of malware in 2022 | Android Central

• Google Bans Thousands of Play Store Developer Accounts to Block Malware (darkreading.com)

• Digital Intruders – Top Ways Hackers Can Breach Your Smartphone’s Security (freecodecamp.org)

• Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)

Botnets

• Cyber criminals use proxies to legitimise fraudulent requests - Help Net Security

• Bot Attacks Are Easy to Launch, Human Security Reports - MSSP Alert

Denial of Service/DoS/DDOS

• What’s the Difference Between a DOS and DDoS Attack? (howtogeek.com)

Internet of Things – IoT

• Top 5 IoT Security Risks In 2023 - The Cyber Express

• Hackers exploit 5-year-old unpatched flaw in TBK DVR devices (bleepingcomputer.com)

• CISA warns of Mirai botnet exploiting TP-Link routers • The Register

• Drone goggles maker claims firmware sabotaged to ‘brick’ devices (bleepingcomputer.com)

Data Breaches/Leaks

• Three-Quarters of Firms Predict Breach in Coming Year - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attack sparks fears that criminals could target UK gun owners for firearms | Cyber crime | The Guardian

• UK Gun Owners May Be Targeted After Rifle Association Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Kodi Forum Data Breach - Lessons Learned, Actions Taken | News | Kodi

• T-Mobile suffered the second data breach in 2023 - Security Affairs

• Sensitive data is being leaked from servers running Salesforce software | Ars Technica

• ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)

• Sensitive files about Royal Navy submarine reportedly found in pub toilet | Royal Navy | The Guardian

• Millions of patients’ data confirmed stolen after Fortra mass-hack | TechCrunch

• TikTok security breach allowed attackers to leak personal information (ynetnews.com)

Organised Crime & Criminal Actors

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market-Security Affairs

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Man Gets Four Years for Stealing Bitcoin Seized by Feds - Infosecurity Magazine (infosecurity-magazine.com)

• Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram – Naked Security (sophos.com)

• Crooks broke into AT&T email accounts to empty their crypto wallets - Security Affairs

• Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)

• Hackers stole $93M from crypto projects in April (cryptoslate.com)

Insider Risk and Insider Threats

• The costly threat that many businesses fail to address - Help Net Security

• The hidden security risks in tech layoffs and how to mitigate them | CSO Online

Fraud, Scams & Financial Crime

• Hackers swap stealth for realistic checkout forms to steal credit cards (bleepingcomputer.com)

• Advanced Fee Fraud Surges by Over 600% - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals use proxies to legitimize fraudulent requests - Help Net Security

• UK to ban all cold calls selling financial products - BBC News

• Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)

• UK intelligence agencies to step up anti-fraud efforts | Financial Times (ft.com)

• National Crime Agency urged to crush rogue US candy stores (thetimes.co.uk)

• Clampdown on cold calls and mass texting technology announced in UK | Scams | The Guardian

AML/CFT/Sanctions

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

Dark Web

• Why the Things You Don't Know about the Dark Web May Be Your Biggest Cyber security Threat (thehackernews.com)

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market - Security Affairs

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

Supply Chain and Third Parties

• How to keep calm and carry on in a supply chain attack • The Register

• Pension watchdog probes Capita data hack (thetimes.co.uk)

• SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED

• DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED

• Aviva says it thinks customer data secure after Capita cyber attack (proactiveinvestors.co.uk)

Cloud/SaaS

• Using just-in-time access to reduce cloud security risk - Help Net Security

• Cloud security threats are growing faster than ever | TechRadar

Hybrid/Remote Working

• Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)

• White House seeks information on tools used for automated employee surveillance | Computerworld

Attack Surface Management

• Reigning in ‘Out-of-Control’ Devices – Security Week

Encryption

• The UK’s online safety bill will not keep us safe | Financial Times (ft.com)

API

• Report shows 92% of orgs experienced an API security incident last year | VentureBeat

• Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)

• OpenAI Threatens Popular GitHub Project With Lawsuit Over API Use | Tom's Hardware (tomshardware.com)

• 5 API security best practices you must implement - Help Net Security

• Enterprise Strategy Group Research Reveals 75% of Organisations Change or Update APIs on a Daily or Weekly Basis (darkreading.com)

• Top API vulnerabilities organisations can't afford to ignore - Help Net Security

Open Source

• Unpaid open source maintainers struggle with increased security demands - Help Net Security

• Anatomy of a Malicious Package Attack (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• Your passwords could be cracked using thermal cameras powered by AI | TechRadar

• Your Google Account is getting rid of its password (androidpolice.com)

• PSA. Don’t share your password in your app’s release notes • Graham Cluley

Social Media

• TikTok security breach allowed attackers to leak personal information (ynetnews.com)

• Twitter outage logs you out and won’t let you back in (bleepingcomputer.com)

• Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register

• Strike 3: FTC says Meta still failing to protect privacy • The Register

Malvertising

• Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)

• LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads (thehackernews.com)

Regulations, Fines and Legislation

• European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru

• UK readers may lose access to Wikipedia amid online safety bill requirements | UK news | The Guardian

• White House unveils AI rules to address safety and privacy | Computerworld

Governance, Risk and Compliance

• Hackers Are Finding Ways to Evade Latest Cyber security Tools (yahoo.com)

• Global Cyber Attacks Rise by 7% in Q1 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• There’s No Silver Bullet for Cyber security (hbr.org)

• European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru

• Data loss costs go up, and not just from ransom shakedowns • The Register

• Boards Are Having the Wrong Conversations About Cyber security (hbr.org)

• Three-Quarters of Firms Predict Breach in Coming Year - Infosecurity Magazine (infosecurity-magazine.com)

• Uber Ex-Security Chief Joe Sullivan to Be Sentenced for Breach (gizmodo.com)

• Trends and Insights from the New Global Threat Intelligence Report - MSSP Alert

• Why Your Detection-First Security Approach Isn't Working (thehackernews.com)

• How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)

• Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)

• Reducing Your Attack Surface: A Practical Approach To Vulnerability Remediation And Management (forbes.com)

• What the Cyber security Industry Can Learn From the SVB Crisis (darkreading.com)

• 4 Ways Leaders Should Reevaluate Their Cyber security's Focus (forbes.com)

• Optimising Cyber Security Costs In A Recession (informationsecuritybuzz.com)

• Malicious content lurks all over the web - Help Net Security

• Microsoft Digital Defence Report: Key Cyber crime Trends (darkreading.com)

• Closing up holes: Infoseccers on being less reactive • The Register

• Organisations brace for cyber attacks despite improved preparedness - Help Net Security

• Global Cyber Risk Lowers to Moderate Level in 2H' 2022 (trendmicro.com)

• Japan’s ‘myth of security’ raises cyber attack risk | Financial Times (ft.com)

Secure Disposal

• Your decommissioned routers could be a security disaster | Network World

Careers, Working in Cyber and Information Security

• The importance of being certified • The Register

• UK Cyber Security Council launches certification mapping tool - Help Net Security

• DHS’ cyber talent management system slowly gaining traction | Federal News Network

• The warning signs for security analyst burnout and ways to prevent - Help Net Security

• Google Launches Cyber security Career Certificate Program (darkreading.com)

Law Enforcement Action and Take Downs

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market - Security Affairs

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Open Banking: A Perfect Storm for Security and Privacy? - SecurityWeek

• Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)

• Apple and Google Team Up to Stop Unwanted Tracking by AirTags, Other Devices - CNET

• White House seeks information on tools used for automated employee surveillance | Computerworld

• Strike 3: FTC says Meta still failing to protect privacy • The Register

Artificial Intelligence

• 5 ways threat actors can use ChatGPT to enhance attacks | CSO Online

• Workers are secretly using ChatGPT, AI, with big risks for companies (cnbc.com)

• AI will do 'real damage', warns Microsoft chief (telegraph.co.uk)

• Microsoft’s chief economist says A.I. can be dangerous | Fortune

• It's time to harden AI and ML for cyber security | TechTarget

• Stop using generative-AI tools, Samsung orders staff | Digital Trends

• ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)

• How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)

• PrivateGPT Tackles Sensitive Info in ChatGPT Prompts (darkreading.com)

• Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register

• How AI is reshaping the cyber security landscape - Help Net Security

• White House unveils AI rules to address safety and privacy | Computerworld

• How to Spot a ChatGPT Phishing Website (darkreading.com)

Misinformation, Disinformation and Propaganda

• Is misinformation the newest malware? | CSO Online

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (bleepingcomputer.com)

• Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services - SecurityWeek

• Cat and mouse game: Russian satellite appears to chase US military satellite in space (firstpost.com)

• Russian APT Nomadic Octopus hacked Tajikistani carrier - Security Affairs

• Russia’s APT28 targets Ukraine with bogus Windows updates • The Register

• Russian spy network smuggles sensitive EU tech despite sanctions | Financial Times (ft.com)

• Finnish newspaper hides Ukraine news reports for Russians in online game | Censorship | The Guardian

• Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)

Nation State Actors

• APT groups muddying the waters for MSPs | WeLiveSecurity

• China’s Hackers Vastly Outnumber US. Cyber Agents by 50 to 1, FBI Director Testifies - MSSP Alert

• Chinese APT Uses New 'Stack Rumbling' Technique to Disable Security Software - SecurityWeek

• China 'Innovated' Its Cyber attack Tradecraft, Mandia Says (darkreading.com)

• 'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware (darkreading.com)

• APT41 Subgroup Plows Through Asia-Pacific, Utilizing Layered Stealth Tactics (darkreading.com)

• APT41’s PowerShell Backdoor Download Files From Windows (cyber securitynews.com)

• US Chamber of Commerce warns of major increase in risks for businesses in China | CNN Business

• China’s ‘men in black’ step up scrutiny of foreign corporate sleuths | Financial Times (ft.com)

• Microsoft says Iranian hackers combine influence ops with hacking for maximum impact | CyberScoop

• BouldSpy Android Spyware: Iranian Government's Alleged Tool for Spying on Minority Groups (thehackernews.com)

• Attack on Security Titans: Earth Longzhi Returns With New Tricks (trendmicro.com)

• North Korean APT Gets Around Macro-Blocking With LNK Switch-Up (darkreading.com)

• ‘We have survived!’: China’s Huawei goes local in response to US sanctions | Financial Times (ft.com)

• Apple is a Chinese company | Financial Times (ft.com)

• Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)

• China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register

• Kimsuky hackers use new recon tool to find security gaps (bleepingcomputer.com)

Vulnerability Management

• Reducing Your Attack Surface: A Practical Approach To Vulnerability Remediation And Management (forbes.com)

Vulnerabilities

• WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin (searchenginejournal.com)

• Cisco discloses a bug in Prime Collaboration Deployment solution - Security Affairs

• Cisco Warns of Critical Vulnerability in EoL Phone Adapters - SecurityWeek

• Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register

• Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now (thehackernews.com)

• Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software (thehackernews.com)

• AMD TPM Exploit: faulTPM Attack Defeats BitLocker and TPM-Based Security (Updated) (msn.com)

• Chrome 113 Released With 15 Security Patches - SecurityWeek

• Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation - SecurityWeek

• Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)

• Apple Releases First-Ever Security Updates for Beats, AirPods Headphones - SecurityWeek

• Some of the top AMD chips are suffering a serious security flaw | TechRadar

Tools and Controls

• How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)

• 86 percent of developers knowingly deploy vulnerable code (betanews.com)

• The hidden security risks in tech layoffs and how to mitigate them | CSO Online

• Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)

• Reigning in ‘Out-of-Control’ Devices – Security Week

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• The pros and cons of VPNs for enterprises | TechTarget

• It's time to harden AI and ML for cyber security | TechTarget

• Using just-in-time access to reduce cloud security risk - Help Net Security

• Using multiple solutions adds complexity to your zero trust strategy - Help Net Security

• Your decommissioned routers could be a security disaster | Network World

• Wanted Dead or Alive: Real-Time Protection Against Lateral Movement (thehackernews.com)

• 5 API security best practices you must implement - Help Net Security

• 3 questions CISOs expect you to answer during a security pitch | TechCrunch

• Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)

• 4 Principles for Creating a New Blueprint for Secure Software Development (darkreading.com)

• How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)

• AppSec Making Progress or Spinning Its Wheels? (darkreading.com)

• Windows admins can now sign up for ‘known issue’ email alerts (bleepingcomputer.com)

• Top API vulnerabilities organisations can't afford to ignore - Help Net Security

• How AI is reshaping the cyber security landscape - Help Net Security

• Getting cyber-resilience right in a zero-trust world starts at the endpoint | VentureBeat

• Practical Protection: Limiting the Damage from Local Admin Accounts (practical365.com)

• To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)

• Using Threat Intelligence to Get Smarter About Ransomware – Security Week

• New Generative AI Tools Aim to Improve Security (darkreading.com)

Other News

• Firmware Looms as the Next Frontier for Cyber security (darkreading.com)

• Open Banking: A Perfect Storm for Security and Privacy? – Security Week

• Malicious content lurks all over the web - Help Net Security

• How Public-Private Information Sharing Can Level the Cyber security Playing Field (darkreading.com)

• Eric Idle tells RSAC to look in the bright side of life • The Register

• Your decommissioned routers could be a security disaster | Network World

• FBI Focuses on Cyber security With $90M Budget Request (darkreading.com)

• Google will remove secure website indicators in Chrome 117 (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month

March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.

Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.

The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.

https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/

• Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces

Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.

The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:

• Keeping up with threat intelligence (70%)

• Allocating cyber security resources and budget (47%)

• Visibility into all assets connected to the network (44%)

• Compliance and regulation (39%)

• Convergence of IT and OT (32%)

The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.

https://www.msspalert.com/cybersecurity-news/organizations-overwhelmed-with-cybersecurity-alerts-threats-and-attack-surfaces-armis-study-shows/

• One in Three Businesses Faced Cyber Attacks Last Year

Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.

Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.

https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html

• Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged

Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.

The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.

https://www.darkreading.com/vulnerabilities-threats/why-your-anti-fraud-identity-cybersecurity-efforts-should-be-merged

• Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security

With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.

Cobalt’s recent report found:

• Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.

• Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.

• Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.

https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/

• Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes

Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.

Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.

https://www.hivesystems.io/blog/are-your-passwords-in-the-green

• 83% of Organisations Paid Up in Ransomware Attacks

A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.

Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.

https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/

• Security is a Revenue Booster, Not a Cost Centre

Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.

For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.

In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.

https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center

• Ex-CEO Gets Prison Sentence for Bad Security

A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.

Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.

The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.

https://nakedsecurity.sophos.com/2023/04/18/ex-ceo-of-breached-pyschotherapy-clinic-gets-prison-sentence-for-bad-data-security/

• Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers

There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.

https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/

• KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend

KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.

The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.

Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.

https://www.itsecurityguru.org/2023/04/19/knowbe4-q1-phishing-report-reveals-it-and-online-services-emails-drive-dangerous-attack-trend/

• Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack

Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.

While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.

https://www.theguardian.com/business/2023/apr/20/capita-admits-customer-data-may-have-been-breached-during-cyber-attack

• Outdated Cyber Security Practices Leave Door Open for Criminals

A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.

https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/

• Quantifying Cyber Risk Vital for Business Survival

Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.

https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/

• Recycled Network Devices Exposing Corporate Secrets

Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.

Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.

In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.

The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.

https://www.infosecurity-magazine.com/news/recycled-network-exposing/

Threats

Ransomware, Extortion and Destructive Attacks

• 83% of organisations paid up in ransomware attacks  | VentureBeat

• March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

• Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)

• RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• UK Education Sector Suffered Most from Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs

• Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek

• LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)

• Abuse victims' data stolen in ransomware attack (rte.ie)

• Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch

• Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs

• Black Basta claims it's selling off stolen Capita data • The Register

• An Analysis of the BabLock Ransomware (trendmicro.com)

• Ransomware reinfection and its impact on businesses - Help Net Security

• Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)

• Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)

• Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)

• Medusa ransomware crew boasts of Microsoft code leak • The Register

• New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• New Qbot campaign delivers malware by hijacking business emails | CSO Online

• KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend - IT Security Guru

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET

• UK government employees receive average of 2,246 malicious emails per year - IT Security Guru

BEC – Business Email Compromise

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• US charges three men with six million dollar business email compromise plot | Tripwire

2FA/MFA

• How to Prevent 2 Common Attacks on MFA (darkreading.com)

Malware

• Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)

• New Chameleon banking trojan is stealing account info — what you need to know | Tom's Guide (tomsguide.com)

• US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)

• New QBot campaign delivered hijacking business correspondenceSecurity Affairs

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• MacStealer - newly-discovered malware steals passwords and exfiltrates data from infected Macs • Graham Cluley

• 'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)

• What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)

Mobile

• Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

Botnets

• 'Zaraza' Bot Targets Google Chrome to Extract Login Credentials (darkreading.com)

Internet of Things – IoT

• Military helicopter crash blamed on missing software patch • The Register

• Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

• Five Eye nations release new guidance on smart city cyber security | CSO Online

Data Breaches/Leaks

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)

• Volvo retailer leaks sensitive files - Security Affairs

• Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek

• Cyber attack on Insurance Information Bureau of India; data at risk - The Economic Times (indiatimes.com)

• Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek

Organised Crime & Criminal Actors

• Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

• Standardized data collection methods can help fight cyber crime | TechTarget

• Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

Insider Risk and Insider Threats

• Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Top risks and best practices for securely offboarding employees | CSO Online

• Critical Infrastructure Firms Concerned Over Insider Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How to Strengthen your Insider Threat Security - IT Security Guru

Fraud, Scams & Financial Crime

• Pre-pandemic techniques are fueling record fraud rates - Help Net Security

• HR Magazine - UK government plans to make businesses liable for employee fraud

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• Trial and error in Kuwait | CyberScoop

• US extradites Nigerian charged in $6m email fraud scam • The Register

• Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)

• Three charged over banking fraud for hire website | Computer Weekly

• On the hunt for the businessmen behind a billion-dollar scam - BBC News

• Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)

• Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur

• FTC orders payments firm to pay $650k over tech support scam • The Register

• Conversational Attacks Fastest Growing Mobile Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Fraudsters impersonating genuine providers cost £177.6m in 2022, UK Finance data suggests | Business News | Sky News

• Scammers using social media to dupe people into becoming money mules - Help Net Security

AML/CFT/Sanctions

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)

• Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek

• Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online

Dark Web

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

Supply Chain and Third Parties

• Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)

• 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant

• Capita admits customer, supplier or colleague data may have been accessed by hackers | Business News | Sky News

• Lazarus APT group employed Linux Malware in recent attacks-Security Affairs

• Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)

Software Supply Chain

• CISA Introduces Secure-by-design and Secure-by-default Development Principles – Security Week

Cloud/SaaS

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)

• Is there really a march from the public cloud back on-prem? | TechCrunch

• Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)

• Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs

Attack Surface Management

• Recycled Core Routers Expose Sensitive Corporate Network Info (darkreading.com)

Shadow IT

• The staying power of shadow IT, and how to combat risks related to it - Help Net Security

Identity and Access Management

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)

• The biggest data security blind spot: Authorization - Help Net Security

Encryption

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Crooks’ Mistaken Bet on Encrypted Phones | The New Yorker

API

• Triple-digit Increase in API and App Attacks on Tech and Retail - Infosecurity Magazine (infosecurity-magazine.com)

• There's Been a 400% Increase in Unique API Attackers - The New Stack

Open Source

• Linux kernel logic allowed Spectre attack on major cloud • The Register

• Security beyond software: The open source hardware security evolution - Help Net Security

• Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com

Passwords, Credential Stuffing & Brute Force Attacks

• How Long It Would Take A Hacker To Brute Force Your Password In 2023, Ranked | Digg

Social Media

• LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian

• Scammers using social media to dupe people into becoming money mules - Help Net Security

Regulations, Fines and Legislation

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Brit cops rapped over app that recorded 200k phone calls • The Register

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Governance, Risk and Compliance

• Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)

• Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security

• Ex-CEO of breached psychotherapy clinic gets prison sentence for bad data security – Naked Security (sophos.com)

• 'One in three firms faced cyber attacks last year' (aol.co.uk)

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

• Quantifying cyber risk vital for business survival - Help Net Security

• Wargaming an effective data breach playbook - Help Net Security

• Outdated cyber security practices leave door open for criminals - Help Net Security

• CISOs struggling to protect sensitive data records - Help Net Security

• Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)

• Gartner Top Strategic Cyber security Trends 2023

• 3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)

• Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-CIO must pay £81k over Total Shambles Bank migration • The Register

• Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security

• Top risks and best practices for securely offboarding employees | CSO Online

• How companies are struggling to build and run effective cyber security programs - Help Net Security

• Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)

• Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)

Secure Disposal

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

Backup and Recovery

• CISOs struggling to protect sensitive data records - Help Net Security

Data Protection

• Government reprimanded for serious breaches of data protection law - Jersey Evening Post

• Marketing biz sent 107M spam emails in a year, says watchdog • The Register

• Brit cops rapped over app that recorded 200k phone calls • The Register

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Careers, Working in Cyber and Information Security

• Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com

Law Enforcement Action and Take Downs

• Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes (bitdefender.com)

• Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)

• US extradites Nigerian charged in $6m email fraud scam • The Register

• How 'Operation Cookie Monster' took down a major dark web market | World Economic Forum (weforum.org)

• Three charged over banking fraud for hire website | Computer Weekly

• Police Crack Comms to Bust Money Laundering Group - Infosecurity Magazine (infosecurity-magazine.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Privacy, Surveillance and Mass Monitoring

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• What the Recent Collapse of SVB Means for Privacy (darkreading.com)

• As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)

Artificial Intelligence

• Phishing Attacks Surge as Threat Actors Leverage New AI Tools - Infosecurity Magazine (infosecurity-magazine.com)

• AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security

• Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• EU privacy regulators to create task force to investigate ChatGPT | Computerworld

• Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register

• AI-created malware sends shockwaves through cybersecurity world | Fox News

• Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online

• Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)

• ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)

Misinformation, Disinformation and Propaganda

• US citizens charged with pushing pro-Kremlin disinformation • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers targeting UK more frequently (thetimes.co.uk)

• UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure | CSO Online

• Russian hackers want to ‘disrupt or destroy’ UK infrastructure, minister warns | Hacking | The Guardian

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News

• Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)

• Meet the hacker armies on Ukraine's cyber front line - BBC News

• Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)

• Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews

• NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• US citizens charged with pushing pro-Kremlin disinformation • The Register

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• How cyber support to Ukraine can build its democratic future | CyberScoop

• Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)

• Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)

• Britain sounds alarm on spyware, mercenary hacking market | Reuters

• Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)

• The UK will need more than words in this cyber war | Financial Times (ft.com)

• Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)

Nation State Actors

• BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)

• 3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)

• UK security chief’s alert over threat from China (thetimes.co.uk)

• Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)

• Human rights groups raise alarm over UN Cyber crime Treaty • The Register

• CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)

• Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites (thehackernews.com)

• APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)

• China starts ‘surgical’ retaliation against foreign companies after US-led tech blockade | Financial Times

• Iranian-Russian cooperation on hack attacks may challenge Israeli cyber supremacy | The Times of Israel

• US charges 44 members of alleged Chinese troll army • The Register

• Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News

• Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)

• Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)

• Heightened threat of state-aligned groups against western... - NCSC.GOV.UK

• Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog

• Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets - Microsoft Security Blog

• MuddyWater Uses SimpleHelp to Target Critical Infrastructure Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)

• Iranian Nation-State Actor "Mint Sandstorm" Weaponizes N-day Flaws - Infosecurity Magazine (infosecurity-magazine.com)

• Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)

• Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)

• US imposes $300m penalty over hard disk drive exports to Huawei - BBC News

Vulnerability Management

• Military helicopter crash blamed on missing software patch • The Register

• Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

Vulnerabilities

• UK, US sound the alarm on Russians exploiting Cisco flaws • The Register

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• CISA: Patch Bug Exploited by Chinese E-commerce App - Infosecurity Magazine (infosecurity-magazine.com)

• Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)

• Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)

• Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)

• Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs

• VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek

• Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products (thehackernews.com)

• Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)

Tools and Controls

• CISA Asks Manufacturers to Prioritize Cybersecurity in Product Design - Infosecurity Magazine (infosecurity-magazine.com)

• Pen testing amid the rise of AI-powered threat actors | TechTarget

• 7 countries unite to push for secure-by-design development | CSO Online

• Wargaming an effective data breach playbook - Help Net Security

• Where There's No Code, There's No SDLC (darkreading.com)

• Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)

• DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)

• Microsoft opens up Defender with file hash, URL search • The Register

• Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)

• How to build a cybersecurity deception program | TechTarget

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek

• Threat Posed by 'Irresponsible' Use of Commercial Hacking Tools Increasing, NCSC Warns - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs struggling to protect sensitive data records - Help Net Security

• Generative AI in SecOps and how to prepare | TechTarget

• AI defenders ready to foil AI-armed attackers • The Register

• Newer Authentication Tech a Priority for 2023 (darkreading.com)

Other News

• Recycled Network Devices Exposing Corporate Secrets - Infosecurity Magazine (infosecurity-magazine.com)

• Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop

• Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)

• How to defend against TCP port 445 and other SMB exploits | TechTarget

• Criminal Records Service still disrupted 4 weeks after hack - BBC News

• Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)

• Cyberspace Solarium Commission says space systems should be considered critical infrastructure | CyberScoop

• UK Strengthens Cyber security Audits for Government Agencies - Infosecurity Magazine (infosecurity-magazine.com)

• EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com

 Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief

Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC).  Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.

Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject.  When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.

https://www.telegraph.co.uk/news/2023/01/28/business-leaders-need-hands-on-approach-stop-cyber-crime-says/

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks

Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.

"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.

BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.

https://www.darkreading.com/remote-workforce/rising-firebrick-ostrich-bec-group-launches-industrial-scale-cyberattacks

• The Corporate World is Losing its Grip on Cyber Risk

Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.

But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.

But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”

The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.

https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906

• Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks

Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.

Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.

Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.

Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.

https://www.bleepingcomputer.com/news/security/microsoft-over-100-threat-actors-deploy-ransomware-in-attacks/

• Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk

With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.

Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk.  The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.

https://www.itsecurityguru.org/2023/02/02/ransomware-conversations-why-the-cfo-is-pivotal-to-discussing-and-preparing-for-risk

• Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023

Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year. 

In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.

https://www.darkreading.com/attacks-breaches/greater-incident-complexity-a-shift-in-the-way-threat-actors-use-stolen-data-and-a-rise-in-us-class-actions-will-drive-the-cyber-threat-landscape-in-2023-according-to-beazley-report

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside

A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training. 

https://www.darkreading.com/vulnerabilities-threats/the-threat-from-within-71-of-business-leaders-surveyed-think-next-cybersecurity-breach-will-come-from-the-inside

• 98% of Organisations Have a Supply Chain Relationship That Has Been Breached

A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.

https://www.securityweek.com/98-of-firms-have-a-supply-chain-relationship-that-has-been-breached-analysis/

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.

In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.

https://www.darkreading.com/attacks-breaches/new-survey-reveals-40-of-companies-experienced-a-data-leak-in-the-past-year

• Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation

The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.

The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable.  It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.

https://www.euronews.com/2023/01/26/russian-hackers-launch-cyberattack-on-germany-in-leopard-retaliation

• Financial Services Targeted in 28% of UK Cyber Attacks Last Year

Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.

https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/

• Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For

Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.

The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.

https://www.zdnet.com/article/phishing-attacks-are-getting-scarily-sophisticated-heres-what-to-watch-out-for/

• City of London on High Alert After Ransomware Attack

A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.

https://www.infosecurity-magazine.com/news/city-of-london-high-alert/

• JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack

Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.

JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.

https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79

Threats

Ransomware, Extortion and Destructive Attacks

• City Of London Traders Hit By Russia-Linked Cyber Attack (informationsecuritybuzz.com)

• New Nevada Ransomware targets Windows and VMware ESXi systems (bleepingcomputer.com)

• City of London on High Alert After Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk - IT Security Guru

• US puts a $10m bounty on Hive while Russia shuts down access • The Register

• Copycat Criminals mimicking Lockbit gang in northern Europe security affairs

• Ransom-what? Learning from Hacked Hackers (secureworld.io)

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• Council leader 'put her foot down' and refused to pay multi-million pound ransom demand from hackers - Teesside Live (gazettelive.co.uk)

• 6 Ransomware Trends & Evolutions For 2023 (trendmicro.com)

• Cyber Attack Hits Derivatives Unit of Trading Software Firm ION - Bloomberg

• Regulators weigh in on ION attack as LockBit takes credit • The Register

• New Mimic Ransomware Abuses Windows Search Engine (cyber securitynews.com)

• Stratford University discloses ransomware attack — but which ransomware attack? (databreaches.net)

• Schools don't pay, but ransomware attacks still increasing | TechTarget

• Poser Hackers Impersonate LockBit in SMB Cyber attacks (darkreading.com)

• Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget

• Nevada Ransomware Has Released Upgraded Locker security affairs

• LockBit Green ransomware variant borrows code from Conti one security affairs

• Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com)

• Ransomware attacks on public sector persist in January | TechTarget

• Ransomware attack on data firm ION could take days to fix -sources | Reuters

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

Phishing & Email Based Attacks

• Phishing attacks are getting scarily sophisticated. Here's what to watch out for | ZDNET

• BEC Group Uses Open Source Tactics in Hundreds of Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status (darkreading.com)

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• BEC Group Uses Open Source Tactics in Hundreds of Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors - Infosecurity Magazine (infosecurity-magazine.com)

• Long Con Impersonates Financial Advisers to Target Victims (darkreading.com)

2FA/MFA

• Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)

Malware

• How Can Disrupting DNS Communications Thwart a Malware Attack? (darkreading.com)

• Hackers use new IceBreaker malware to breach gaming companies (bleepingcomputer.com)

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)

• PoS malware can block contactless payments to steal credit cards (bleepingcomputer.com)

• Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service (thehackernews.com)

• New APT34 Malware Targets The Middle East (trendmicro.com)

• HeadCrab malware targets Redis to mine cryptocurrency | TechTarget

• Malvertising attacks are distributing .NET malware loaders • The Register

• Hackers weaponize Microsoft Visual Studio add-ins to push malware (bleepingcomputer.com)

Mobile

• Google Fi data breach let hackers carry out SIM swap attacks (bleepingcomputer.com)

• Over 1,800 Android phishing forms for sale on cyber crime market (bleepingcomputer.com)

• Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

Botnets

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)

Denial of Service/DoS/DDOS

• Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)

• New DDoS-as-a-Service platform used in recent attacks on hospitals (bleepingcomputer.com)

Internet of Things – IoT

• IoT, connected devices biggest contributors to expanding application attack surface | CSO Online

• European IoT Manufacturers Lag in Vulnerability Disclosure (databreachtoday.co.uk)

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (thehackernews.com)

• Anker finally comes clean about its Eufy security cameras - The Verge

Data Breaches/Leaks

• JD Sports warns data of 10mn customers put at risk in cyber attack | Financial Times (ft.com)

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)

• Planet Ice hacked! 240,000 skating fans' details stolen (bitdefender.com)

• If a locked filing cabinet is stolen along with its key, can you still say it’s locked? GoTo thinks you can • Graham Cluley

Organised Crime & Criminal Actors

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals (darkreading.com)

• Cyber crime Ecosystem Spawns Lucrative Underground Gig Economy (darkreading.com)

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert

• Report on hackers' salaries shows poor wages for developers • The Register

• 6 Examples of the Evolution of a Scam Site (darkreading.com)

• Cyber Insights 2023: Criminal Gangs - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• ‘Everything is fake’: how global crime gangs are using UK shell companies in multi-million pound crypto scams | Organised crime | The Guardian

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• HeadCrab malware targets Redis to mine cryptocurrency | TechTarget

Insider Risk and Insider Threats

• Insider attacks becoming more frequent, more difficult to detect - Help Net Security

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber security Breach Will Come from the Inside (darkreading.com)

• Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)

• The next cyber threat may come from within - Help Net Security

• Insider threats: The cyber risks lurking in the dark (betanews.com)

• Executives Worry Equally About Insider Cyber Errors, Outsider Threats: How MSSPs Can Help - MSSP Alert

• Former Ubiquiti dev pleads guilty to data theft, extortion • The Register

Fraud, Scams & Financial Crime

• ‘Everything is fake’: how global crime gangs are using UK shell companies in multi-million pound crypto scams | Organised crime | The Guardian

• New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors - Infosecurity Magazine (infosecurity-magazine.com)

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Russian Millionaire on Trial in Hack, Insider Trade Scheme - SecurityWeek

• 6 Examples of the Evolution of a Scam Site (darkreading.com)

• Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank | Tripwire

• Romance Fraudsters Have Stolen £65m From Brits Since 2020 (informationsecuritybuzz.com)

Impersonation Attacks

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 - Infosecurity Magazine (infosecurity-magazine.com)

• Why CISOs Should Care About Brand Impersonation Scam Sites (darkreading.com)

AML/CFT/Sanctions

• As the anti-money laundering perimeter expands, who needs to be compliant, and how? - Help Net Security

Insurance

• 4 Cyber Insurance Requirement Predictions for 2023 (trendmicro.com)

Dark Web

• There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals (darkreading.com)

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert

• Report on hackers' salaries shows poor wages for developers • The Register

Supply Chain and Third Parties

• 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis - SecurityWeek

• Almost all Organisations are Working with Recently Breached Vendors - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of organisations have indirect relationships with 200+ breached fourth-party vendors - Help Net Security

• Cyber attack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? - MSSP Alert

• New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs | CSO Online

• CISA to Open Supply Chain Risk Management Office (darkreading.com)

• Cyber Insights 2023 | Supply Chain Security - SecurityWeek

Cloud/SaaS

• Misconfiguration and vulnerabilities biggest risks in cloud security: Report | CSO Online

• Hybrid cloud storage security challenges - Help Net Security

• Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security

Containers

• Researchers Claim High-Risk Vulnerabilities Found in 87% of All Container Images - Infosecurity Magazine (infosecurity-magazine.com)

Encryption

• Serious Security: The Samba logon bug caused by outdated crypto – Naked Security (sophos.com)

• Encryption Explained: At Rest, In Transit & End-To-End Encryption | Splunk

• Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse - SecurityWeek

API

• The emergence of trinity attacks on APIs - Help Net Security

• API management (APIM): What It Is and Where It’s Going security affairs

Open Source

• Microsoft upgrades Defender to lock down Linux devices • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• Bitwarden Password Manager users are being targeted by phishing ads on Google- gHacks Tech News

• KeePass disputes vulnerability allowing stealthy password theft (bleepingcomputer.com)

Social Media

• Inside TikTok’s proposal to address US national security concerns | CyberScoop

• Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)

Malvertising

• Malvertising attacks are distributing .NET malware loaders • The Register

Training, Education and Awareness

• Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)

Regulations, Fines and Legislation

• Regulators weigh in on ION attack as LockBit takes credit • The Register

• New UN cyber crime convention has a long way to go in a tight timeframe | CSO Online

Governance, Risk and Compliance

• Business leaders need hands-on approach to stop cyber crime, says spy chief (telegraph.co.uk)

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)

• Financial Services Targeted in 28% of UK Cyber-Attacks Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• 70% of CIOs anticipate their involvement in cyber security to increase - Help Net Security

• Cyber security Budgets Are Going Up. So Why Aren't Breaches Going Down? (thehackernews.com)

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk - IT Security Guru

• You Don't Know Where Your Secrets Are (thehackernews.com)

• Inability to prevent bad things from happening seen as the worst part of a security job - Help Net Security

• The corporate world is losing its grip on cyber risk | Financial Times (ft.com)

• IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance (darkreading.com)

Careers, Working in Cyber and Information Security

• Inability to prevent bad things from happening seen as the worst part of a security job - Help Net Security

• Thriving Dark Web Trade in Fake Security Certifications - Infosecurity Magazine (infosecurity-magazine.com)

• The Effect of Cyber security Layoffs on Cyber security Recruitment - SecurityWeek

• Economic headwinds could deepen the cyber security skills shortage | CSO Online

Law Enforcement Action and Take Downs

• 7 Ways Hive Ransomware Gang Caused Chaos Before FBI Hacked It (gizmodo.com)

• US puts a $10m bounty on Hive while Russia shuts down access • The Register

• Hacker accused of having stolen personal data of all Austrians security affairs

• Alleged ShinyHunters gang member in US court • The Register

• Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget

Privacy, Surveillance and Mass Monitoring

• On Data Privacy Day, Organisations Fail Data Privacy Expectations (darkreading.com)

• Hacker accused of having stolen personal data of all Austrians security affairs

• Enterprises Need to Do More to Assure Consumers About Privacy (darkreading.com)

Artificial Intelligence

• Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online

• OpenAI releases tool to detect AI-written text (bleepingcomputer.com)

• Reality check: Is ChatGPT really the next big cyber security threat? | CyberScoop

• Cyber Insights 2023: Artificial Intelligence - SecurityWeek

Misinformation, Disinformation and Propaganda

• Google deletes 50,000 pro-China fake-news vids and blogs • The Register

• Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek

• Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)

• Latvia confirms phishing attack on Ministry of Defence, linking it to Russian hacking group - The Record from Recorded Future News

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

• Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek

• Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)

• Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert

• Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)

• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)

• New APT34 Malware Targets The Middle East (trendmicro.com)

• Lazarus Group Attack Identified After Operational Security Fail - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

• Cyber Insights 2023: The Geopolitical Effect - SecurityWeek

Nation State Actors

Nation State Actors – Russia

• Russian Nuisance Hacking Group KillNet Targets Germany (govinfosecurity.com)

• Russian hackers launch cyber attack on Germany in Leopard retaliation | Euronews

• Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)

• Latvia confirms phishing attack on Ministry of Defence, linking it to Russian hacking group - The Record from Recorded Future News

• A Link to News Site Meduza Can (Technically) Land You in Russian Prison | WIRED

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

• Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek

• Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)

• Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert

• Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)

• Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)

• IT Army of Ukraine gained access to 1.5GB archive from Gazprom security affairs

• There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)

• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)

Nation State Actors – China

• Google deletes 50,000 pro-China fake-news vids and blogs • The Register

• Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign (darkreading.com)

• TikTok CEO to testify before US. Congress over security concerns | Reuters

Nation State Actors – North Korea

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Lazarus Group Attack Identified After Operational Security Fail - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)

Nation State Actors – Iran

• Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

Nation State Actors – Misc

• Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online

• New APT34 Malware Targets The Middle East (trendmicro.com)

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

Vulnerability Management

• The future of vulnerability management and patch compliance - Help Net Security

• What is the CVSS (Common Vulnerability Scoring System)? (techtarget.com)

Vulnerabilities

• Researchers to release VMware vRealize Log RCE exploit, patch now (bleepingcomputer.com)

• Patch management is crucial to protect Exchange servers, Microsoft warns security affairs

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (thehackernews.com)

• QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (thehackernews.com)

• Over 29,000 QNAP devices unpatched against new critical flaw (bleepingcomputer.com)

• Firmware Flaws Could Spell 'Lights Out' for Servers (darkreading.com)

• Why you might not be done with your January Microsoft security patches | CSO Online

• Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’ | The Daily Swig (portswigger.net)

• HPE, NetApp warn of critical open-source bug | SC Media (scmagazine.com)

• High-severity bug in F5 BIG-IP can lead to code execution and DoS security affairs

• Cisco fixes bug allowing backdoor persistence between reboots (bleepingcomputer.com)

• Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability (thehackernews.com)

• CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (thehackernews.com)

• Threat activity increasing around Fortinet VPN vulnerability | TechTarget

• Remote code execution exploit chain available for VMware vRealize Log Insight | CSO Online

Tools and Controls

• Gartner report shows zero trust isn’t a silver bullet | VentureBeat

Other News

• We can't rely on goodwill to protect our critical infrastructure - Help Net Security

• Playing Military Sim War Thunder May Get You Classed as a National Security Risk

• Cyber attacks in space: How safe are our satellites? | Metro News

• Threat Actors Use ClickFunnels to Bypass Security Services - Infosecurity Magazine (infosecurity-magazine.com)

• Massive Microsoft 365 outage caused by WAN router IP change (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Russian Sanctions Instigator Lloyd's Possibly Hit by Cyber Attack

Lloyd’s of London, the London-based insurance market heavily involved in implementing sanctions against Russia, may have been hit by a cyber-attack. On Wednesday, October 5, 2022, the British insurance market revealed it had detected “unusual activity” on its systems and has turned off all external connectivity “as a precautionary measure.”

“We have informed market participants and relevant parties, and we will provide more information once our investigations have concluded,” said a Lloyd’s spokesperson.

The company did not comment on whether or not it has been contacted by hackers, if a ransom demand has been issued, or on the possible source of the attack.

However, the insurance market has been closely involved with the design and implementation of sanctions imposed on Russia in response to its invasion of Ukraine – a potential motive for the attack. Lloyd’s itself has confirmed it was working closely with British and international governments to implement such sanctions.

Around 100 insurance syndicates operate at Lloyd's.

Earlier in 2022, Lloyd’s instructed its 76 insurance syndicates to remove “nation-state-backed cyber attacks” from insurance policies by March 2023, as well as losses “arising from a war.”

https://www.infosecurity-magazine.com/news/lloyds-possibly-hit-by-cyberattack/

• Former Uber Security Chief Convicted of Covering Up Data Breach

Uber’s former head of security has been convicted of covering up a 2016 data breach at the rideshare giant, hiding details from US regulators and paying off a pair of hackers in return for their discretion.

The trial, closely watched in cyber security circles, is believed to be the first criminal prosecution of a company executive over the handling of a data breach.

Joe Sullivan, who was fired in 2017 over the incident, was found guilty by a San Francisco jury of obstructing an investigation by the Federal Trade Commission. At the time of the 2016 breach, the regulator had been investigating the car-booking service over a different cyber security lapse that had occurred two years earlier.

Jurors also convicted Sullivan of a second count related to having knowledge of but failing to report the 2016 breach to the appropriate government authorities. The incident eventually became public in 2017 when Dara Khosrowshahi, who had just taken over as chief executive, disclosed details of the attack.

Prosecutors said Sullivan had taken steps to make sure data compromised in the attack would not be revealed. According to court documents, two hackers approached Sullivan’s team to notify Uber of a security flaw that exposed the personal information of almost 60mn drivers and riders on the platform.

https://www.ft.com/content/051af6a1-41d1-4a6c-9e5a-d23d46b2a9c9

• First 72 Hours of Incident Response Critical to Taming Cyber Attack Chaos

Cyber security professionals tasked with responding to attacks experience stress, burnout, and mental health issues that are exacerbated by a lack of breach preparedness and sufficient incident response practice in their organisations.

A new IBM Security-sponsored survey published this week found that two-thirds (67%) of incident responders suffer stress and anxiety during at least some of their engagements, while 44% have sacrificed the well-being of their relationships, and 42% have suffered burnout, according to the survey conducted by Morning Consult. In addition, 68% of incidents responders often have to work on two or more incidents at the same time, increasing their stress, according to the survey's results.

Companies that plan and practice responding to a variety of incidents can lower the stress levels of their incident responders, employees, and executives, says John Dwyer, head of research for IBM Security's X-Force response team.

"Organisations are not effectively establishing their response strategies with the responders in mind — it does not need to be as stressful as it is," he says. "There is a lot of time when the responders are managing organisations during an incident, because those organisations were not prepared for the crisis that occurs. These attacks happen every day."

The IBM Security-funded study underscores why the cyber security community has focused increasingly on the mental health of its members. About half (51%) of cyber security defenders have suffered burnout or extreme stress in the past year, according to a VMware survey released in August 2021. Cyber security executives have also spotlighted the issue as one that affects the community and companies' ability to retain skilled workers.

https://www.darkreading.com/attacks-breaches/incident-response-s-first-72-hours-critical-to-taming-chaos

• Email Defences Under Siege: Phishing Attacks Dramatically Improve

This week's report that cyber attackers are laser-focused on crafting attacks specialised to bypass Microsoft's default security showcases an alarming evolution in phishing tactics, security experts said this week.

Threat actors are getting better at slipping phishing attacks through the weak spots in platform email defences, using a variety of techniques, such as zero-point font obfuscation, hiding behind cloud-messaging services, and delaying payload activation, for instance. They're also doing more targeting and research on victims.

As a result, nearly 1 in 5 phishing emails (18.8%) bypassed Microsoft's platform defences and landed in workers' inboxes in 2022, a rate that increased 74% compared to 2020, according to research published by cyber security firm Check Point Software. Attackers increasingly used techniques to pass security checks, such as Sender Policy Framework (SPF), and obfuscate functional components of an e-mail, such as using zero-size fonts or hiding malicious URLs from analysis.

The increasing capabilities of attackers is due to the better understanding of current defences, says Avanan, an email security firm acquired by Check Point in August 2021.

"It is a family of 10 to 20 techniques, but they all lead to the objective of deceiving a company's security layers," he says. "The end result is always an email that looks genuine to the recipient but looks different to the algorithm that analyses the content."

Microsoft declined to comment on the research. However, the company has warned of advanced techniques, such as adversary-in-the-middle phishing (AiTM), which uses a custom URL to place a proxy server between a victim and their desired site, allowing the attacker to capture sensitive data, such as usernames and passwords. In July, the company warned that more than 10,000 organisations had been targeted during one AiTM campaign.

https://www.darkreading.com/remote-workforce/email-defenses-under-siege-phishing-attacks-dramatically-improve

• Remote Services Are Becoming an Attractive Target for Ransomware

Stolen credentials are no longer the number one initial access vector for ransomware operators looking to infect a target network and its endpoints - instead, they’ve become more interested in exploiting vulnerabilities found in internet-facing systems.

A report from Secureworks claims ransomware-as-a-service developers are quick to add newly discovered vulnerabilities into their arsenals, allowing even less competent hackers to exploit them swiftly, and with relative ease.

In fact, the company's annual State of the Threat Report reveals that flaw exploitation in remote services accounted for 52% of all ransomware incidents the company analysed over the last 12 months.

Besides remote services, Secureworks also spotted a 150% increase in the use of infostealers, which became a “key precursor” to ransomware. Both these factors, the report stresses, kept ransomware as the number one threat for businesses of all sizes, “who must fight to stay abreast of the demands of new vulnerability prioritisation and patching”.

All things considered, ransomware is still the biggest threat for businesses. It takes up almost a quarter of all attacks that were reported in the last 12 months, Secureworks says, and despite law enforcement being actively involved, operators remained highly active.

https://www.techradar.com/news/remote-services-are-becoming-an-attractive-target-for-ransomware

• Growing Reliance on Cloud Brings New Security Challenges

There was a time when cloud was just a small subset of IT infrastructure, and cloud security referred to a very specific set of tasks. The current reality is very different, organisations are heavily dependent on cloud technologies and cloud security has become a much more complex endeavour.

Organisations increasingly rely on the cloud to deliver new applications, reduce costs, and support business operations. One in every four organisations already have majority workloads in the cloud, and 44% of workloads currently run in some form of public cloud, says Omdia, a research and advisory group.

Practically every midsize and large organisation now operates in some kind of a hybrid cloud environment, with a mix of cloud and on-premises systems. For most organisations, software-as-a-service constitute the bulk (80%) of their cloud environments, followed by infrastructure-as-a-service and platform-as-a-service deployments.

In the past, cloud security conversations tended to focus on making sure cloud environments are being configured properly, but cloud security nowadays goes far beyond just configuration management. The sprawling cloud environment means security management has to be centralised, Omdia said. Security functions also need to be integrated into existing application deployment workflows.

On top of all of this, multicloud is becoming more common among organisations as they shift their workloads to avoid being dependent on a single platform. The three major cloud providers – Amazon Web Services, Microsoft Azure, and Google Cloud Platform – account for 65% of the cloud market.

https://www.darkreading.com/dr-tech/growing-reliance-on-cloud-brings-new-security-challenges

• Many IT Pros Don’t Think a Ransomware Attack Can Impact Microsoft 365 Data

The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with 20% of attacks happening in the last year.

Cyber attacks are happening more frequently. Last year’s ransomware survey revealed that 21% of companies experienced an attack. This year it rose by three percent to 24%.

“Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. Our survey shows that many in the IT community have a false sense of security. As bad actors develop new techniques, companies like ours have to do what it takes to come out ahead and protect businesses around the world,” said Hornetsecurity.

The report highlighted a lack of knowledge on the security available to businesses. 25% of IT professionals either don’t know or don’t think that Microsoft 365 data can be impacted by a ransomware attack.

Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.

“Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can backup their Microsoft 365 data securely and protect themselves from such attacks,” said Hofmann.

https://www.helpnetsecurity.com/2022/10/03/ransomware-attack-impact-microsoft-365-data/

• Ransomware Group Bypasses "Enormous" Range of EDR Tools

A notorious ransomware group has been spotted leveraging sophisticated techniques to bypass endpoint detection and response (EDR) tools.

BlackByte, which the US government has said poses a serious threat to critical infrastructure, used a “Bring Your Own Driver” technique to circumvent over 1000 drivers used by commercially available EDR products, according to Sophos. The UK cyber security vendor explained in a new report that the group had exploited a known vulnerability, CVE-2019-16098, in Windows graphics utility driver RTCorec6.sys. This enabled it to communicate directly with a victim system’s kernel and issue commands to disable callback routines used by EDR tools.

The group also used EDR bypass techniques borrowed from open source tool EDRSandblast to deactivate the Microsoft-Windows-Threat-Intelligence ETW (Event Tracing for Windows) provider. This is a Windows feature “that provides logs about the use of commonly maliciously abused API calls such as NtReadVirtualMemory to inject into another process’s memory,” explained Sophos. Neutralising it in this way renders any security tool relying on the feature also useless, the firm argued.

“If you think of computers as a fortress, for many EDR providers, ETW is the guard at the front gate,” said Sophos. “If the guard goes down, then that leaves the rest of the system extremely vulnerable. And, because ETW is used by so many different providers, BlackByte’s pool of potential targets for deploying this EDR bypass is enormous.”

BlackByte is not the only ransomware group using these advanced techniques to get around existing detection tools, illustrating the continued arms race between attackers and defenders. AvosLocker used a similar method in May, Sophos said. “Anecdotally, from what we’re seeing in the field, it does appear that EDR bypass is becoming a more popular technique for ransomware threat groups,” the firm confirmed. “This is not surprising. Threat actors often leverage tools and techniques developed by the ‘offensive security’ industry to launch attacks faster and with minimal effort.”

https://www.infosecurity-magazine.com/news/ransomware-bypasses-enormous-range/

• MS Exchange Zero-Days: The Calm Before the Storm?

Two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

But mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working on the patches.

The two vulnerabilities were publicly documented last Wednesday, by researchers with Vietnamese company GTSC, and Microsoft soon after sprung into (discernible) action by offering customer guidance, followed by an analysis of the attacks exploiting the two vulnerabilities. Several changes have been made to the documents since then, after the company found and other researchers pointed out several shortcomings.

Microsoft says its threat analysts observed “activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks,” and that the attackers breached fewer than 10 organisations globally. “MSTIC assesses with medium confidence that the single activity group is likely to be a state-sponsored organisation,” they added.

The other good news is there are still no public exploits for the two vulnerabilities. But, Microsoft says, “Prior Exchange vulnerabilities that require authentication have been adopted into the toolkits of attackers who deploy ransomware, and these vulnerabilities are likely to be included in similar attacks due to the highly privileged access Exchange systems confer onto an attacker.”

Enterprise defenders should expect trouble via this attack path in the near future, it seems, so keeping abreast of the changing situation and springing into action as quickly as possible once the patches are made available is advised. Scammers have since started impersonating security researchers and offering non-existing PoC exploits for CVE-2022-41082 for sale via GitHub

https://www.helpnetsecurity.com/2022/10/03/ms-exchange-cve-2022-41040-cve-2022-41082/

• Average Company with Data in the Cloud Faces $28 Million in Data-Breach Risk

Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous amount of cloud data exposed to insider threats and cyber attacks, according to Varonis.

For the report, researchers analysed nearly 10 billion cloud objects (more than 15 petabytes of data) across a random sample of data risk assessments performed at more than 700 companies worldwide. In the average company, 157,000 sensitive records are exposed to everyone on the internet by SaaS sharing features, representing $28 million in data-breach risk, Varonis researchers have found.

One out of every 10 records in the cloud is exposed to all employees — creating an impossibly large internal blast radius, which maximises damage during a ransomware attack. The average company has 4,468 user accounts without MFA enabled, making it easier for attackers to compromise internally exposed data.

Out of 33 super admin accounts in the average organisation, more than half did not have MFA enabled. This makes it easier for attackers to compromise these powerful accounts, steal more data, and create backdoors. Companies have more than 40 million unique permissions across SaaS applications, creating a nightmare for IT and security teams responsible for managing and reducing cloud data risk.

“Cloud security shouldn’t be taken for granted. When security teams lack critical visibility to manage and protect SaaS and IaaS apps and services, it’s nearly impossible to ensure your data isn’t walking out the door,” said Varonis. “This report is a true-to-life picture of over 700 real-world risk assessments of production SaaS environments. The results underscore the urgent need for CISOs to uncover and remediate their cloud risk as quickly as possible.”

https://www.helpnetsecurity.com/2022/10/05/company-data-breach-risk/

• Secureworks Finds Network Intruders See Little Resistance

Attackers who break into networks only need to take a few basic measures in order to avoid detection.

Security vendor Secureworks said in its annual State of the Threat report that it observed several data breaches between June 2021 and June 2022 and found that, by and large, once network intruders gained a foothold on the targets' environment, they had to do relatively little to stay concealed.

"One thing that is notable about them is that none of these techniques are particularly sophisticated," the vendor said. "That is because threat actors do not need them to be; the adversary will only innovate enough to achieve their objectives. So there is a direct relationship between the maturity of the controls in a target environment and the techniques they employ to bypass those controls."

Among the more basic measures taken by the attackers was coding their tools in newer languages such as Go or Rust. This tweak created enough of a difference in the software to evade signature-checking tools, according to Secureworks' report. In other cases, the network intruders hid their activity by packing their malware within a trusted Windows installer or by sneaking it into the Authenticode signature of a trusted DLL. In another case, a malware infection was seen moving data out of the victim's network via TOR nodes. While effective, Secureworks said the techniques are hardly innovative. Rather, they indicate that threat actors find themselves only needing to do the bare minimum to conceal themselves from detection.

https://www.techtarget.com/searchsecurity/news/252525696/Secureworks-finds-network-intruders-see-little-resistance

• Regulations, Laws and Accountability are Changing the Cyber Security Landscape

As cyber criminals continue to develop new ways to wreak havoc, regulators have been working to catch up. They aim to protect data and consumers while avoiding nation-state attacks that are a risk to national and economic security. But some of these regulations may provide an opportunity for MSSPs.

Some of these regulations are a response to what’s generally been a hands-off approach to telling organisations what to do. Unfortunately, cyber security isn’t always prioritised when budgets and resources are allocated. The result is a steadily rising tide of breaches and exploits that have held organisations hostage and made private information available on the dark web.

The new regulations are coming from all directions: at the state and federal levels in the US and around the world. While many of these regulations aren’t yet final, there’s no reason not to start aligning with where trends will ease the impact of changing rules. At the same time, many organisations want to hold the government responsible for some kinds of attacks. It will be interesting to see how regulating works, as most politicians and bureaucrats aren’t known for their technological savvy.

In the US, for example, new regulations are in development in the Federal Trade Commission, Food and Drug Administration, Department of Homeland Security, Department of Transportation, Department of Energy, and the Cybersecurity and Infrastructure Security Agency. Thirty-six states have enacted cyber security legislation, and the count increases as other countries join.

One of the motivating factors for all these new regulations is that most cyber attacks aren’t reported. Lawmakers realise cyber security threats continue to be one of the top national security and economic risks. In the last year and a half (2020-2022), there have been attacks on America’s gas supply, meat supply, and various other companies, courts, and government agencies. One FBI cyber security official estimated the government only learns about 20% to 25% of intrusions at US business and academic institutions.

In March, Congress passed legislation requiring critical infrastructure operators to report significant cyber attacks to CISA within 72 hours of learning about the attack. It also required them to report a ransomware payment within 24 hours. These regulations will also consider reporting “near misses” so that this data can also be studied and tracked. The problem is, how does one define a “near miss”?

https://www.msspalert.com/cybersecurity-guests/regulations-laws-and-accountability-are-changing-the-cybersecurity-landscape/

• This Year’s Biggest Cyber Threats

OpenText announced the Nastiest Malware of 2022, a ranking of the year’s biggest cyber threats. For the fifth year running, experts combed through the data, analysed different behaviours, and determined which malicious payloads are the nastiest.

Emotet regained its place at the top, reminding the world that while affiliates may be taken down, the masterminds are resilient. LockBit evolved its tactics into something never seen before: triple extortion. Analysis also revealed an almost 1100% increase in phishing during the first four months of 2022 compared to the same period in 2021, indicating a possible end to the “hacker holiday,” a hacker rest period following the busy holiday season.

“The key takeaway from this year’s findings is that malware remains centre stage in the threats posed towards individuals, businesses, and governments,” said OpenText.

“Cyber criminals continue to evolve their tactics, leaving the infosec community in a constant state of catch-up. With the mainstream adoption of ransomware payloads and cryptocurrency facilitating payments, the battle will continue. No person, no business—regardless of size—is immune to these threats.”

While this year’s list may designate payloads into different categories of malware, it’s important to note many of these bad actor groups contract work from others. This allows each group to specialise in their respective payload and perfect it.

https://www.helpnetsecurity.com/2022/10/06/2022-nastiest-malware/

Threats

Ransomware and Extortion

• Ransomware Attacks On The Rise, Secureworks Reveals in its State of the Threat Report - MSSP Alert

• Ransomware: This is how half of attacks begin, and this is how you can stop them | ZDNET

• Fake adult sites push data wipers disguised as ransomware (bleepingcomputer.com)

• Ferrari Hit By Ransomware Attack: 7 GB Of Data Published Online – Expert (informationsecuritybuzz.com)

• BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions (thehackernews.com)

• BlackByte ransomware abuses legit driver to disable security products (bleepingcomputer.com)

• Ransomware attacks ravage schools, municipal governments (techtarget.com)

• Ransomware 3.0: The Next Frontier (darkreading.com)

• More and more ransomware is just data theft, no encryption • The Register

• Netwalker ransomware affiliate sentenced to 20 years in prison (bleepingcomputer.com)

• Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs

• ADATA denies RansomHouse cyber attack, says leaked data from 2021 breach (bleepingcomputer.com)

• Avast releases a free decryptor for some Hades ransomware variants - Security Affairs

• Cyber criminals Leak LA School Data After It Refuses to Ransom (vice.com)

• How Ransomware Is Causing Chaos in American Schools (vice.com)

• Ransomware hunters: the self-taught tech geniuses fighting cyber crime | Cyber crime | The Guardian

BEC – Business Email Compromise

• BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)

• Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg

Phishing & Email Based Attacks

• Hackers Can Use 'App Mode' in Chromium Browsers' for Stealth Phishing Attacks (thehackernews.com)

• Phishing Campaigns Target KFC, McDonald's in Saudi Arabia, UAE, Singapore - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Callback phishing attacks evolve their social engineering tactics (bleepingcomputer.com)

• 3 ways enterprises can mitigate social engineering risks - Help Net Security

Malware

• OpenText Releases List Of The Year’s “Nastiest” Malware - MSSP Alert

• This devious malware is able to disable your antivirus | TechRadar

• Bumblebee Malware Loader's Payloads Significantly Vary by Victim System (darkreading.com)

• Eternity Group Hackers Offering New LilithBot Malware-as-a-Service to Cyber criminals (thehackernews.com)

• Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)

• NullMixer Dropper Delivers a Multimalware Code Bomb (darkreading.com)

• Maggie malware already infected over 250 Microsoft SQL servers - Security Affairs

Mobile

• Android Spyware 'RatMilad' Targets Enterprise Devices in Iran - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• 7 IoT Devices That Make Security Pros Cringe (darkreading.com)

• Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast (darkreading.com)

• Acronis founder is afraid of his own vacuum cleaner • The Register

Data Breaches/Leaks

• “Egypt Leaks” – Hacktivists are Leaking Financial Data - Security Affairs

• No Shangri-La for you: Top hotel chain confirms data leak • The Register

• Home Office reprimanded after sensitive counter-terror documents left at London venue | The Independent

• NSA: Someone hacked military contractor and stole data • The Register

• City of Tucson discloses data breach affecting over 123,000 people (bleepingcomputer.com)

• Optus Says ID Numbers of 2.1 Million Compromised in Data Breach | SecurityWeek.Com

• Aussie Telco Telstra Breached, Reportedly Exposing 30,000 Employees' Data (darkreading.com)

• 2K warns users their info has been stolen following breach of its help desk | Ars Technica

• Russian retail chain 'DNS' confirms hack after data leaked online (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Breaking: Scams Linked To Crypto Soared By 335% (informationsecuritybuzz.com)

• Hacker steals $566 million worth of crypto from Binance Bridge (bleepingcomputer.com)

• Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)

• Binance Says $100 Million Stolen in Latest Crypto Hack (gizmodo.com)

• Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)

Insider Risk and Insider Threats

• Why Don't CISOs Trust Their Employees? (darkreading.com)

• Meta sues app dev for stealing over 1 million WhatsApp accounts (bleepingcomputer.com)

• To avoid insider threats, try empathy - Help Net Security

• Microsoft publishes report on holistic insider risk management - Microsoft Security Blog

• Unearth offboarding risks before your employees say goodbye - Help Net Security

• Splunk alleges source code theft by former employee • The Register

• Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government (thehackernews.com)