Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year

A survey of more than 1,200 UK businesses of all sizes across multiple industries conducted by Aviva found that a fifth of UK businesses were victims to cyber attacks in the past year. The report found that businesses were 67% more likely to have experienced a cyber incident than a physical theft and five times more likely to have experienced a cyber attack than a fire.

When it came to the fallout from a cyber attack, 31% of businesses experienced operational disruption and 20% admit to not being confident in knowing what to do should this happen. This lack of confidence rises to more than a quarter (27%) for small businesses, who appear to be the most vulnerable to such a risk. Financially, the average incident was found to cost £21,000, however this figure is likely to be more given the further implications that result from a cyber attack.

Sources: [Insurance Age] [theHRD] [Infosecurity Magazine]

Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says UK Government

The UK government has accused Russia's Federal Security Service (FSB), successor to the KGB, of conducting a prolonged cyber hacking campaign since at least 2015, targeting politicians, journalists, academics, and others through sophisticated attacks that included the creation of false accounts. This accusation, part of a coordinated effort with the US, aims to disrupt FSB operations and raise awareness ahead of major elections. This comes as a recent report by Palo Alto Networks' Unit 42 found that the Russia-linked APT28 group, also known as “Forest Blizzard” or “Fancybear,” has exploited a Microsoft Outlook vulnerability to target European NATO members. Active since 2007 and linked to the Russian military, APT28's recent campaigns have focused on government, energy, transportation, and NGOs in the US, Europe, and the Middle East. These incidents highlight the critical need for enhanced cyber security measures and international cooperation to counter sophisticated and evolving cyber threats, ensuring the security of sensitive sectors and the integrity of global democratic processes.

Sources: [BBC News] [ Security Affairs]

NCSC CTO: Cyber Security is Essential, Not Optional

Ollie Whitehouse, Chief Technology Officer (CTO) of the UK’s NCSC has argued in a recent keynote that extra security features should not be a premium feature, highlighting the importance of vendors adopting a secure-by-design method, rather than implementing security upcharges where vendors charge extra for users to secure their product.

The speech also noted that organisations should utilise the tools that are already available to them, on top of maintaining a focus on user awareness.

Sources:  [Infosecurity Magazine] [Dark Reading]

69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs

According to a survey, 75% of respondents reported being targeted by ransomware in the past year, and of those, 69% paid the ransom. 54% of those who paid the ransom, suffered financial ramifications of $100,000 or more. It is unclear whether the research includes further implications such as regulatory fines, loss of work, reputational damage, and cost of down-time.

A separate study found that ransomware attacks costs are directly contributing to rising inflation in the UK, as businesses face an average increase of 17% to their costs following an attack. Cumulatively, 68% of the companies represented in the survey reported they had increased prices by at least 11% as a direct result of suffering an attack. In addition, of those falling victim to ransomware, 70% believed their business would have to close if they suffered another attack. When it came to the time lost to dealing with ransomware, companies took an average of two months to recover from an attack and 16% took between three and six months.

Sources: [ITPro] [Beta News] [Security Magazine]

75% of Sports Related Passwords are Reused Across Accounts

According to a recent Bitwarden report, 33% of Americans have used a sports-themed password. This figure rose to 49% for those ages 18-34. Of those, 75% admitted to using it across multiple accounts. Password re-use a common issue globally: by re-using passwords, users are multiplying the likelihood of being breached by an attacker. Additionally, this can crossover to the corporate environment, where users’ personal breached credentials can be utilised to get into their corporate account.

Sources:  [Security Magazine] [Help Net Security]

Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift

As ransomware continues to rise, we can expect groups to evolve their attacks, operating on a larger scale for bigger profits, especially following large-scale supply chain attacks in the past 12 months. Ransomware has solidified its position as the predominant security threat in 2023, with a record number of victims. A recent report highlighted a 46% increase in cyber extortion and ransomware attacks compared to previous years. This trend shows ransomware evolving into a profitable microcosm, akin to a startup ecosystem, with more groups emerging as disruptors and newcomers. In response, organisations are increasingly turning to services that lend-out cryptocurrency, a frequent ransomware payment method. With changing tactics and the formation of new groups, it's crucial for leaders to prepare their 2024 security strategies now, ensuring they have a robust plan in place to counter ransomware threats to their organisations.

Sources: [Barrons] [Help Net Security] [Computer Weekly]

Ransomware, Vendor Hacks Push Breach Number to Record High

The world is experiencing a significant rise in data breaches, reaching a record high with more than 360 million individuals affected in the first eight months of 2023 in the US alone, according to a joint report from Apple and an MIT researcher. This alarming increase includes a notable surge in ransomware attacks, which have escalated by nearly 70% compared to 2022. The healthcare sector is particularly vulnerable, with 60% of organisations reporting ransomware attacks in 2023, an increase from 34% in 2021. The largest health data breach this year impacted 11 million people at HCA Healthcare. A critical factor in these breaches is the exploitation of third-party vendors, as seen in attacks on Progress Software's MOVEit and Fortra's GoAnywhere applications. These incidents highlight the urgent need for organisations to prioritise data security, especially in managing relationships with vendors, to protect sensitive information and mitigate the growing threat of cyber attacks.

Source: [Info Risk Today]

Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure

News of one of the UK’s most high profile nuclear power stations, Sellafield, being hacked, with fears that highly sensitive information has been accessible for years, has led to new calls for the UK to tighten up security of its vital infrastructure. Rather worryingly, The Guardian have added that it discovered that authorities were unaware of its first compromise, but it has been detected as far back as 2015.

Sources: [Emerging Risks]

Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?

Conveyancing firms across the UK faced significant disruption when they discovered blank screens on their computers due to a problem originating from CTS, a cloud hosting provider widely used for legal applications. This unexpected issue led many within these affected firms to hastily purchase new laptops to regain partial access to emails and documents, but their case management systems remained largely inaccessible. Firms had to devise manual workarounds to keep transactions moving, amidst concerns about the safety of client data and funds. While most firms have found ways to progress with exchanges and completions, the reliance on cumbersome manual processes and limited access to client data and financial systems has more than doubled the workload. This situation raises several questions about the preparedness and resilience of paperless (or paper-light) office environments, the adequacy of backup systems, and potential compensation for those inconvenienced. The immediate focus, however, is on collaborative efforts to ensure as many clients as possible can move into their new homes before Christmas.

Source: [Property Industry Eye]

US Government Agency Was Hacked Thanks to 'End of Life' Software

The US Cyber security and Infrastructure Security Agency (CISA) recently issued a warning about two cyber attacks on an undisclosed federal agency, exploiting a vulnerability in outdated Adobe ColdFusion software. This software, now end-of-life, no longer receives updates, leaving the agency vulnerable and unable to apply security patches. The attacks, which occurred in June and July, appeared to be reconnaissance efforts to map the agency's network, with no evidence of malware installation or data exfiltration. However, it's unclear if the same hackers were behind both incidents. Microsoft Defender for Endpoint detected and limited the hackers' activities. This situation underscores the significant risks associated with running end-of-life software, highlighting the need for organisations to update or replace such software to protect against potential cyber threats.

Source:[ TechCrunch]

Digital Transformation, Security Implications, and their Effects on The Modern Workplace

The vast majority of digital transformation projects will have implications for your cyber security, yet too often this is overlooked with the focus on delivery of the project or the functionality it will bring. Thinking about security after the fact is not only more expensive and less efficient, but can also mean dangerous gaps remaining open in the meantime. In this era, where remote work and public network access are prevalent, the lack of a robust cyber security framework significantly undermines the digital transformation process. Continuous employee education on digital threats and proactive cyber security measures are not just add-ons but essential components of a successful digital transformation. As businesses move towards 2024, integrating advanced cyber security practices is as crucial as adopting new technologies for a truly effective and secure digital transformation.

Source:[ Forbes]

Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach

With 90% of the largest energy companies globally experiencing a third-party breach in the past 12 months, it is no wonder the sector is shaken. In the US, 100% of the top 10 US energy providers suffered a breach and in total, 98% of the organisations in the research used at least one third party vendor that had experienced a breach in the last two years.

Third-party breaches are a concern for any organisation. It is important to know who has access to your organisation’s data, and what security controls they have in place to protect it. Organisations can benefit from firstly identifying who has their information and then conducting supply chain risk assessments to understand what information is held and how it is protected.

Sources: [Help Net Security]

Report Reveals Sorry State of Cyber Security at UK Football Clubs

A new report reveals a concerning lack of cyber resilience within UK football clubs, extending from the Premier League downwards. The industry, increasingly targeted by cyber attacks, suffers from a disconnect between the perceived and actual risk levels. Key findings include a general lack of cyber maturity, outdated approaches to cyber security, and a scarcity of dedicated IT and cyber security roles, including Chief Information Security Officers (CISOs). Despite significant financial investments in players, there's reluctance from club boards to allocate sufficient resources for cyber security. The report underscores the need for comprehensive training, increased awareness of security risks across all levels of club operations, and the hiring of dedicated cyber security professionals. This situation calls for an industry-wide standard for cyber security budgets, scaled according to the club's size and turnover, to adequately address these emerging digital threats.

Source: [Computer Weekly]

Governance, Risk and Compliance

• A fifth of UK businesses victims of cyber attacks in past year - Insurance Age

• Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)

• NCSC's Ollie Whitehouse on Why Cyber Security is Essential, Not Optional - Infosecurity Magazine (infosecurity-magazine.com)

• Digital Transformation And Its Effects On The Modern Workplace (forbes.com)

• UK Cyber CTO: Vendors' Security Failings Are Rampant (darkreading.com)

• Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)

• Cyber security is a Team Sport (darkreading.com)

• 2024 will see wave after wave of cyber attacks | theHRD (thehrdirector.com)

• Doing More With Less: Cyber Security Tools And Budget Efficiency (forbes.com)

• Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard

• SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)

• CISOs are getting more help after cyber attacks, but often it isn't helping | TechRadar

• Maximizing cyber security on a budget - Help Net Security

• Cyber and remote working: How Covid moved the cursor | Computer Weekly

• Why effective cyber security is more important than ever for European family offices | Campden FB

• Liability Fears Damaging CISO Role, Says Former Uber CISO - Infosecurity Magazine (infosecurity-magazine.com)

• Building cyber-resilience: Security, compliance, governance, and privacy - Digital Journal

• Massive Consolidated Lawsuit Blazes Trail for Hacking Litigation (bloomberglaw.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 69% of organisations facing ransomware attacks paid the ransom | Security Magazine

• 2023 may have seen highest ransomware ‘body count’ yet | Computer Weekly

• Cyber attacks surge in 2023, as millions fall victim to ransomware: Report (yahoo.com)

• Ransomware attack costs are driving up inflation in the UK | ITPro

• Ransomware ramped up against private sector in November | TechTarget

• BlackCat threatens to directly extort vendor's customers • The Register

• New wave of ransomware attacks plague US critical infrastructure post-Thanksgiving (axios.com)

• How Ransomware Gangs Are Fueling a New Cyber Security Arms Race - Barron's (barrons.com)

• Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)

• Expert warns of Turtle macOS ransomware (securityaffairs.com)

• Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)

• Linux version of Qilin ransomware focuses on VMware ESXi (bleepingcomputer.com)

• 75% of the Industrial Sector Experienced a Ransomware Attack in the Past Year, Claroty Study Finds (prnewswire.com)

• LockBit Remains Top Global Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Wanted: top three most prolific ransomware gangs revealed! (techinformed.com)

• BlackSuit ransomware - what you need to know | Tripwire

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

• Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)

Ransomware Victims

• Staples Confirms System Outage Was Due to Cyber Attack, Raising the Possibility of a Data Breach | Console and Associates, P.C. - JDSupra

• 60 US credit unions offline after cloud ransomware infection • The Register

• 'Thousands' affected by cyber attack on conveyancing platform (thenegotiator.co.uk)

• News focus: Cyber-attack on law firm IT provider CTS hits conveyancing firms – what lessons need to be learned? | Law Gazette

• Hackers extorting fintech unicorn Tipalti, threaten to leak data of clients Roblox an | Ctech (calcalistech.com)

• What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. | by Kevin Beaumont | Dec, 2023 | DoublePulsar

• Western Isles Council 'counting cost' of November's cyber attack - BBC News

• Austal USA Investigates Cyber Attack Claimed by Ransomware Group (darkreading.com)

• Nissan Restoring Systems After Cyber Attack - SecurityWeek

• Almost 440K individuals affected by cyber attack on Proliance Surgeons (WA) | HealthLeaders Media

• Phishing & Email Based Attacks

• Cyber criminals are exploiting AI tools like ChatGPT to craft more convincing phishing attacks, alarming cyber security experts | TechRadar

• Black Friday phishing attacks, and other cyber security news | World Economic Forum (weforum.org)

• Cyber Criminals Escalate Microsoft Office Attacks By 53% in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• US aerospace firm downed by spearphishing attack | SC Media (scmagazine.com)

• Booking.com users angry at firm's response to hacks - BBC News

• Hershey warns of data breach following phishing attack (therecord.media)

• This huge Russian phishing campaign is hitting targets across the world | TechRadar

• Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT builder helps create scam and hack campaigns - BBC News

Artificial Intelligence

• Cyber criminals are exploiting AI tools like ChatGPT to craft more convincing phishing attacks, alarming cyber security experts | TechRadar

• ChatGPT builder helps create scam and hack campaigns - BBC News

• Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law

• Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek

• How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)

• Exploring the impact of generative AI in the 2024 presidential election - Help Net Security

• Put guardrails around AI use to protect your org, but be open to changes - Help Net Security

• Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek

• 2024 cyber security outlook: The rise of AI voice chatbots and prompt engineering innovations - Help Net Security

• Proliferation of AI-driven Attacks Anticipated in 2024 (itsecuritywire.com)

• Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law

• Researchers automated jailbreaking of LLMs with other LLMs - Help Net Security

Malware

• Fake WordPress security advisory pushes backdoor plugin (bleepingcomputer.com)

• Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)

• Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)

• Kaspersky malware report for Q3 2023 | Securelist

• PC malware statistics, Q3 2023 | Securelist

• Agent Racoon Backdoor Targets Organisations in Middle East, Africa, and US (thehackernews.com)

• Mac users are being targeted again with dangerous malware - here's what to know | TechRadar

• Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)

• Trojan-Proxy Threat Expands Across macOS, Android and Windows - Infosecurity Magazine (infosecurity-magazine.com)

• New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand (thehackernews.com)

• Hackers switch from email attacks to downloads (therecord.com)

• Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)

Mobile

• Android users warned about new threat after one victim loses $280K - PhoneArena

• Mobile malware statistics, Q3 2023 | Securelist

• December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)

• 94 Vulnerabilities Patched in Android with December 2023 Security Updates - SecurityWeek

• Top mobile password managers could be exposing user details | TechRadar

• Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek

• Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)

• Hackers have found a sneaky new way to spy on iPhone users — here’s how | Tom's Guide (tomsguide.com)

• SpyLoan Android malware on Google Play downloaded 12 million times (bleepingcomputer.com)

• Trojan-Proxy Threat Expands Across macOS, Android and Windows - Infosecurity Magazine (infosecurity-magazine.com)

• Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)

• New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)

• Apple and some Linux distros are open to Bluetooth attack • The Register

Denial of Service/DoS/DDOS

• ENISA published ENISA Threat Landscape for DoS Attacks (securityaffairs.com)

Internet of Things – IoT

• EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)

• Customizing Cyber Security For Critical Infrastructure In Smart Cities (forbes.com)

• The importance of Cyber Secure EV Charging stations – making the connection more secure (csl-group.com)

Data Breaches/Leaks

• 23andMe to Book Up to $2M in Cyber Security Breach Expenses - MarketWatch

• After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica

• 23andMe updates user agreement to prevent data breach lawsuits (bleepingcomputer.com)

• 23andMe confirms hackers stole ancestry data on 6.9 million users | TechCrunch

• 23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)

• Data breach debacle hits yet another UK public sector org • The Register

• Fortune-telling website WeMystic exposes 13M+ user records (securityaffairs.com)

• Ninety Percent of Energy Companies Suffer Supplier Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Blue Shield of California customer data stolen in cyber attack | Tacoma News Tribune (thenewstribune.com)

• Hackers Claim to Have Stolen Data From Naval Shipyard Austal USA (maritime-executive.com)

• Hershey warns of data breach following phishing attack (therecord.media)

• Nissan is investigating cyber attack and potential data breach (bleepingcomputer.com)

• GST Invoice Billing Inventory exposes sensitive data to threat actors (securityaffairs.com)

• Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)

• Millions of patient scans and health records spilling online thanks to decades-old protocol bug | TechCrunch

Organised Crime & Criminal Actors

• Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)

• Police Arrests 1000 Suspected Money Mules - Infosecurity Magazine (infosecurity-magazine.com)

• Online crime risks are doubling: Are cyber criminal groups starting to merge? - Digital Journal

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)

• Platypus exploiters walk free after claiming to be ‘ethical hackers’ (cointelegraph.com)

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

Insider Risk and Insider Threats

• Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defence' (thehackernews.com)

Insurance

• Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)

• How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)

• Brokers urged to deliver cyber threat message (emergingrisks.co.uk)

• Hot Topics to Consider for 2024 D&O Questionnaires | Bryan Cave Leighton Paisner - JDSupra

Supply Chain and Third Parties

• Third-party breaches shake the foundations of the energy sector - Help Net Security

• Thousands of house purchases frozen by cyber attack and so will they complete before Christmas? - Property Industry Eye

• Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)

• 60 US credit unions offline after cloud ransomware infection • The Register

• How TUI Group Strengthened its Third-Party Risk Management - Infosecurity Magazine (infosecurity-magazine.com)

• Tipalti investigates claims of data stolen in ransomware attack (bleepingcomputer.com)

• What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. | by Kevin Beaumont | Dec, 2023 | DoublePulsar

• Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek

• BlackCat threatens to directly extort vendor's customers • The Register

Cloud/SaaS

• 60 US credit unions offline after cloud ransomware infection • The Register

• Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk (thehackernews.com)

• Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts (thehackernews.com)

• More oversight needed for cloud in banking, say regulators - Tech Monitor

• How can SMBs protect against fraud in the cloud? | ITPro

Encryption

• Cracking Weak Cryptography Before Quantum Computing Does (darkreading.com)

• HSBC tests protecting FX trading from quantum computer attacks (yahoo.com)

• Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek

Linux and Open Source

• New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)

• Apple and some Linux distros are open to Bluetooth attack • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• 75% of sports-related passwords are reused across accounts | Security Magazine

• New Relic admits attack on staging systems, user accounts • The Register

• After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica

• 23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)

• Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)

• Top mobile password managers could be exposing user details | TechRadar

Malvertising

• Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)

Training, Education and Awareness

• Are companies falling behind on cyber security awareness training? | CTV News

Regulations, Fines and Legislation

• Deutsche Wohnen Ruling Set to Drive Up GDPR Fines - Infosecurity Magazine (infosecurity-magazine.com)

• EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)

• SEC Cyber Security Rules Go Live in Days. Companies Still Aren't Sure What to Expect | Corporate Counsel (law.com)

• More oversight needed for cloud in banking, say regulators - Tech Monitor

• Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek

• SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)

Models, Frameworks and Standards

• NIST Cyber Security Framework Update – Adding the Sixth Pillar - ClearanceJobs

Data Protection

• Deutsche Wohnen Ruling Set to Drive Up GDPR Fines - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Alert fatigue puts pressure on security and development teams - Help Net Security

Law Enforcement Action and Take Downs

• Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)

• Interpol Arrests Smuggler With New Biometric Screening Database (darkreading.com)

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Exploring the impact of generative AI in the 2024 presidential election - Help Net Security

• Russian AI-generated propaganda struggles to find an audience  | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Deputy Prime Minister speech on cyber operations - GOV.UK (www.gov.uk)

• Establishing New Rules for Cyber Warfare (darkreading.com)

• Cyber Security: The Fifth Battlefield (forbes.com)

• 10 Of The Most Advanced Cyber Warfare Tools (slashgear.com)

Nation State Actors

China

• Sellafield nuclear site 'hit by cyber attacks from Russian and Chinese hackers' - Tech Monitor

• Sellafield nuclear site under ‘robust scrutiny’ over cyber security fears (telegraph.co.uk)

• UK government denies China/Russia nuke plant hack claim • The Register

Russia

• Russia hacking: 'FSB in years-long cyber attacks on UK', says government - BBC News

• NCSC exposes Russian cyber attacks on UK political processes | Computer Weekly

• UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador (therecord.media)

• 2 Russian intel officers charged with hacking into US and British government agencies (nbcnews.com)

• Russian hackers have plenty of data left to leak - and the timing could be a serious problem | Science & Tech News | Sky News

• Russia's APT8 exploited Outlook 0day to target EU NATO members (securityaffairs.com)

• Fancy Bear goes phishing in US, European high-value networks • The Register

• This huge Russian phishing campaign is hitting targets across the world | TechRadar

• Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)

• Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)

• Russian hackers accused of targeting US intelligence community with spear phishing campaign - CBS News

• Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)

• Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability (thehackernews.com)

Iran

• Breaches by Iran-Affiliated Hackers Spanned Multiple US States, Federal Agencies Say - SecurityWeek

• US, Israel Warn of Iranian-Linked Cyber Attacks on Water Systems - Bloomberg

• Iranian hackers attempt to damage critical infrastructure through Israeli Unitronics | Ctech (calcalistech.com)

North Korea

• North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)

• S.Korea, US, Japan hold 1st trilateral working-level talks on N.Korea's cyber threats | MorungExpress | morungexpress.com

• North Korean hackers stole anti-aircraft system data from South Korean firm (therecord.media)

• $10 million up for grabs in fight against North Korean hackers (bitdefender.com)

Vulnerability Management

• CISA says US government agency was hacked thanks to ‘end of life’ software | TechCrunch

• CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop

• Key drivers of software security for financial services - Help Net Security

• 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities | CSO Online

Vulnerabilities

• 20,000 Microsoft Exchange servers have reached end-of-life and are vulnerable to attack | SC Media (scmagazine.com)

• Sticking With Windows 10 Instead Of Upgrading? Get Ready To Pay For Security Updates (slashgear.com)

• Quick: Update iPhones and Macs – WebKit security hole found • The Register

• VMware Patches Critical Authentication Bypass Bug | Decipher (duo.com)

• Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)

• Notepad++ Input Validation Flaw Leads Search Path Vulnerability (cybersecuritynews.com)

• December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)

• 94 Vulnerabilities Patched in Android With December 2023 Security Updates - SecurityWeek

• Adobe ColdFusion flaw exploited in US government agency attacks (stackdiary.com)

• Chrome 120 launches with security updates, password sharing and automatic Safety Checks - gHacks Tech News

• Atlassian reveals four fresh critical flaws • The Register

• Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks (thehackernews.com)

• Dangerous vulnerability in fleet management software seemingly ignored by vendor | CyberScoop

• Future Intel, AMD and Arm CPUs Vulnerable to New 'SLAM' Attack: Researchers - SecurityWeek

Tools and Controls

• Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)

• How to recover systems in the event of a cyber attack | Computer Weekly

• Five tips for recovering | Professional Security

• How Financial Institutions Can Navigate the ‘Operational Resilience' imperative (finextra.com)

• 78% of CISOs Concerned About AppSec Manageability - Infosecurity Magazine (infosecurity-magazine.com)

• How to solve 2 MFA challenges: SIM swapping and MFA fatigue | TechTarget

• Why you should create a physical security standard for your company (securitybrief.co.nz)

• Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard

• Comparing SOAR and XDR for MSSPs | MSSP Alert

• The reality behind bypassing EDR attempts | TechTarget

• New 'Pool Party' Process Injection Techniques Undetected by EDR Solutions - SecurityWeek

• Best 10 Best Cyber Attack Maps - 2024 (cybersecuritynews.com)

• Maximizing cyber security on a budget - Help Net Security

• Modern Attack Surface Management for CISOs (trendmicro.com)

• Brokers urged to deliver cyber threat message (emergingrisks.co.uk)

• Proactive, not reactive: the path to ensuring operational resilience in cyber security | CSO Online

• Cyber Security: How to Demonstrate Resilience and Hygiene - Techopedia

• Cyber Security Insurance: Once Optional, Now Essential (informationweek.com)

• When Should You Replace A Cyber Security Vendor? (forbes.com)

• Are companies falling behind on cyber security awareness training? | CTV News

Other News

• NATO’s Flagship Cyber Exercise Concludes In Estonia – Eurasia Review

• Ofcom publishes UK age verification proposals • The Register

• Microsoft Hires New CISO in Major Security Shakeup - SecurityWeek

• US aerospace companies are facing dangerous new cyber attacks | TechRadar

• Cyber security: MEPs back plans to increase cooperation against threats | News | European Parliament (europa.eu)

• Report reveals sorry state of cyber security at UK football clubs | Computer Weekly

• Porn Age Checks Threaten Security and Privacy, Report Warns - Infosecurity Magazine (infosecurity-magazine.com)

• 2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks (govtech.com)

• Nuclear hack creates rising fears of cyber vulnerability in critical services (emergingrisks.co.uk)

• Mayor of London funds cyber crime service | UKAuthority

• The World Depends on 60-Year-Old Code No One Knows Anymore | PCMag

• Public sector has misplaced confidence in cyber security (securitybrief.co.nz)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Strategic Cyber Stories of the Last Week

Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack

An estimated 80 to 200 law firms across the UK were impacted by a cyber attack on a third party firm in their supply chain. The attack was on managed service supplier CTS, who provide services to hundreds of law firms across the UK, especially those with conveyancing departments, and many property sales were impacted nationwide as a result of the attack.

This is against a sharp increase in the number of law firms being singled out by cyber threat actors; only recently, magic circle firm Allen & Overy confirmed themselves as a victim of ransomware.

Sources: [SC Media] [Lawyer Monthly] [Scottish Legal News] [Law Gazette] [Dark Reading]

Approach Cyber Security Awareness Training by Engaging People at All Levels

In the cyber security landscape, human-related factors like social engineering, compromised credentials, and errors are the top causes of breaches. Increased investment in threat detection doesn't guarantee foolproof security. Organisations need a proactive strategy focusing on human risks, a security mindset in employees, and a security culture. According to IBM’s latest data security report, high levels of security training can significantly reduce the impact, cost, and frequency of data breaches.

However, most employee training programmes fail due to staff resistance and lack of management support. The key is convincing leadership of its value. To achieve a successful and impactful security awareness programme, it is important that security teams understand their audiences (leaders, managers, and employees), address their requirements, and effectively communicate the benefits of security training.

Source: [CPO Magazine]

Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks

A recent report found that despite 95% of Chief Information Security Officers (CISOs) receiving budgetary and other support from their organisation after a cyber attack, this largely fails to prevent future incidents, with over half admitting they have experienced multiple “major cyber security incidents” in the last five years.

The report revealed that after an attack 46% of CISOs were given a bigger tech budget, 42% revised their security strategy, 41% adopted new frameworks, and 38% created new roles. However, incidents come with hidden consequences such as revenue loss, rising insurance premiums and declining reputation. CISOs need to have support from the board and executives from the start so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.

Sources: [Business Wire] [Silicon UK]

Ransomware Attacks Surge 81% in October as New Threat Actors Emerge

The NCC Group revealed that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. Ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022. As artificial intelligence, phishing kits and ransomware-as-a-service has improved, so too has the number of threat actors; those who were previously stunted by their technical know-how are now able to gain access to sophisticated attacks.

Source: [Security Brief]

Hacked Microsoft Word Documents Being Used to Trick Windows Users

Active campaigns carried out by cyber criminals are again using macros within Word documents to deploy malware, in spite of Microsoft’s efforts to stop these types of attacks. Most of the time the actor delivers the Word document via phishing emails, with the aim of convincing the user to click and run the macro. Once run, the malware has then achieved its goal of establishing itself on the victims’ machine and executing its malicious payload.

Source: [TechRadar]

Mitigating Deepfake Threats in The Corporate World

Deepfakes are synthetic media that are created or manipulated with the desired outcome of convincing the recipient of their legitimacy; and it’s entering the corporate world. Deepfake technology has already been used to impersonate Presidents and financial experts, however there has been an uprise in the number of these attacks. This has left the corporate world questioning existing operational procedures such as callbacks and how they will need to adjust to encompass the changing landscape.

Some of the ways a corporation can mitigate this, is to promote awareness within the workplace, adjust operational procedures to reflect the current landscape, and utilise advanced detection tools.

Source: [MSSP Alert]

Black Basta Ransomware Made Over $100 Million From Extortion Alone

The cyber crime operator “Black Basta” has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022. In total, 329 victims worldwide were targeted and research has estimated that at least 35% paid a ransom, with multiple payments over $1 million. Black Basta uses double extortion techniques, where data is both ransomed and exfiltrated. This way, victims are forced to pay to get their data back and not have it published online; the latter itself can lead to regulatory fines.

Source: [Bleeping Computer]

Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation

In the evolving cyber security landscape, organisations are increasingly investing in detection and prevention measures. However, there's a growing trend of neglecting post-attack recovery. While advanced security tools and technologies are crucial, recent ransomware incidents have shown that recovery is equally vital. Organisations have faced substantial downtime and financial losses due to attacks. Cyber resilience, the ability to bounce back quickly after an attack, is crucial, especially with the rise of remote work.

Budgets often prioritise prevention, leaving organisations ill-prepared for recovery. In 2023, a significant number of companies paid ransoms to regain data. To achieve true cyber resilience, a rebalance in approach is essential, focusing on preparation, response, and recovery alongside detection and prevention, ensuring rapid recovery and safeguarding of valuable assets.

Source: [TechRadar]

Booking.com Customers Scammed in Novel Social Engineering Campaign

According to new research by SecureWorks, Booking.com customers are being targeted by a novel social engineering campaign that is “paying serious dividends” for cyber criminals. Researchers believe the campaign has gone on for at least a year and it begins by deploying the Vidar infostealer to gain access partner hotels’ Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2,000 in two cyber crime forums.

Source: [Infosecurity Magazine]

Stop Panic Buying Your Security Products and Start Prioritising

In the cyber security landscape, impulse buying can lead to costly mistakes. Breaches are now more expensive than ever, underscoring the need to assess cyber security investments. Fear-driven tactics and the quest for a "silver bullet" solution can push organisations, especially smaller ones, into impulsive investments. These decisions may introduce even more risk by failing to integrate with existing systems, or buying systems but failing to configure them properly or utilising them to the fullest extent, leading to a false sense of security. The consequences can be severe, with breaches now costing organisations millions. To navigate this landscape, organisations must assess the real value of cyber security investments. Calculating risk by evaluating likelihood and impact can guide us in making informed decisions. Instead of impulse buying, assign a monetary value to cyber risks for strategic budget decisions in these economic times, ensuring investments align with security and business goals.

Source: [Help Net Security]

A Fifth of UK SMBs Unable to Spot Scams

New data from UK Finance reveals that 17% of UK small and medium-sized businesses (SMBs) struggle to identify online fraud and scam indicators. This is particularly alarming given the rise in authorised push payment (APP) scams in the UK, where fraudsters impersonate trusted entities to deceive victims into transferring money to controlled accounts. In the first half of 2023 alone, criminals stole a reported £42.6 million through such scams, with total losses including consumer impacts reaching £239 million. SMBs are increasingly targeted due to typically fewer anti-fraud and other countermeasures and controls, compared to larger and better protected larger firms. It is important for SMBs to be vigilant and verify payment details directly with suppliers to help avoid these types of scams.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• Cyber Security Spend Among UK Top 10 Legal Firms Jumps 21% as Threats Become Priority | Law.com International

• Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks | Business Wire

• When does it make sense to pay the ransom? | SC Media (scmagazine.com)

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)

• Enterprises prepare for the inevitable cyber attack - Help Net Security

• Board Support Critical For Cyber Security Defence | Silicon UK

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

• Long recovery times after cyber attacks could annihilate your organisation | TechRadar

• The Role of the CISO in Digital Transformation (darkreading.com)

• Stop panic buying your security products and start prioritizing - Help Net Security

• Cyber Security—Do We See Risks Increasing? | ETF Trends

• Bridging the risk exposure gap with strategies for internal auditors - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• The rise of Ransomware attacks within the Legal Industry (lawyer-monthly.com)

• Ransomware attacks surge 81% in October, new threat actors emerge (securitybrief.co.nz)

• Allianz cyber head warns ransomware is "back with a vengeance" | Insurance Business America (insurancebusinessmag.com)

• Black Basta ransomware made over $100 million from extortion (bleepingcomputer.com)

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war | Europol (europa.eu)

• Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• The crazy world of ransomware • Graham Cluley

• More councils at risk from hackers, warns boss as 'it's a case of when not if' cyber attacks land - Gloucestershire Live

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war (databreaches.net)

• DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software (thehackernews.com)

• How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)

• When does it make sense to pay the ransom? | SC Media (scmagazine.com)

• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)

• Only 4% of UK housing associations feel sector is fully prepared for ransomware attack | Scottish Housing News

• Ransomware Attacks Strike South Africa, Decline in UAE (darkreading.com)

Ransomware Victims

• Law firm A&O silent on whether it paid ransom to cyber criminals | Law Gazette

• Allen & Overy Removed From Ransomware Website With One Day Remaining | Law.com International

• Potentially hundreds of UK law firms affected by cyber attack on IT provider CTS (therecord.media)

• Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)

• London & Zurich ransomware attack sparks financial crisis for businesses (computing.co.uk)

• British Library contacts users after Rhysida leaks data • The Register

• Ransomware attacks hit Stanford University and Nassau Bay in Texas - NotebookCheck.net News

• Notorious ransomware gang takes credit for cyber attack on Fidelity National Financial (therecord.media)

• University of Manchester CISO Speaks Out on Summer Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Slovenia's largest power provider HSE hit by ransomware attack (bleepingcomputer.com)

• GCHQ investigates cyber attack on hospital to the royals after data stolen (telegraph.co.uk)

• English council spent £1.1 million recovering from ransomware attack (therecord.media)

• More councils at risk from hackers, warns boss as 'it's a case of when not if' cyber attacks land - Gloucestershire Live

• Healthcare giant Henry Schein hit twice by BlackCat ransomware (bleepingcomputer.com)

• Qilin ransomware claims attack on automotive giant Yanfeng (bleepingcomputer.com)

• New cyber criminal group outed after British Library attack - Emerging Risks Media Ltd

• Cyber attack closes hospital emergency rooms in three US states | US healthcare | The Guardian

• Medical test company’s ‘serious and systemic failures’ led to cyber attack, watchdog says | Business | The Guardian

• Two Hackensack Meridian hospital ERs diverting patients after a ransomware attack (msn.com)

• Ardent Health Services Grapples With Ransomware Disruption - Infosecurity Magazine (infosecurity-magazine.com)

• DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)

• Top instant money provider service hacked, over a million users possibly affected | TechRadar

• Staples confirms cyber attack behind service outages, delivery issues (bleepingcomputer.com)

Phishing & Email Based Attacks

• Black Friday: Phishing Emails Soar 237% - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing makes up 43% of email attacks | Security Magazine

• AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)

• Organisations can't ignore the surge in malicious web links - Help Net Security

• How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)

• Booking.com Customers Scammed in Novel Social Engineering Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Criminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• What custom GPTs mean for the future of phishing - Help Net Security

• A reality check on email security threats in healthcare (securitybrief.co.nz)

Artificial Intelligence

• Released: AI security guidelines backed by 18 countries - Help Net Security

• 4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)

• CISA and NCSC lead efforts to raise AI security standards • The Register

• Security leaders on high alert as GenAI poses privacy and security risks - Help Net Security

• AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)

• A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? | CSO Online

• Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)

• Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners > National Security Agency/Central Security Service > Press Release View

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• 4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)

• Securing generative AI across the technology stack | TechCrunch

• Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)

• What custom GPTs mean for the future of phishing - Help Net Security

• 8 Tips on Leveraging AI Tools Without Compromising Security (darkreading.com)

Malware

• Implications of “malware free” attacks on SMBs (databreaches.net)

• SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News

• Hacked Microsoft Word documents being used to trick Windows users | TechRadar

• N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - Infosecurity Magazine (infosecurity-magazine.com)

• A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets (darkreading.com)

• LogoFAIL bugs in UEFI code allow planting bootkits via images (bleepingcomputer.com)

Mobile

• Busting 6 Myths About Mobile Device Security | MSSP Alert

• Surge in counterfeit app risk as cyber crime exploits rising digital consumption (securitybrief.co.nz)

• NameDrop in iOS 17 is not a privacy nightmare – here’s how to control it (msn.com)

• 200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn (thehackernews.com)

Denial of Service/DoS/DDOS

• Same threat, new stakes: DDoS in an evolving telecoms sector

Internet of Things – IoT

• Cyber pros avoid smart devices: there is a good reason | Cybernews

• Navigating IoT security in a connected world - EDN

• IoT Security Labeling Improving, But More Collaboration Needed - EE Times

Data Breaches/Leaks

• Okta security breach much worse than originally disclosed – all customers' data potentially affected | Mashable

• Nuclear lab faces niche cyber threat (computing.co.uk)

• App used by hundreds of schools leaking children's data (securityaffairs.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

• Gulf Air exposed to data breach, 'vital operations not affected' | Reuters

• General Electric investigates claims of cyber attack, data theft (bleepingcomputer.com)

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Hackers spent 2+ years looting secrets of chipmaker NXP before being detected | Ars Technica

• Medical test company’s ‘serious and systemic failures’ led to cyber attack, watchdog says | Business | The Guardian

• DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• Dollar Tree hit by third-party data breach impacting 2 million people (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Leader of Killnet 'unmasked' by Russian state media • The Register

• A Fifth of UK SMBs Can’t Spot Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register

• Security official: Romania is an exporter of cyber security in its part of the word (stiripesurse.ro)

• I'm a hacker who was jailed for a decade for heading up a cyber criminal organisation - I started the group to fight back against bullies but got hooked on the power | Daily Mail Online

• How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)

• Founder of spyware maker Hacking Team arrested for attempted murder: local media | TechCrunch

• US imprisons Ukrainian SSNDOB administrator for 8 years • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• KyberSwap Says Hackers Stole $55m in Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)

Insurance

• Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)

• Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)

Supply Chain and Third Parties

• Cyber attack on managed service provider potentially affects hundreds of law firms | Scottish Legal News

• Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)

• Telecom Industry Association Advances Supply Chain Security | MSSP Alert

Cloud/SaaS

• SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News

• Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar

• Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories (thehackernews.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)

• Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar

• Weak & Strong Password Examples: Study Reveals Most Hackable Words (tech.co)

• Despite Hype, the Password-Free Workplace Is Still a Long Way Off (darkreading.com)

• Navigating the Stormy Seas of Cyber security: The Power of High-Entropy Passwords | HackerNoon

• 90+ Key Password Breach Statistics in 2023 (techreport.com)

Social Media

• Google, Meta, allege China cyber attacks • The Register

Training, Education and Awareness

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 8 Cyber Security Topics to Include in Your Training Program | Proofpoint US

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

Regulations, Fines and Legislation

• European Commission Failing to Tackle Spyware, Lawmakers Say (inforisktoday.com)

• Released: AI security guidelines backed by 18 countries - Help Net Security

• Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners > National Security Agency/Central Security Service > Press Release View

• EU considers widening scope of cyber security regulation (finextra.com)

• Newly-proposed cyber security rules could affect cloud banking services in the EU - PaymentExpert.com

• Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)

• 5 resolutions to prepare for SEC's new cyber disclosure rules - Help Net Security

• The SEC’s Fraud Suit Against SolarWinds: 3 Cyber security Action Items for Companies to Consider | Orrick, Herrington & Sutcliffe LLP - JDSupra

• False Claims Act Meets Cyber security Compliance in Government Contracting - ClearanceJobs

Models, Frameworks and Standards

• CISA Launches Project to Assess Effectiveness of Security Controls - Infosecurity Magazine (infosecurity-magazine.com)

• The challenge of adding governance as a pillar of cyber security (c4isrnet.com)

Data Protection

• Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)

Careers, Working in Cyber and Information Security

• Information overload puts cyber security at risk (betanews.com)

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• More than half admit to ignoring cyber security alerts (itsecuritywire.com)

• Fewer cyber pros are getting fired immediately after an incident: Trellix survey (axios.com)

• Unhappy network professionals juggling more with less - Help Net Security

Law Enforcement Action and Take Downs

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war | Europol (europa.eu)

• Police dismantle ransomware group behind attacks in 71 countries (bleepingcomputer.com)

• CoLP launches strategy for fraud, economic and cyber crime | UK Police News - Police Oracle

• Los Angeles SIM Swapper Sentenced to 8 Years in Prison - Security Week

• New York Fines First American $1 Million for Cyber Breach (1) (bloomberglaw.com)

• Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register

Misinformation, Disinformation and Propaganda

• Ahead of 2024 election, Meta worries about lack of information on top-tier nation-state covert operations | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Ahead of 2024 election, Meta worries about lack of information on top-tier nation-state covert operations | CyberScoop

Nation State Actors

China

• Deloitte and KPMG ask staff to use burner phones for Hong Kong trips

• Google, Meta, allege China cyber attacks • The Register

Russia

• Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns – POLITICO

• North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)

• Ukraine says it hacked Russian aviation agency, leaks data (bleepingcomputer.com)

• Leader of Killnet 'unmasked' by Russian state media • The Register

Iran

• Pennsylvania water facility hit by Iran-linked hackers | CyberScoop

• North Texas water utility serving 2 million hit with cyber attack (therecord.media)

• Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium

North Korea

• North Korean hackers are carrying out even more cyber attacks than previously thought | TechRadar

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)

• N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)

• US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Hamas-linked APT uses Rust-based SysJoker backdoor against Israel (securityaffairs.com)

• Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop

• SysJoker Malware: Hamas-Related Threat Expands With Rust Variant - Infosecurity Magazine (infosecurity-magazine.com)

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Israel’s national water company sees increase in cyber attacks since beginning of war | Ctech (calcalistech.com)

• Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week

Vulnerability Management

• Why it’s the perfect time to reflect on your software update policy - Help Net Security

Vulnerabilities

• Apple fixes two new iOS zero-days in emergency updates (bleepingcomputer.com)

• Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability (thehackernews.com)

• Design flaw leaves Google Workspace vulnerable for takeover - Help Net Security

• Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices - Security Week

• Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data (hackread.com)

• Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro

• Hackers start exploiting critical ownCloud flaw, patch now (bleepingcomputer.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more! - Help Net Security

• PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) - Help Net Security

• Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)

• Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)

• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)

Tools and Controls

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 8 Cyber Security Topics to Include in Your Training Program | Proofpoint US

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

• Long recovery times after cyber attacks could annihilate your organisation | TechRadar

• Stop panic buying your security products and start prioritizing - Help Net Security

• Cyber Security Spend Among UK Top 10 Legal Firms Jumps 21% as Threats Become Priority | Law.com International

• Enable 256-bit Bitlocker encryption on Windows 11 to boost security - gHacks Tech News

• Building cyber resilience for tomorrow’s threats - Help Net Security

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)

• AI Boosts Malware Detection Rates by 70% - Infosecurity Magazine (infosecurity-magazine.com)

• Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)

• What cyber security pros can learn from first responders (securityintelligence.com)

• Why are Organisations Failing to Detect Cyber security Threats? | MSSP Alert

• Vulnerability disclosure: Legal risks and ethical considerations for researchers - Help Net Security

• Researcher flags OpenCart security issue, founder rages • The Register

• Bridging the risk exposure gap with strategies for internal auditors - Help Net Security

Reports Published in the Last Week

• 2023 Zscaler ThreatLabz State of Phishing Report | Zscaler

Other News

• Cyber attack On A&O Highlights Perils Of Law Firm Mergers - Law360

• Law Firms & Legal Departments Singled Out for Cyber attacks (darkreading.com)

• Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week

• Microsoft is at the Heart of US National Security Systems and It’s Vulnerable: Cyber Security Expert | NTD

• Implications of “malware free” attacks on SMBs (databreaches.net)

• Reading Borough Council apologises for dodgy infosec advice • The Register

• Holiday Season Increases Cyber security Risks (forbes.com)

• Only 1 in 6 Brits are concerned about cyberthreats at home - Home of Direct Commerce

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• Paris water agency targeted in cyber attack - Emerging Risks Media Ltd

• Why Utilities Need to Supercharge Their Approach to Cyber security (powermag.com)

• No plain sailing: modern pirates hack superyachts' cyber security | Euronews

• Hackers Hijack Industrial Control System at US Water Utility  - Security Week

• How to Keep Cyber attacks From Taking Off (darkreading.com)

• Estate agents warned to have measures in place to prevent cyber attacks (thenegotiator.co.uk)

• Japan’s space agency suffers cyber attack • The Register

• CISA to Congress: US Under Threat of Chemical Attacks (darkreading.com)

• New BLUFFS attack lets attackers hijack Bluetooth connections (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.