Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023

The UK Government’s Joint Committee on the National Security Strategy (JCNSS) has published its response to a ransomware enquiry with stark conclusions, stating that there is a lot to be done to truly tackle the threat posed by ransomware. The chair of the JCNSS said that the UK is and will remain exposed and unprepared if it continues to take a “head in the sand” attitude to ransomware. The minister for artificial intelligence (AI) called upon organisations to “step up their cyber security plans to guard against threats, protect their customers and workforce, and our wider economy.” This comes as the Government’s Cyber Security Longitudinal Survey (CSLS) found that three-quarters of UK businesses and 79% of UK charities experienced a cyber security incident in the last 12 months.

Despite progress, there's a pressing need for organisations to shift from viewing cyber security as solely an IT concern to recognising its integral role across all business functions, particularly in the face of escalating cyber threats. With only half of UK board members having had security training, only a quarter of businesses assessing suppliers for possible security risks, and a fifth of UK boards failing to discuss cyber security even once, the time to improve UK businesses is now.

Sources: [Emerging Risks Media Ltd] [CITY A.M.] [Verdict] [Computer Weekly]

1% of Users are Responsible for 88% of Data Loss Events

New research has shown that that 85% of organisations experienced a data loss in the past year, with 9 out of 10 of those facing a negative outcome such as business disruption, revenue loss and reputational damage. The research found that 1% of users were responsible for 88% of events. It is important to understand this is not always intentionally malicious; it can be accidental or negligent. The research found for example, that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventative strategies such as implementing a security review process for this user category.

With as little as 1% of users causing most alerts, organisations need to monitor their most sensitive data and who can access it. This should also include data loss prevention features, to further reduce the risk.

Source: [Help Net Security]

Microsoft Report Says 87% of UK Organisations are Vulnerable to Cyber Attacks in the Age of AI

New research conducted by Microsoft has found that 87% of UK Businesses are unprepared for the age of AI due to their vulnerability to cyber attacks, leaving a mere 13% considered resilient. Further, Microsoft stated that 39% of organisations were at high risk. For organisations, AI can be a tough obstacle to overcome in their journey to cyber resiliency, and it’s important to seek guidance if the available skills are not in-house.

Sources: [Microsoft] [TechRadar ] [The Times] [Infosecurity Magazine]

Cyber Naivety Leaves 4 out of 5 Businesses Wide Open, Only 1 in 5 Has a Plan

Research conducted by Cowbell Insurance has found that the UK is exhibiting a rather cavalier approach to security with 77% of UK SMEs not having any in-house security, 32% of CEOs being confident a cyber attack would not impact their ability to do business and 87% not considering reputational damage as a significant risk. This contrasts with the UK Government’s latest cyber security breaches survey, which found 59% of medium businesses experienced breaches or attacks in the last 12 months. Cowbell have stated that that UK SMEs are leaving themselves wide open to the threats and only 1 in 5 organisations had a dedicated plan to deal with a cyber attack.

A cyber security incident response plan (IRP) allows an organisation to have a documented and formalised process for dealing with a cyber incident. The IRP should be exercised annually, and cover roles and responsibilities, communications and escalations to detect, analyse, contain, eradicate and recover from an incident.

Sources: [Business Mondays] [Insurance Times] [Reinsurance News] [Gloucestershire Live]

Risk and Regulation: Preparing for the Era of Cyber Security Compliance

The next twelve months will see new regulations in many countries, and that means more things to comply with. The EU has two new regulations relating to cyber security: the NIS2 directive and the Digital Operational Resilience Act (DORA). However, despite their EU origin, the inclusion of supply chain companies within the regulations means their impact and reach will extend outside of the European Union itself. Both regulations are risk-management based in their approach.

In order to prepare, decision makers need to first understand what they are complying with and in some cases, this may require sourcing external help to fully ensure the organisation is compliant. Once this is understood, they can start implementing their compliance strategy. Research has shown that some 43% of enterprises surveyed had failed a compliance audit, making them ten times more likely to suffer a data breach.

Sources: [Security Week] [Verdict]

Ransomware Attacks Jump 73% Within a Year

A recent report has shown that ransomware surged by 46% in February 2024, compared to January of the same year and 73% higher than February of the previous year. The LockBit ransomware group claimed responsibility for 110 attacks in February alone. The results show that ransomware is not only still an issue, but one that is consistently rising and if your organisation isn’t already implementing procedures to their risk, it is imperative to start now. Lockbit was taken down in a coordinated law enforcement operation earlier this year; only time will tell how effective that operation was or whether, as with the Hydra from Greek mythology, cutting off one head just causes more to grow in its place.

Source: [TechTarget]

The New CISO - Rethinking the Role

The role of Chief Information Security Officers (CISOs) faces a pivotal transformation. Traditionally tasked with safeguarding company assets against cyber threats, CISOs now find themselves straddling the realms of security and business operations. This shift reflects a growing expectation for CISOs to align security measures with broader business objectives while navigating an increasingly complex risk landscape. With the average cost of a data breach soaring, reaching $4.45 million in 2023 according to IBM, the stakes are higher than ever. As businesses grapple with the integration of cyber security into operational strategies, CISOs are compelled to cultivate new skills, communicate effectively with boards, embrace risk-based approaches, fortify technical fundamentals, leverage automation, and meticulously document incident response plans. The evolving threat landscape demands a new breed of CISO, one who is adept at balancing resilience with operational imperatives, collaborating closely with leadership, and steering organisations through turbulent cyber waters.

Source: [Dark Reading]

90% of Attacks Involve Data or Credential Theft, SMBs Primary Target

The 2024 Sophos Threat Report sheds light on the changing tactics of ransomware operators, particularly in their targeting of small and medium-sized businesses (SMBs). Notably, the report reveals a significant surge in ransomware attacks employing remote encryption, rising by 62% between 2022 and 2023. Sophos' Managed Detection and Response (MDR) team encountered multiple cyber attacks leveraging exploits in remote monitoring and management (RMM) software, a vital component used by many MSPs and external IT providers, and thus affecting many businesses. With almost half of malware detections for SMBs attributed to data-stealing malware, the report underscores the growing value of stolen data as currency in cyber criminal circles, with initial access brokers (IABs) facilitating network breaches. Data protection emerges as a critical challenge, with over 90% of attacks involving credential theft, and business email compromise (BEC) attacks becoming increasingly sophisticated. While ransomware remains a persistent threat, the report also highlights the proliferation of malware-as-a-service (MaaS) activities, emphasising the importance for SMBs to bolster their cyber security defences against these evolving threats.

Source: [MSSP Alert]

Chief Risk Officers Say Cyber Security is Most Pressing Risk

In an inaugural global insurance risk management survey conducted by EY/Institute of International Finance (IIF), cyber security was ranked as the highest immediate concern for chief risk officers. It placed above insurance, business model change and credit risk. When it came to emerging risks over the next three years, it remained at the top spot, followed by geopolitical risk, environmental risk and machine learning and artificial intelligence.

Source: [Insurance Journal]

Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats

The latest findings from Mimecast's annual report emphasise that human error continues to be the leading cause of cyber breaches, responsible for 74% of incidents. As emerging threats like AI and deepfake technology pose increasingly sophisticated challenges, it's crucial for businesses to prioritise employee training and bolster their defence strategies.

Providing cyber security training is essential to creating a security conscious culture that educates on risk and in turn increases a company’s cyber culture. Committing to cyber security training needs to be beyond ticking a checkbox, as it allows the workforce the ability to understand, scrutinise and know how to report threats in the corporate environment. Training allows workers to be able to understand the types of threats they may face, along with red flags to look out for. Knowing how the employee should report a threat can determine whether your organisation can deal with a ransomware attack. While generic or off the shelf computer based training can be seen as an easy fix, training needs to be tailored to the organisation, its operating environment and the organisation’s culture and ways of doing business.

To mitigate this risk, organisations should consider implementing tailored cyber security education, tabletop exercises, phishing simulations, and one-on-one consulting for board members. As the responsibility of board members for cyber security strategy increases, it’s crucial to ensure their own security against evolving threats.

Sources: [Emerging Risks] [The HR Director] [WSJ] [The HR Director]

Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them

A recent report from Thales reveals a stark reality, with 93% of IT and security professionals noting a worsening trend in cyber attacks. Ransomware incidents have surged by over a quarter year-on-year, yet less than half of companies have adequate plans to address such threats, leading to 8% resorting to paying attackers' demands. Compliance failures are also on the rise, with 43% of enterprises falling short in audits, correlating with a higher incidence of cyber attacks among non-compliant organisations.

A separate report shows that despite record spending on cyber security, reaching $188 billion globally in 2023, reported data breaches in the US surged to an all-time high of 3,205, up 78% from the previous year. This paradox underscores the evolving tactics of cyber criminals. Ransomware attacks have transitioned from merely locking data to stealing and threatening to disclose it, termed Ransomware 2.0. Cloud misconfigurations, involving 82% of breaches, and exploitation of vendor systems further exacerbate the issue. Heightened awareness and improved practices are imperative to counteract the escalating threat landscape.

Source: [TechRadar] [WSJ]

Supply Chain Cyber Attacks Create Weak Spots: You Need to Prepare

A recent poll by Deloitte found that nearly half of senior executives anticipate a rise in supply chain attacks in the coming year, with 33% already experiencing at least one supply-chain cyber incident within the past year. This especially rings true for healthcare, with the sector accounting for 33% of third-party data breaches in 2023. Many organisations are unsure where to even begin.

Organisations need to manage their third party risks through risk assessments, to understand the third parties that they currently or plan to use, and the data that the third party would hold or access. This enables the third parties to be prioritised with clear communications to notify the organisation in the event of a data breach.

Sources: [Security Brief ] [Beta News]

Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History

In a landmark incident, the American Hospital Association has dubbed the recent ransomware attack on Change Healthcare, a division of UnitedHealth Group’s Optum, as the most significant cyber threat ever faced by the US healthcare system. The attack, which occurred on February 21st, has severely impacted operations, affecting various healthcare entities reliant on Change Healthcare's services. UnitedHealth Group, in response, has been working to restore critical systems, aiming to reinstate electronic payment and medical claims services later this month. However, challenges persist, with cyber security experts warning that recovery efforts could extend for at least 30 days. The attack's aftermath sheds light on the healthcare sector's susceptibility to cyber threats and underscores the need for robust security measures and swift governmental responses. Reports reveal that the ransomware group responsible has received a substantial payout, raising concerns about the broader implications for healthcare providers. Cyber insurance policies are expected to help mitigate financial losses, especially for smaller entities facing cash flow disruptions.

Source: [Reinsurance News]

Governance, Risk and Compliance

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• Nine in ten companies at risk of cyber attacks as hackers use AI (thetimes.co.uk)

• Microsoft: 87% of UK Organisations Vulnerable to Costly Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: The UK is woefully unprepared for future AI cyber threats | ITPro

• New research calls for ‘less fear and more action’ from SMEs, as cyber naivety leaves 4 out of 5 businesses wide open to threats - Business Mondays

• Minister: Cyber brings 'risks we can't ignore' with UK firms still vulnerable (cityam.com)

• UK’s cyber resilience stagnates as more fall victim to attacks | Computer Weekly

• Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week

• UK government's "scarcely believable" cyber security survey makes grim reading for all sizes of business | TechFinitive

• 75% of UK Businesses Experienced a Cyber Incident in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• New research shows UK SMEs are leaving themselves open to cyber threats: Cowbell - Reinsurance News

• Only 1 in 5 SMEs have a plan in case of cyber attack - Gloucestershire Live

• The New CISO: Rethinking the Role (darkreading.com)

• Most IT pros think cyber attacks are getting worse - and many firms don't know how to deal with them | TechRadar

• Chief Risk Officers Say Cyber Security Most Pressing Risk: Survey (insurancejournal.com)

• Using A Security Assessment As A Measuring Stick (forbes.com)

• From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)

• Secrets sprawl: Protecting your critical secrets - Help Net Security

• Cyber Security: Why it’s becoming harder to stay safe online (holyrood.com)

• Cyber security must be a priority if the UK is serious about digitising the economy (uktech.news)

• Navigating the Evolving Cyber Threat Landscape: Insights from the Cyber Stability Conference → UNIDIR

• Organisations under pressure to modernize their IT infrastructures - Help Net Security

• Adapting Military Solutions to the Corporate Battlefield - Infosecurity Magazine (infosecurity-magazine.com)

• Board-level buy-in: preparing cyber defences the right way | Computer Weekly

• Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware surges as compliance falters - Thales Group - Verdict

• Whistleblowing And Cyber Swatting: Cyber Extortion Reaches A New Low (forbes.com)

• Study Uncovers 27% Spike in Ransomware; 8% Yield to Demands - Infosecurity Magazine (infosecurity-magazine.com)

• NCC Group: Ransomware attacks jump 73% in February | TechTarget

• Ransomware attack on Change Healthcare pegged as "most significant" in sector history - Reinsurance News

• The Big Question: Is the UK ready to meet the threat of ransomware to British business? - Emerging Risks Media Ltd

• From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally | Business Wire

• RaaS groups increasing efforts to recruit affiliates - Help Net Security

• If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ

• After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)

• Lockbit Strikes Back After FBI Takedown With New Ransomware Attack Details (pcmag.com)

• Government not facing up to CNI cyber risks, committee warns | Computer Weekly

• 6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard

• STOP ransomware, more common than LockBit, gains stealthier variant | SC Media (scmagazine.com)

• Crypto scams more costly to US than ransomware, Feds say • The Register

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• What the Latest Ransomware Attacks Teach About Defending Networks (bleepingcomputer.com)

• Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)

Ransomware Victims

• Ransomware attack on Change Healthcare pegged as "most significant" in sector history - Reinsurance News

• The British Library looks to the future as it reveals the incalculable damage of its ransomware attack (diginomica.com)

• VIEW: On the lessons learned from the British Library cyber incident - CIR Magazine

• UnitedHealth cyber attack "one of the most stressful things we've gone through," doctor says - CBS News

• UnitedHealth advances $2 billion to providers post-cyber attack By Investing.com

• Scottish health board hit by huge cyber attack with ‘significant quantity’ of data at risk (scotsman.com)

• Why UnitedHealth, Change Healthcare were targets of ransomware hackers

• Criminal investigation into Leicester City Council cyber attack - BBC News

• Yacht dealer to the celebs attack claimed by Rhysida gang • The Register

• UK council eerily cagey about 'cyber incident' details • The Register

• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

Phishing & Email Based Attacks

• Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar

• Five key takeaways from 2024 State of the Phish: Europe and Middle East | ITPro

• Tax Hackers Blitz Small Business With Phishing Emails (darkreading.com)

• Hackers Posing as Law Firms Phish Global Orgs (darkreading.com)

• IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Email threat landscape | Professional Security

• Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (thehackernews.com)

• A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

• Spa Grand Prix email account hacked to phish banking info from fans (bleepingcomputer.com)

• How to defend against phishing as a service and phishing kits | TechTarget

Other Social Engineering

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Don't Answer the Phone: Inside a Real-Life Vishing Attack (darkreading.com)

Artificial Intelligence

• Microsoft report says UK is not prepared for the age of AI — barely any businesses are ‘resilient’ to cyber crime | TechRadar

• 87% of UK organisations are vulnerable to cyber attacks in the age of AI (microsoft.com)

• UK’s AI ambitions pointless while cyber security is still neglected | Computer Weekly

• In the rush to build AI apps, don't leave security behind • The Register

• AI adoption by hackers pushed financial scams in 2023 | CSO Online

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week

• From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)

• Shadow AI is the latest cyber security threat you need to prepare for - Help Net Security

• Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network

Malware

• The most prevalent malware behaviours and techniques - Help Net Security

• Malware stands out as the fastest-growing threat of 2024 - Help Net Security

• Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)

• New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (thehackernews.com)

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

• From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)

• A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• More sophisticated BunnyLoader malware variant emerges | SC Media (scmagazine.com)

• Evasive Sign1 malware campaign infects 39,000 WordPress sites (bleepingcomputer.com)

Mobile

• Kaspersky Identifies Three New Android Malware Threats (darkreading.com)

Denial of Service/DoS/DDOS

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Why DDoS Threat Actors Are Shifting Their Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• 300,000 Systems Vulnerable to New Loop DoS Attack - Security Week

• Telecoms is evolving – and unfortunately, so are DDoS attacks | TechRadar

Internet of Things – IoT

• Unsaflok flaw can let hackers unlock millions of hotel doors (bleepingcomputer.com)

• Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)

Data Breaches/Leaks

• 1% of users are responsible for 88% of data loss events - Help Net Security

• If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ

• Secrets sprawl: Protecting your critical secrets - Help Net Security

• Hackers steal personal data of 43 million French job seekers | ITPro

• International Monetary Fund email accounts hacked in cyber attack (bleepingcomputer.com)

• IMF Investigating Cyber Security Incident Detected on Feb. 16 (bloomberglaw.com)

• NHS Dumfries and Galloway Warns of “Significant” Data Theft - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leaked 70M+ records allegedly stolen from AT&T (securityaffairs.com)

• AT&T says leaked data of 70 million people is not from its systems (bleepingcomputer.com)

• Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)

• Top 5 Data Breaches That Cost Millions - Security Boulevard

• Misconfigured Firebase Instances Expose 125 Million User Records - Security Week

• Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert

• Serial data thief pleads guilty to cyber crime charges • The Register

• Changing cause of data breaches | Professional Security

• Fake data breaches: Countering the damage - Help Net Security

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

• How to verify a data breach | TechCrunch

• Nations Direct Mortgage Data Breach Impacts 83,000 Individuals - Security Week

Organised Crime & Criminal Actors

• RaaS groups increasing efforts to recruit affiliates - Help Net Security

• IT helpdeskers increasingly targeted by cyber criminals • The Register

• Serial data thief pleads guilty to cyber crime charges • The Register

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Crypto scams more costly to US than ransomware, Feds say • The Register

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

Insider Risk and Insider Threats

• 1% of users are responsible for 88% of data loss events - Help Net Security

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• Why Employees Are Your Best Defence Against Cyber Attacks: 6 Tips for Fostering a People-Focused Security Posture (newsweek.com)

• Why human risk management is key to data protection (betanews.com)

• As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ

• FE News | How to Protect Your Data With Cyber Security Training

• China-based Canadian accused of stealing Tesla trade secret • The Register

Insurance

• UK cyber insurance findings | Professional Security

• New Regulations Make D&O Insurance a Must for CISOs (darkreading.com)

• Insurers told cyber cover remains attractive but beware of accumulation risk (emergingrisks.co.uk)

Supply Chain and Third Parties

• Third-party breaches create network weak spots (betanews.com)

• How to Prepare for a Surge in Supply-Chain Cyber Attacks (securitybrief.co.nz)

• How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl (thehackernews.com)

Cloud/SaaS

• Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week

• The Definitive Guide to SaaS Security - Security Boulevard

Identity and Access Management

• Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)

Encryption

• Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)

• Future inevitability of quantum computers is a security problem today - Breaking Defence

Linux and Open Source

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• New acoustic attack determines keystrokes from typing patterns (bleepingcomputer.com)

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials (thehackernews.com)

• WordPress Brute-Force Attacks: Sites Used As Staging Ground - Security Boulevard

• What is Credential Harvesting? Examples & Prevention Methods - Security Boulevard

• Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)

• Misconfigured Firebase instances leaked 19 million plaintext passwords (bleepingcomputer.com)

• Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

Social Media

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

Training, Education and Awareness

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• Why Employees Are Your Best Defence Against Cyber Attacks: 6 Tips for Fostering a People-Focused Security Posture (newsweek.com)

• As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ

• FE News | How to Protect Your Data With Cyber Security Training

• The Weakest Link: Securing The Human Element From Cyber Attack  - Security Boulevard

Regulations, Fines and Legislation

• Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week

• ICO publishes new fining guidance | ICO

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Why do 60% of SEC Cyber Security Filings Omit CSO, CISO Info? | MSSP Alert

Models, Frameworks and Standards

• Chinese media exposes criminal smartphone farms • The Register

Data Protection

• Why human risk management is key to data protection (betanews.com)

Careers, Working in Cyber and Information Security

• How to Battle Burnout While Protecting Your Most Valuable Asset — Your People - Benzinga

• 3 Ways Businesses Can Overcome the Cyber Security Skills Shortage (darkreading.com)

• Why cyber recruitment needs a rapid overhaul | TechRadar

• AI Won't Solve Cyber Security's Retention Problem (darkreading.com)

Law Enforcement Action and Take Downs

• Filipino police break up forced labour cyber operation • The Register

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials (thehackernews.com)

• Court jails first person convicted of cyberflashing in England | Crime | The Guardian

• Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)

• After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)

• Serial data thief pleads guilty to cyber crime charges • The Register

• Ukrainian Police Arrest Suspected Brute Force Account Hijackers - Infosecurity Magazine (infosecurity-magazine.com)

• Money laundering network boss hit with multi-million pound confiscation order - National Crime Agency

• Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)

Misinformation, Disinformation and Propaganda

• Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Warfare: Understanding New Frontiers in Global Conflicts (darkreading.com)

• Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)

Nation State Actors

China

• Chinese Earth Krahang hackers breach 70 orgs in 23 countries (bleepingcomputer.com)

• 'We know they're on the network,' CISA official says of nation-state actors infiltrating US critical infrastructure | StateScoop

• Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon - Security Week

• Confronted with Chinese hacking threat, industrial cyber security pros ask: What else is new?  | CyberScoop

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• “Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica

• Chinese media exposes criminal smartphone farms • The Register

• Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)

• A look inside the Chinese cyber threat at the biggest ports in US

• CISA shares critical infrastructure defence tips against Chinese hackers (bleepingcomputer.com)

Russia

• Microsoft Under Attack by Russian Cyber Attackers - Security Boulevard

• UK Defence Secretary jet hit by electronic warfare attack in Poland (securityaffairs.com)

• Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar

• 'We know they're on the network,' CISA official says of nation-state actors infiltrating US critical infrastructure | StateScoop

• Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyber Attacks (darkreading.com)

• The cyberwar in Ukraine is as crucial as the battle in the trenches (economist.com)

• Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)

• Russia’s Hybrid Warfare with the United States | Geopolitical Monitor

• HUR and cyber activists hacked at least seven Russian companies between March 11 and 18 / The New Voice of Ukraine (nv.ua)

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• “Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica

• The West Should Help Expand Ukraine’s Cyber Offensive against Russia | Geopolitical Monitor

• Russia-linked hackers use Smokeloader malware to steal funds from Ukrainian enterprises (therecord.media)

• Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (thehackernews.com)

• Over 800 Russian cyber attacks on Ukraine's state institutions and services since February 2022 – Prosecutor General | Ukrainska Pravda

• I’m a disaster expert - this is what will happen after a Russian cyber attack (inews.co.uk)

• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

• Top 5 Russian-Speaking Dark Web Forums - SOCRadar® Cyber Intelligence Inc.

• Putin Sees Disastrous Start to Presidential Election (newsweek.com)

• Russia targets hundreds of Americans with new sanctions, including cyber journalists (therecord.media)

• Putin’s party hit by cyber attack as armed Russian troops oversee voters in occupied Ukraine | The Independent

• Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News

Iran

• Hackers claim to have breached Israeli nuclear facility’s computer network (therecord.media)

North Korea

• North Korea gets 50% of foreign earnings due to weak security measures in crypto industry, UN says

• North Korea's Kimsuky gang now exploiting Windows Help files • The Register

• Hacks Account for Half of N. Korea Foreign-Currency Income: UN (bloomberglaw.com)

• Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News

Vulnerability Management

• NIST NVD Disruption Sees CVE Enrichment on Hold - Infosecurity Magazine (infosecurity-magazine.com)

• No Easy Fix For Untangling Web of Critical Dependencies | Decipher (duo.com)

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

• NIST's Vuln Database Downshifts, Prompting Questions About Its Future (darkreading.com)

• 50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty - Infosecurity Magazine (infosecurity-magazine.com)

• Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network

Vulnerabilities

• Exploitation activity increasing on Fortinet vulnerability | TechTarget

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week

• Ivanti Keeps Security Teams Scrambling With 2 More Vulns (darkreading.com)

• Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (thehackernews.com)

• Critical Fortinet's FortiClient EMS flaw actively exploited in the wild (securityaffairs.com)

• Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (thehackernews.com)

• Remove WordPress miniOrange plugins, a critical flaw can allow site takeover (securityaffairs.com)

• Another Microsoft vulnerability is being used to spread malware | TechRadar

• Misconfigured Firebase Instances Expose 125 Million User Records - Security Week

• Google Chrome 123 launches with security fixes and Google Update changes on Windows - gHacks Tech News

• The Windows 11 KB5035853 update is causing BSOD errors for some users. | Windows Central

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

• Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug (thehackernews.com)

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• iOS 17.4.1 release includes bug fixes and security updates | Macworld

• Discontinued Security Plugins Expose Many WordPress Sites to Takeover - Security Week

Tools and Controls

• Using A Security Assessment As A Measuring Stick (forbes.com)

• Mastering Physical Security In Information Security (informationsecuritybuzz.com)

• Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)

• How to choose the best cyber security vendor for your business | ITPro

• Threat Actors are Exercising New Attack Techniques to Bypass Machine Learning Security Controls - Security Boulevard

• Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard

• Unlocking Security Architecture In Information Security (informationsecuritybuzz.com)

• How To Not Fly Blind With API Security (forbes.com)

• 6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard

• From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)

• Tracking Everything on the Dark Web Is Mission Critical (darkreading.com)

• Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)

• EDR vs. antivirus: What's the difference? | TechTarget

• SIEM vs XDR: Capabilities and Key Differences | MSSP Alert

• Using East–West Network Visibility to Detect Threats in Later Stages of MITRE ATT&CK (darkreading.com)

• 95% of companies face API security problems - Help Net Security

• Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK

Reports Published in the Last Week

• From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally | Business Wire

• The 2024 Sophos Threat Report: Cyber Crime on Main Street – Sophos News

• 2024 Thales Data Threat Report Reveals Rise in Ransomware Attacks, as Compliance Failings Leave Businesses Vulnerable to Breaches | Thales Group

• Equifax Releases 2023 Security Annual Report (prnewswire.com)

Other News

• At 35, the web is broken, but its inventor hasn't given up hope of fixing it yet | ZDNET

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• Government not facing up to CNI cyber risks, committee warns | Computer Weekly

• UK in ‘better position’ against cyber attacks, but most businesses not resilient | Evening Standard

• Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)

• The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (securityaffairs.com)

• Aviation sector, e-commerce platforms face separate cyber threats | SC Media (scmagazine.com)

• Public anxiety mounts over critical infrastructure resilience to cyber attacks - Help Net Security

• Change Healthcare hack highlights lack of medical industry’s cyber security - The Washington Post

• Cyber Security for Trustees: How to Reduce Risk and Respond to an Incident | Woodruff Sawyer - JDSupra

• How Can We Reduce Threats From the IABs Market? (darkreading.com)

• UK renewables firms facing up to 1,000 cyber attacks a day (energyvoice.com)

• Cyber Attacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine

• Cyber security is an urgent priority for the museums sector - Museums Association

• Meet America’s Most Cyber Secure Banks 2024 (forbes.com)

• Ethiopian Bank's Technical Glitch Lets Customers Withdraw Millions (ndtv.com)

• Making Sense of Operational Technology Attacks: The Past, Present, and Future (thehackernews.com)

• The Consequences for Schools and Students After a Cyber Attack - Security Boulevard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Mind The Gap: Mimecast Report Finds Humans Are Biggest Security Flaw

A global report from Mimecast has found that 74% of all cyber breaches are caused by human factors, including errors, misuse of access privileges or social engineering. Email remains the primary attack vector for cyber threats. Further, 67% of respondents expect AI-driven attacks to soon be the norm and 69% believe their company will be harmed by an attack.

No matter the size, sector or budget of an organisation, people remain a consistent risk factor. Even with strong technology controls, people can still be the risk that brings down the organisation. It is therefore important for organisations to integrate people into their cyber security investments. This should include awareness and education training, and fostering a cyber secure culture in the organisation.

Sources: [IT Security Guru] [Beta News] [Verdict]

Three-Quarters of Cyber Victim Are SMBs: Why SMBs are Becoming More Vulnerable

According to a recent Sophos report, over three-quarters of cyber incidents impacted smaller businesses in 2023, with ransomware having the largest impact. The research also found that in 90% of attacks, data or credential theft was involved and in 43%, data theft was the main focus.

The report found significant usage of initial access brokers; these are attackers whose speciality is to break into computer networks and sell ready-to-go access to other attackers. In fact, the report found that almost half of all malware detected in SMBs were malicious programs used to steal sensitive data and login credentials. Unfortunately, many SMBs struggle to keep up due to a lack of resources and budget; instead, they must be able to prioritise their cyber security efforts to get the most return on investment.

Sources: [Infosecurity Magazine]  [Help Net Security] [TechRadar] [Nairametrics] [TechTarget]

Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc

The Ipsos report on Cyber Security Skills in the UK Labour Market 2023 sheds light on the persistent challenges faced in recruiting, training, and retaining cyber security professionals across various domains. With approximately 739,000 businesses lacking basic cyber skills and 487,000 facing advanced skills gaps, the demand for trained professionals is escalating. The shortage of incident response skills highlights the need for comprehensive education and training programs. Senior management and board-level executives must also be equipped with the knowledge to manage incidents effectively, emphasising reporting, seeking external assistance, and maintaining a no-blame culture. Understanding cyber risks at the business level is crucial, as cyber crime has evolved into a well-organised industry with distinct roles and profit-sharing mechanisms among cyber criminal groups. Conducting tabletop incident response exercises can effectively prepare senior leadership for cyber incidents, ensuring a proactive and coordinated response to mitigate risks and safeguard organisational resilience.

Source: [TechRadar]

UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’

The recent response from the British government to warnings about the looming ransomware threat has sparked criticism, with accusations of adopting an "ostrich strategy" by downplaying the severity of the national cyber threat. Despite alarming assessments from the Joint Committee on the National Security Strategy (JCNSS) regarding the high risk of a catastrophic ransomware attack, the government's formal response has been met with scepticism. Key recommendations, such as reallocating responsibility for tackling ransomware away from the Home Office, were rejected, with the government arguing that its existing regulations and the current National Cyber Strategy were sufficient. This argument has raised concerns about the government's preparedness and resource allocation. With ransomware attacks escalating in the UK, the Committee underscores the urgency for a proactive national security response to mitigate the potentially devastating impacts on the economy and national security.

Source: [The Record Media]

Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024

Research conducted by the Identity Theft Resource Center (ITRC) found that 2023 set an all time high in data breaches, 72% more than the prior year. Separately, the Allianz Risk Barometer identified cyber incidents as the biggest global business threat for 2024, ranking above regulatory concerns, climate change and a shortage of skilled workers. It is crucial that the severity of this risk is reflected in the actions taken by organisations, who must effectively govern and implement their cyber security strategy.

Sources: [JDSupra]

Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture

Cyber security has become a pressing issue on financial institutions due to the rise in cyber attacks, as highlighted by the February attack on Bank of America via a third-party service. The involvement of the LockBit ransomware group underlines the persistent nature of these threats, particularly targeting the financial sector. These attacks disrupt services and undermine trust in the financial system, necessitating robust cyber security frameworks. The new US Securities and Exchange Commission (SEC) rule requiring immediate disclosure of cyber security incidents presents both benefits and challenges, calling for clear guidelines and industry-wide collaboration. BlackBerry’s Global Threat Intelligence Report revealed a staggering million attacks globally in just 120 days last year. These attacks, often using commodity malware, make up almost two-thirds of all industry-related incidents. The 27% increase in novel malware samples highlights the need for improved defences. These findings emphasise the need for AI-driven detection and defence strategies. While critical infrastructure remains a primary focus, commercial enterprises must remain vigilant, with a third of threats targeting various sectors, emphasising the pervasive nature of cyber threats across industries.

Source:[ SC Media] [TechRadar]

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

In a recent revelation, Microsoft disclosed that the Kremlin-backed threat group known as Midnight Blizzard successfully accessed some of Microsoft’s source code repositories and internal systems following a hack in January 2024. The breach, believed to have originally occurred in November 2023, exploited a legacy test account lacking multi-factor authentication by employing a password spray attack. Microsoft assured no compromise to customer-facing systems but warned of ongoing attempts by Midnight Blizzard to exploit stolen corporate email data. The extent of the breach remains under investigation, with concerns raised over the potential accumulation of attack vectors by the threat actor. The incident underscores the escalating sophistication of nation-state cyber threats and prompts a re-evaluation of security measures, highlighting the imperative for robust defences against such adversaries.

Source: [The Hacker News]

Independent Cyber Security Audits Are Powerful Tools for Boards

Board members are increasingly held accountable for their organisation's cyber posture, facing personal liability for lapses. To gain insight and demonstrate proactive leadership, independent cyber security audits have become indispensable. These audits not only aid in regulatory compliance but also uncover blind spots in the organisation's security measures. Recent regulations, such as by  the US Securities and Exchange Commission (SEC) underscore the imperative for robust cyber security oversight at the board level. The audit process involves defining the scope, conducting assessments, validating findings through simulations, and presenting comprehensive reports to leadership. By embracing cyber security audits, boards can fulfil their duty of overseeing and enhancing the organisation's cyber resilience in an ever-evolving threat landscape.

Source: [Bloomberg Law]

Navigating Cyber Security in The Era of Mergers

In today's landscape of frequent mergers and acquisitions (M&A), organisations grapple with the challenge of aligning cyber security measures across subsidiaries, posing a risk to overall security. According to an IBM survey, over one in three executives attribute data breaches to M&A activity during integration. This complexity arises as security teams may lack insight into subsidiary infrastructure, hindering risk assessment and mitigation efforts. Historical incidents like the NotPetya attack on Merck and the Talk Talk hack highlight vulnerabilities post-acquisition, emphasising the need for a proactive approach to subsidiary cyber security. To address these challenges, organisations must conduct comprehensive risk assessments, standardise security protocols, foster collaboration, and consider unified security platforms. By proactively addressing visibility gaps and implementing standardised protocols, organisations can fortify their defences against evolving cyber threats amidst M&A activities.

Source: [Forbes]

Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm

According to a recent report, 76% of organisations were compromised by QR-code phishing in the last 12 months. Along with this, there has also been a rise in the number of sophisticated vishing attacks, with recent attacks costing organisations millions. The introduction of artificial intelligence has only added fuel to this fire already impacting security controls such as call-back procedures. With the tactics of phishing evolving, organisations need to ensure they are up-to-date and that employees are trained effectively to mitigate the risk of these.

Sources: [Help Net Security] [Dark Reading]

Governance, Risk and Compliance

• Cyber Security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Three-Quarters of Cyber Incident Victims Are Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• Still on Top: Cyber Security Incidents Ranked #1 Global Business Threat in 2024 | Dinsmore & Shohl LLP - JDSupra

• Navigating Cyber Security In The Era Of Mergers (forbes.com)

• SMEs invest in tech opportunities but risk missing security safeguards (betanews.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• The CISO Role Is Changing. Can CISOs Themselves Keep Up? (darkreading.com)

• New Risk for Weary CISOs: Becoming the Scapegoat After Cyber Criminals Strike | Corporate Counsel (law.com)

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behavior and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• OODA Loop - How To Properly Cut Your Cyber Security Budget

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos: Remote ransomware attacks on SMBs increasing | TechTarget

• UK government’s ransomware failings leave country ‘exposed and unprepared’ (therecord.media)

• Prescribing Security: Why Healthcare Companies Should Take Note of Recent Ransomware Attack | Dinsmore & Shohl LLP - JDSupra

• BianLian Threat Actor Shifts Focus to Extortion-Only Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding the multi-tiered impact of ransomware. (thecyberwire.com)

• Ransomware tracker: The latest figures [March 2024] (therecord.media)

• Cyber attack costing hospitals millions - The Boston Globe

• British authorities have never detected a breach of ransomware sanctions — but is that good or bad news? (therecord.media)

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

• Businesses leaving their Kubernetes containers exposed to ransomware | TechRadar

• StopCrypt: Most widely distributed ransomware now evades detection (bleepingcomputer.com)

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

Ransomware Victims

• British Library’s legacy IT blamed for lengthy rebuild • The Register

• British Library shares lessons from cyber attack | UKAuthority

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Stanford University failed to detect intruders for 4 months • The Register

• Stanford says data from 27,000 people leaked in September ransomware attack (therecord.media)

• Law Firm Sues MSP Over Black Basta Ransomware Attack | MSSP Alert

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care (claimsjournal.com)

• Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages (voanews.com)

• UnitedHealth Sets Timeline to Restore Change Healthcare Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Belgian village whose brewery was hit by cyber attack faces another on its coffee roastery (therecord.media)

• Nissan confirms ransomware attack exposed data of 100,000 people (bleepingcomputer.com)

• Child protection among critical services affected by cyber attack on English council (therecord.media)

• Equilend warns employees their data was stolen by ransomware gang (bleepingcomputer.com)

Phishing & Email Based Attacks

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Image-based phishing tactics evolve - Help Net Security

• Phishing Threats Rise as Malicious Actors Target Messaging Platforms - Security Boulevard

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

• What is phishing? Examples, types, and techniques | CSO Online

• New email standards: what you need to know | TechRadar

Other Social Engineering

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Sophisticated Vishing Campaigns Take World by Storm (darkreading.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

Artificial Intelligence

• AI Poses Extinction-Level Risk, State-Funded Report Says | TIME

• Cyber crime underworld has removed all the guardrails on AI frontier

• Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data (darkreading.com)

• Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data - Security Boulevard

• Cyber attackers are threatening businesses with AI, says Microsoft (qz.com)

• Intelligence officials warn pace of innovation in AI threatens US | CyberScoop

• How advances in AI are impacting business cyber security - Help Net Security

• NCSC Blog - AI and cyber security: what you need to know (techuk.org)

• Are Global Companies Equipped to Tackle Emerging AI-Driven Cyber Threats? New Study Reveals Insights | Cryptopolitan

• 4 types of prompt injection attacks and how they work | TechTarget

• How data poisoning attacks work | TechTarget

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• How to craft a generative AI security policy that works | TechTarget

2FA/MFA

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Keyloggers, spyware, and stealers dominate SMB malware detections - Help Net Security

• SMBs are being hit with more malware attacks than ever, and many can't keep up | TechRadar

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

• Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)

• Botnets: The uninvited guests that just won’t leave | CSO Online

• Hackers using Weaponized PDF Files to Deliver Remcos RAT (cybersecuritynews.com)

• RedLine malware top credential stealer of last 6 months | SC Media (scmagazine.com)

• Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT (darkreading.com)

Mobile

• Blog: Why Hackers Love Phones - Keep your Eye on the Device - Security Boulevard

• SIM swappers hijacking phone numbers in eSIM attacks (bleepingcomputer.com)

• PixPirate Android malware uses new tactic to hide on phones (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• French government sites disrupted by très grande DDOS • The Register

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

• RIA: Estonia's state institutions hit by largest cyber attack to date | News | ERR

• The Growing Threat of Application-Layer DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks reach critical levels in 14 seconds | Security Magazine

Internet of Things – IoT

• Internet of Risks: Cyber Security Risk in the Internet of Things | UpGuard

• Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors - Security Week

• The S in IoT stands for security • The Register

• Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk (darkreading.com)

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

Data Breaches/Leaks

• Data Breaches up 72% From Record High: Cyber Incident Readiness Must be Top of Mind | Epiq - JDSupra

• Jersey regulator's data breach leaks names and addresses - BBC News

• Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware (bleepingcomputer.com)

• Okta denies it was hacked again after data appears on hacking site | TechRadar

• Over 12 million auth secrets and keys leaked on GitHub in 2023 (bleepingcomputer.com)

• French unemployment agency data breach impacts 43 million people (bleepingcomputer.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

Organised Crime & Criminal Actors

• How to Identify a Cyber Adversary: Standards of Proof (darkreading.com)

• How to Identify a Cyber Adversary: What to Look For (darkreading.com)

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Bitcoin Fog mixer operator convicted for laundering $400 million (bleepingcomputer.com)

• US Seizes $1.4 Million in Cryptocurrency From Tech Scammers - Security Week

Insider Risk and Insider Threats

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Insider threats can damage even the most secure organisations - Help Net Security

• Your tech tools won’t save you from cyber threats | TechRadar

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• Meta Sues Former VP After Defection to AI Startup - Infosecurity Magazine (infosecurity-magazine.com)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

Insurance

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

Supply Chain and Third Parties

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Industry: Act Now To Secure the Solutions You Offer the Military | AFCEA International

Cloud/SaaS

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• How Not to Become the Target of the Next Microsoft Hack (darkreading.com)

• Cloud Account Attacks Surged 16-Fold in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

• Cloud security vs. network security: What's the difference? | TechTarget

Encryption

• Building The Defence Sector's Quantum Threat Resilience (forbes.com)

• Are private conversations truly private? A cyber security expert explains how end-to-end encryption protects you (theconversation.com)

Linux and Open Source

• How to Ensure Open Source Packages Are Not Landmines (darkreading.com)

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Russian Hackers Are Weaponizing Stolen Microsoft Passwords (claimsjournal.com)

• Overcoming the threat of account takeover fraud (securitybrief.co.nz)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leverage document publishing sites for ongoing credential and session token theft (talosintelligence.com)

• LastPass suffers worldwide outage causing site 404 error - 9to5Mac

Social Media

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Meta sues “brazenly disloyal” former exec over stolen confidential docs | Ars Technica

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

Training, Education and Awareness

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

Regulations, Fines and Legislation

• Everything you need to know about the EU's Cyber Solidarity Act | ITPro

• Cyber Security: European Parliament adopts Cyber Resilience Act at first reading | Practical Law (thomsonreuters.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• The New Hacker Playbook: Weaponizing the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra

Models, Frameworks and Standards

• 4 Security Tips From PCI DSS 4.0 Anyone Can Use (darkreading.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

Backup and Recovery

• Immutability: A boost to your security backup (betanews.com)

Data Protection

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• How do you lot feel about Pay or OK model, ICO asks Brits • The Register

Careers, Working in Cyber and Information Security

• Half of firms struggling to hire cyber security experts (securitybrief.co.nz)

• UK Council's Vision: Set High Standards in Cyber Security (govinfosecurity.com)

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

• Cyber security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

• How To Overcome The Machismo Problem In Cyber Security (forbes.com)

Law Enforcement Action and Take Downs

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

• WEF effort to disrupt cyber crime moves into operations phase • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

• Five Eyes publish report on Volt Typhoon. Volt Typhoon targets emergency management services in the US. (thecyberwire.com)

• Chinese company at the centre of Biden's US port crane order denies it's a security threat | Fortune Asia

• Lithuania security services warn of China's espionage against the country (securityaffairs.com)

• Chinese Cyber Crime: Discretion Is the Better Part of Valor (databreachtoday.co.uk)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

Russia

• Microsoft says Russian hackers stole source code after spying on its executives - The Verge

• Microsoft says Russian hackers breached its systems, accessed source code (bleepingcomputer.com)

• Microsoft: Russians are using stolen information to breach company’s systems (therecord.media)

• Microsoft says it hasn't been able to evict Russian state hackers | AP News

• Why Cyber Attacks on Ukrainians Aren’t Working the Way Russia Expected - Carnegie Endowment for International Peace

• Kremlin accuses US of plotting election-day cyber attack • The Register

• Major operation under way to identify source of Russian attack that 'jammed signals' on... - LBC

• First-ever South Korean national detained for espionage in Russia (securityaffairs.com)

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

North Korea

• Japan Blames North Korea for PyPI Supply Chain Cyber Attack (darkreading.com)

Vulnerability Management

• How to Streamline the Vulnerability Management Life Cycle - Security Boulevard

• Researchers expose Microsoft SCCM misconfigs usable in cyber attacks (bleepingcomputer.com)

• Former CISA Dir. Krebs on cyber threats: Microsoft and others are 'hanging on by a thread' right now (cnbc.com)

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

Vulnerabilities

• Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (thehackernews.com)

• Adobe Patches Critical Flaws in Enterprise Products - Security Week

• Major CPU, Software Vendors Impacted by New GhostRace Attack - Security Week

• Critical Fortinet flaw may impact 150,000 exposed devices (bleepingcomputer.com)

• Fortinet Releases Security Updates for Multiple Products | CISA

• SAP Patches Critical Command Injection Vulnerabilities - Security Week

• Cisco addressed severe flaws in its Secure Client (securityaffairs.com)

• 5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw - Security Boulevard

• New cyber crime crew Magnet Goblin caught exploiting Ivanti • The Register

• Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory (darkreading.com)

• CISA confirms compromise of its Ivanti systems | TechTarget

• Threat actors breached two crucial systems of the US CISA (securityaffairs.com)

• Researchers found multiple flaws in ChatGPT plugins (securityaffairs.com)

• QNAP warns its NAS devices are facing a critical security flaw — but a patch is available, so update now | TechRadar

• Exploited Building Access System Vulnerability Patched 5 Years After Disclosure - Security Week

Tools and Controls

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• NSA's Zero-Trust Guidelines Focus on Segmentation (darkreading.com)

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• Expert Cyber Security Strategies For Protecting Remote Businesses (forbes.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• 10 cloud security tips every IT leader should know | ITPro

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• Cloud security vs. network security: What's the difference? | TechTarget

• Immutability: A boost to your security backup (betanews.com)

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

• How teams can improve incident recovery time to minimize damages - Help Net Security

• New email standards: what you need to know | TechRadar

• Creating Security Through Randomness (darkreading.com)

• AI and the future of corporate security - Help Net Security

Reports Published in the Last Week

• The State of Email & Collaboration Security 2024 | Mimecast

Other News

• The rise of cyber attacks on financial institutions highlight the need to build a security culture   | SC Media (scmagazine.com)

• Finance sector facing huge amount of cyber attacks that could leave it on its knees | TechRadar

• French state services hit by cyber attacks of 'unprecedented intensity' (france24.com)

• US Intelligence Predicts Upcoming Cyber Threats for 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Better Safe Than Sorry: Making Cyber Security a Priority | HealthLeaders Media

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Pi Day: How Hackers Slice Through Security Solutions - Security Boulevard

• 78% of MSPs state cyber security is a prominent IT challenge | Security Magazine

• No, 'Leave the World Behind' and 'Civil War' Aren’t Happening Before Your Eyes | WIRED

• Maritime cyber security: threats and challenges - Port Technology International

• What resources do small utilities need to defend against cyber attacks? | CyberScoop

• 10 free cyber security guides you might have missed - Help Net Security

• Using the wrong font could be a major security problem — and possibly not for the reason you might think | TechRadar

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.